Hello, Does RAND_bytes() now defaults to the full implementation of NIST SP 800-90 DRBG, while in FIPS mode with the latest FIPS-capable OpenSSL 1.0.1?
Per code inspection, that is what it looks like. But just wanted to double check to be 100% certain. If that is the case, is the continuous PRNG test done only in the fips_get_entropy() call in fips/rand/fips_drbg_lib.c? Also, what are sources of entropy and how much entropy is it gathered for the RNG's use? And lastly, is fips_get_entropy() called only when RAND_seed() or FIPS_mode_set() is called? In essence, I I am trying to understand exactly when is the continuous PRNG test is called. Thanks! Bill ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
