Am Donnerstag, 16. Januar 2014, 15:55:36 schrieb Florian Weimer: Hi Florian,
>On 01/16/2014 03:42 PM, Florian Weimer wrote: >> On 01/16/2014 03:39 PM, Florian Weimer wrote: >>> I still propose to get rid of the time() call (md_rand-time.patch, >>> AFAICT num == 0 at this point, so I pulled the initialization out of >>> the loop). >> >> Disregard the patches, this doesn't work. > >These patches should be better. Overall, things are still the same: >the first patch removes the call to time(), and the second patch uses >OPENSSL_rdtsc() as a fallback if RDRAND is not available. > >I don't know what kinds of changes are acceptable to the FIPS PRNG. >From a FIPS 140-2 regulations perspective, there are no special considerations needed for this scenario. Thus, mixing the time stamp into those DRNGs is no problem either. Ciao Stephan ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
