Hi. I'm working on FIPS-validating a product using OpenSSL (but with a crypto module spanning wider, so we can't easily use the OpenSSL crypto module). During code review, some questions about the RNG tests have come up. Most specifically, from what I can read, SP 800-90 requires that (in 11.3.4) the reseed function shall perform a known-answer test before reseeding, and from what I can read in the code, this doesn't happen.
Is there a reason for this? -- Henrik Grindal Bakken <[email protected]> PGP ID: 8D436E52 Fingerprint: 131D 9590 F0CF 47EF 7963 02AF 9236 D25A 8D43 6E52 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
