Dear Mr. Henson,
sorry for bothering you again with my question: is there a reason why the FIPS_drbg_*()
functions are not exported from libeay32.dll on Windows, although they are officially
documented in the OpenSSL FIPS 2.0 User Guide? Aren't they intended to be used by
application developers?
Thank you in advance,
Regards,
Matthias St. Pierre
On 08/26/2015 05:14 PM, Dr. Matthias St. Pierre wrote:
>
> Dear Mr. Henson,
>
> I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable libeay32.dll
> does not export any of the FIPS_drbg_*() functions, although they are officially
> documented by the OpenSSL FIPS 2.0 User Guide.
>
> Is this an oversight or was this done on purpose? (IOW, is it a bug or a feature? ;-)
>
> I checked the git repository and found out that the symbols are listed in util/libeay.num
> on the master branch but are missing on the OpenSSL_1_0_2-stable and OpenSSL_1_0_1-stable
> branch (see [1]).
>
> In fact, the entire log of the OpenSSL_1_0_{1,2}-stable branch shows no indication that these
> symbols were ever added to or removed from libeay.num (see [2]).
>
> This is strange, because the symbols were initially added by you in the following commit,
> where you state that symbol ordinals are in sync with the 1.0.1 stable branch.
>
> commit 7bd4095b127f7376bafd9010c45673c7d354fe81
> Author: Dr. Stephen Henson <steve at openssl.org>
> Date: Sun Oct 9 15:29:43 2011 +0000
>
> Sync ordinals with 1.0.1-stable.
>
>
> It would be nice if you could be so kind to shed some light on this to clear up my confusion.
>
> Best regards,
> MSP
>
>
>
> [1] ~/src/openssl$ git checkout master
> Switched to branch 'master'
> Your branch is up-to-date with 'origin/master'.
>
> ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
> FIPS_drbg_set_check_interval 4808 NOEXIST::FUNCTION:
> FIPS_drbg_set_callbacks 4811 NOEXIST::FUNCTION:
> FIPS_drbg_free 4812 NOEXIST::FUNCTION:
> FIPS_drbg_get_strength 4813 NOEXIST::FUNCTION:
> FIPS_drbg_set_reseed_interval 4814 NOEXIST::FUNCTION:
> (...)
>
> ~/src/openssl$ git checkout OpenSSL_1_0_2-stable
> Switched to branch 'OpenSSL_1_0_2-stable'
> Your branch is up-to-date with 'origin/OpenSSL_1_0_2-stable'.
>
> ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
> <no output>
>
>
> [2] ~/src/openssl$ git log -p OpenSSL_1_0_2-stable -- util/libeay.num | grep FIPS_drbg_
> <no output>
>
> ~/src/openssl$ git log -p OpenSSL_1_0_1-stable -- util/libeay.num | grep FIPS_drbg_
> <no output>
>
> msp at msppc:~/src/openssl$ git log -p master -- util/libeay.num | grep FIPS_drbg_
> FIPS_drbg_set_check_interval 4808 NOEXIST::FUNCTION:
> FIPS_drbg_get_app_data 4870 NOEXIST::FUNCTION:
> FIPS_drbg_get_app_data 4870 NOEXIST::FUNCTION:
> FIPS_drbg_set_check_interval 4808 NOEXIST::FUNCTION:
> -FIPS_drbg_set_check_interval 4685 EXIST:OPENSSL_FIPS:FUNCTION:
> -FIPS_drbg_set_rand_callbacks 4687 EXIST:OPENSSL_FIPS:FUNCTION:
> <more output ...>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
