Yes, i have read that RAND API will use CTR_DRBG by default but what if i want to have set seed and than calculate and have the same results on two different machines? As far as i understand if i set seed - which is calculated from entropy, nonce and personal string - if it is given i should get some deterministic value of returned buffer and RAND_bytes doesn't give me such result it is always different. Correct me if i am wrong. Dnia 2015-02-26, czw o godzinie 13:28 +0000, Dr. Stephen Henson pisze: > On Thu, Feb 26, 2015, Piotr ??obacz wrote: > > > Hello, > > i have a question about FIPS CTR_DRBG. I have managed to compile openssl > > with fips and everything works fine. The method FIPS_mode returns me 1 > > so i am in FIPS mode, but what is my problem i dunno how to use properly > > FIPS_drbg api. > > If you simply want to use the DRBG in CTR mode then you don't need to do > anything special: in FIPS mode the DRBG in CTR mode with a 256 bit AES key is > the default and you can just use the normal RAND APIs. > > Do not use the self test or algorithm test code in applications: you need to > set up proper entropy gathering callbacks and the test code contains > deterministic examples which would have zero security in a real application. > That's what the RAND API will do by default. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- ________________________________________________________________________ Piotr ?obacz Biuro System?w i Oprogramowania RADMOR S.A. tel. (58) 6996 929 e-mail: piotr.lobacz at radmor.com.pl www.radmor.com.pl RADMOR S.A., ul. Hutnicza 3, 81-212 Gdynia NIP: 586-010-21-39 REGON: 190432077 KRS: 0000074029 (S?d Rejonowy Gda?sk-P??noc w Gda?sku) Kapita? zak?adowy wp?acony: 9 282 830 PLN
