As part of my EIP93 crypto module I would like to implement the PRNG. This is intented to be used to automaticly insert an IV for IPSEC / full ESP processing, but can be used "just as PRNG" and its full ANSI X9.31 compliant. Looking over the code in "ansi_cprng.c" I can implement the none "FIPS" part since it doesnt require a reseed everytime. For full FIPS it needs to be seeded by the user which means if I do this in Hardware I can not "switch" seeds or reseed with another one from another context becasue that would not give the expected results. Is it acceptable to only implement "none-fips" and/or return an error (-EBUSY ?) when more than 1 call occurs to "cra_init" before the previous user called "cra_exit" ? Richard
