Hi Steve, thanks for the quick reply!
Are you sure you really want to try calling FIPS_*() functions directly? Well, probably not. Let me describe what I want. I'm trying to model (and understand the operation) of the upcoming RdRand instruction: http://en.wikipedia.org/wiki/RdRand In one part it's using CTR_DRBG RNG compliant with SP 800-90. Right now I'm using the code written by Henric Jungheim and adapted by Yair Elharrar to work with OPENSSL as posted at http://www.mail-archive.com/openssl-dev@openssl.org/msg28758.html However, the code is not validated and it's using derivation function which is not used by Intel. Yair has then mentioned that CTR_DRBG RNG is now implemented in "OpenSSL FIPS Object Module 2.0". I was not able to find it in a regular tar balls, so I have downloaded CVS and found the functions in fips_drbg_ctr.c Now, the problem is that I do not know how to use it. I have even started to think about to take only the file fips_drbg_ctr.c and write a minimal header file so that I can use it. Could you please help me out? How can I use CTR_DRBG RNG? Thanks a lot! Jiri On Mon, Sep 12, 2011 at 1:54 PM, Steve Marquess < marqu...@opensslfoundation.com> wrote: > ** > On 09/12/2011 05:27 AM, Jiri Hladky wrote: > > Hello, > > I would like to use CTR DRBG random number generator. It's part of > the FIPS-2. > > I have downloaded the CVS tree and found fips_rand.h which defines > functions I would like to use: > > FIPS_drbg_init > FIPS_drbg_instantiate > FIPS_drbg_generate > FIPS_drbg_reseed > > However, I'm not able to link these functions with my application. I have > compiled openssl using sources from CVS > > ./config > make > make check > make install > > but in the installation directory I'm missing > fips_rand.h > I have also checked the functions which are ready in openssl library but > the functions above are missing there. > > can you please give me a hint how to compile FIPS-2 and link it with my > application? > > Thanks a lot! > Jiri > > > I assume that by "FIPS-2" you mean the "OpenSSL FIPS Object Module 2.0" > that is now in the middle of the FIPS 140-2 validation process. > > Are you sure you really want to try calling FIPS_*() functions directly? > That's not an intended use of the FIPS module. It is designed for use via > the standard API of a "FIPS capable" OpenSSL. > > As for building, see > http://www.mail-archive.com/openssl-dev@openssl.org/msg29421.html. > > -Steve M. > > -- > Steve Marquess > OpenSSL Software Foundation, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA+1 877-673-6775marqu...@opensslfoundation.com > >
