Recommended sequence for FIPS_mode_set(), RAND_load_file() and SSL_library_init()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Recommended sequence for FIPS_mode_set(), RAND_load_file() and SSL_library_init()

pratyush parimal
Hi everyone,

I'm writing an application which can operate in FIPS mode, for which I'm calling FIPS_mode_set().
At one point, I'm also seeding the PRNG using RAND_load_file() so I can generate random bytes later.

What I'm unsure about is that for FIPS mode operation, am I required to do the seeding after calling FIPS_mode_set() or is it OK for me to call it before as well?

Also, what about the calls to initialization functions like SSL_library_init() ?

I'd really appreciate if someone could help me understand the proper sequence of these function calls from a FIPS 140-2 compliance perspective.

Thanks in advance!
Pratyush

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users