I am using the openssl fips version for my application.So, I have not made
any change in openssl or Fips code. Just enabling fips and using SSL API
exposed for client server model. But through debugger I have found that my
application is crashing giving error message inside Fips_rand() at following
line.
fips_rand()
{
.............................
............................
if (!ctx->test_mode)
fips_get_dt(ctx);
AES_encrypt(ctx->DT, I, &ctx->ks);
for (i = 0; i < AES_BLOCK_LENGTH; i++)
tmp[i] = I[i] ^ ctx->V[i];
AES_encrypt(tmp, R, &ctx->ks);
for (i = 0; i < AES_BLOCK_LENGTH; i++)
tmp[i] = R[i] ^ I[i];
AES_encrypt(tmp, ctx->V, &ctx->ks);
/* Continuous PRNG test */
if (ctx->second)
{
if (fips_prng_fail){
memcpy(ctx->last, R, AES_BLOCK_LENGTH);
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
}
if (!memcmp(R, ctx->last, AES_BLOCK_LENGTH))
<-----------------------------
-------------- The check is failing as the current encrypted and last one
are same
{
RANDerr(RAND_F_FIPS_RAND,RAND_R_PRNG_STUCK);
ctx->error = 1;
fips_set_selftest_fail();
return 0;
}
}
memcpy(ctx->last, R, AES_BLOCK_LENGTH);
Regards,
Alok
On Fri, Sep 23, 2011 at 4:46 PM, Dr. Stephen Henson <st...@openssl.org>wrote:
> On Fri, Sep 23, 2011, alok sharma wrote:
>
> > Hi,
> > So is there any method on Windows to generate non-predictable
> > randomnumbers. I think mostly FileSytem time is used to seed randomness
> > which is failing in my case.
> >
>
> As I indicated this shouldn't be happening if you've set up locking
> callbacks
> correctly. Have you set up any locking callbacks?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
