I'm using FIPS OpenSSL on Android and it FIPS_rand_bytes() fails continuous test after sometime. I read in the SecurityPolicy that if it fails then we need to uninstantiate and re-instantiate the DRBG.
Few questions: 1. Is there any way to avoid this? Will using HMAC DRBG or Hash DRBG help? 2. Is this a FATAL error? 3. If we hit this error, do we need to restart the process or just uninstantiate/re-instantiate is enough? Version info: FIPS canister: 2.0.1 OpenSSL: 1.0.1c Thanks, Karan -- View this message in context: http://openssl.6102.n7.nabble.com/FIPS-OpenSSL-default-DRBG-continuous-test-failing-tp46646.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
