On Thu, Aug 22, 2013, Bodo Moeller wrote: > > > (So we probably should use the current time in addition to the PID to > > get a > > > general solution to the PID wrap-around problem even on systems where > > > actual independent reseeding isn't possible.) > > > > The FIPS PRNG uses a combination of PID, a counter and a form of system > > timer > > for the DT vector which is used on every invocation (a requirement of the > > standard). > > > Oh, good. (I guess it was before the NIST SP 800-90A deterministic random > bit generator that we couldn't use PID at all in NIST mode?) Using the > same inputs with the different PRNGs certainly would make sense.
It's the function FIPS_get_timevec the FIPS module uses BTW. It was only the original triple DES based X9.31 PRNG which couldn't use the PID for the DT value, because it was only 64 bits in size (equal to the block size). That only applied to OpenSSL 0.9.7 and the 1.1 version module. The 1.2 module (for OpenSSL 0.9.8) used AES for the PRNG which left an extra 64 bits for the PID. With the SP800-90A DRBG a DT isn't part of the standard but "additional input" can be used whenever the generate function is called. OpenSSL 1.0.1 RAND interface to the DRBG uses that to include the DT value. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
