On Thu, Feb 26, 2015, Piotr ??obacz wrote: > Hello, > i have a question about FIPS CTR_DRBG. I have managed to compile openssl > with fips and everything works fine. The method FIPS_mode returns me 1 > so i am in FIPS mode, but what is my problem i dunno how to use properly > FIPS_drbg api. If you simply want to use the DRBG in CTR mode then you don't need to do anything special: in FIPS mode the DRBG in CTR mode with a 256 bit AES key is the default and you can just use the normal RAND APIs. Do not use the self test or algorithm test code in applications: you need to set up proper entropy gathering callbacks and the test code contains deterministic examples which would have zero security in a real application. That's what the RAND API will do by default. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
