On Mon, May 13, 2013, Leon Brits wrote: > Hi all, > > We have a chip (a RNG) which generates randomness at 250kbps and would like > this to seed a customer selected type of DRBG so that the customer can get > randomness which is FIPS certified. > I've read the FIPS user guide to implement a structure to switch between the > four types of DRBGs based on the customer selection. > I've setup the getEntropy() callback functions per DRBG type context to read > entropy data from 'n file pointer at which the RNG data is available. I will > instantiate() and uninstantiate() a DRBGs based on the customer selection > during initialization of my library. > So my questions are: > > 1. How does the application now access the randomness (normal RAND_* > commands)? > >
If you set up the default DRBG to use your entropy gathering technique then calls to RAND_* will use it. > 2. In my case, what is the purpose of FIPS_drbg_reseed() and > FIPS_drbg_generate()? Should I provide a customer interface to them? Will > they need it? These apply to the separate instantiations of a DRBG. If you just use the default DRBG then the calls are made automatically. If you want an independent DRBG then you have to use those calls to generate random data. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
