Hello, I tried a simple test to see if FIPS mode would fail, using the example given in the FIPS user guide 2.0. The test consisted of replacing the /dev/random and /dev/urandom with /dev/zero. I would have expected that no source of randomness would make the tests ran at the call of FIPS_mode_set(1) fail.
ex.: cd dev rm random mknod -m 666 /dev/random c 1 5 Verify presence of zeroes all over: cat /dev/random | xxd ./fips_hmac fips_hmac.o If added a ret value to catch the return code from FIPS_mode_set(1). Random or no random, it always returns 1. Shouldn't randomness be an important part of the power-up tests ? I understand there are continuous RNG tests within OpenSSL FIPS mode, although 'later on' (eg. continuous). Wouldn't these tests be part of the power-up sequence as called by FIPS_mode_set(1) also ? Thanks. _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
