On Mon, Sep 19, 2011, alok sharma wrote: > Hi Jacob, > Thanks for such a detailed reply. But I am having one concern that how > an application can know whether it si secure or not. Fips uses > GetSystemTimeAsFileTime() for PRNG test which is having granuality of 1 ns, > but my application is running even at faster rate so same value is being > generated for current as well as for last request. Is there any provision > inside Openssl which ensures that unique randon numbers will be generated or > application need to add some delay for each new connection request. > Regards, >
OpenSSL uses more than just GetSystemTimeAsFileTime it also makes use of a counter value which is incremented on each use. This is all done under a lock so the values should never repeat even if the time value does. If you are getting continuous PRNG test failures then I suspect your locking callbacks aren't functioning correctly and you are getting race conditions. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org