> From: jonetsu <jonetsu at teksavvy.com> > Date: 03/26/15 11:11 > ? Is FIPS_mode_set(1) taking care of setting up a default DRBG ?? Yes. It does.? When using post_cb() from fips_test_suite.c in for instance the fips_hmac.c demo, with only but a FIPS_mode_set(1) call, it is reported that the four DRBGs are tested: DRBG AES-256-CTR DF, DRBG AES-256-CTR, DRBG SHA256 and DRBG HMAC-SHA256, amongst others. After FIPS_mode_set(1) is executed along with the POST tests, a call to RAND_pseudo_bytes() will not run the tests again.? In this context, when do occur the DRBG continuous tests as shown in table 6b of the 2.0.9 Security Policy ?? Is there a need to actually call FIPS_selftest() ? Regards.
