From: Henrik Grindal Bakken
Sent by: owner-openssl-...@openssl.org
Date: 08/16/2011 05:50PM
Subject: Re: Reseed testing in the FIPS DRBG implementation
"Dr. Stephen Henson" writes:
> The OpenSSL DRBG implementation tests all variants during the POST
> and also
en Sent by: owner-openssl-...@openssl.orgDate: 08/16/2011 05:50PMSubject: Re: Reseed testing in the FIPS DRBG implementation"Dr. Stephen Henson" writes:> The OpenSSL DRBG implementation tests all variants during the POST> and also tests specific versions on instantiation. That incl
"Dr. Stephen Henson" writes:
> The OpenSSL DRBG implementation tests all variants during the POST
> and also tests specific versions on instantiation. That includes an
> extensive health check and a KAT. So in that sense there will be two
> KATs before a reseed takes place but no KAT immediately
On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
> "Dr. Stephen Henson" writes:
>
> > On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
> >
> >>
> >> Hi. I'm working on FIPS-validating a product using OpenSSL (but with
> >> a crypto module spanning wider, so we can't easily use the OpenSSL
"Dr. Stephen Henson" writes:
> On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
>
>>
>> Hi. I'm working on FIPS-validating a product using OpenSSL (but with
>> a crypto module spanning wider, so we can't easily use the OpenSSL
>> crypto module). During code review, some questions about the R
On Wed, Aug 03, 2011, Henrik Grindal Bakken wrote:
>
> Hi. I'm working on FIPS-validating a product using OpenSSL (but with
> a crypto module spanning wider, so we can't easily use the OpenSSL
> crypto module). During code review, some questions about the RNG
> tests have come up. Most specifi
Hi. I'm working on FIPS-validating a product using OpenSSL (but with
a crypto module spanning wider, so we can't easily use the OpenSSL
crypto module). During code review, some questions about the RNG
tests have come up. Most specifically, from what I can read, SP
800-90 requires that (in 11.3.