Chris Brook wrote
>I presume that running Known Answer Tests (KATs) on all crypto
>algorithms + PRNG is also required at startup, or is this included
>in FIPS-mode_set()?
There are KATs for AES, DES, DSA, and SHA1. These are triggered by
FIPS_mode_set() or FIPS_selftest(). PRNG has continuous tests, not
KATs. You can see this in the source code, in OpenSSL_0_9_7-stable.
-Steve M.
Steve Marquess
DMLSS Technical Manager
JMLFDC, 623 Porter Street, Ft. Detrick, MD 21702
DSN 343-3933, COM 301-619-3933, FAX 301-619-7831
[EMAIL PROTECTED]
