I have a question related to the FIPS validated openssl implementation. Page 36 of FIPS PUB 140-2 states that, "If each call to a RNG produces blocks of n bits (where n>15), the first n-bit block generated after power-up, initialization, or reset shall not be used, but shall be saved for comparison with the next n-bit block to be generated. Each subsequent generation of an n-bit block shall be compared with the previously generated block. The test shall fail if any two compared n-bit blocks are equal."
Maybe I am missing something but in fips_rand_byes() in fips_rand.c of openssl-fips-1.1.1 the first block is used and not just saved for comparison. The function just checks if any two blocks are equal. Is this performed someplace else? I can't imagine after all the scrutiny that openssl when through that the FIPS validation lab missed this. Thanks, Jon __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
