Hi All, I was asked the details of OpenSSL's FIPS generator. Looking at fips.{h|c} and fips_rand.{h|c} from OpenSSL's 1.0.x, is see its still X9.31 using AES (I believe TDEA was used in the past).
What I can't seem to follow is how `static FIPS_PRNG_CTX sctx` is initialized, so I can't tell if its AES128/AES192/AES256. Following fips_rand_prng_reset, it appears to be called by FIPS_x931_reset. But neither initialize the static `FIPS_PRNG_CTX sctx` structure, so I can't see the parameters for the structure's `AES_KEY ks;` >From a higher level, I also can't see where functions from fips.{h|c} initialize the generator, including fips_set_mode and FIPS_module_mode. Could anyone point out what I seem to be missing? Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org