Hello, ? I tried a simple test to see if FIPS mode would fail, using the example given in the FIPS user guide 2.0.? The test consisted of replacing the /dev/random and /dev/urandom with /dev/zero.? I would have expected that no source of randomness would make the tests ran at the call of FIPS_mode_set(1) fail. ex.: cd dev rm random mknod -m 666 /dev/random c 1 5 Verify presence of zeroes all over: cat /dev/random | xxd ./fips_hmac fips_hmac.o If added a ret value to catch the return code from FIPS_mode_set(1).? Random or no random, it always returns 1.? Shouldn't randomness be an important part of the power-up tests ?? I understand there are continuous RNG tests within OpenSSL FIPS mode, although 'later on' (eg. continuous). Wouldn't these tests be part of the power-up sequence as called by FIPS_mode_set(1) also ? Thanks.
