Hi, If we check the DRBG specifications - http://csrc.nist.gov/groups/STM/cavp/documents/drbg/DRBGVS.pdf For cases with prediction resistance enabled, each trial consists of the following functions called in sequence: (1) instantiate drbg (2) generate ReturnedBitsLen random bits, do not print (3) generate ReturnedBitsLen random bits, print out (4) uninstantiate Also in fips_drbgvs.c if (gen == 2) { OutputValue("ReturnedBits", randout, randoutlen, out, 0); FIPS_drbg_free(dctx); dctx = NULL; gen = 0; } What is reason to call the FIPS_drbg_generate twice? Why do we need to call generate function twice? thanks, Bala
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org