On Fri, Sep 27, 2013, nehakochar wrote:
>
> What could be the possible causes of the continuous RNG test to fail for the
> default DRBG in FIPS-mode?
It should never happen in practice unless something bad has happened such as
memory corruption. For example there is a variable which simulates a
In the FIPS User Guide (http://www.openssl.org/docs/fips/UserGuide-2.0.pdf),
there is example to set the default DRBG type. It uses DRBG type as
NID_hmac_WithSHA256, but it should be NID_hmacWithSHA256.
Example from UserGuide:
./config -DOPENSSL_DRBG_DEFAULT_TYPE=NID_hmac_WithSHA256 \
-DOPENSSL_DR
