Dear Mr. Henson,
sorry for bothering you again with my question: is there a reason why the
FIPS_drbg_*()
functions are not exported from libeay32.dll on Windows, although they are
officially
documented in the OpenSSL FIPS 2.0 User Guide? Aren't they intended to be used
by
application developers?
Thank you in advance,
Regards,
Matthias St. Pierre
On 08/26/2015 05:14 PM, Dr. Matthias St. Pierre wrote:
>
> Dear Mr. Henson,
>
> I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable
> libeay32.dll
> does not export any of the FIPS_drbg_*() functions, although they are
> officially
> documented by the OpenSSL FIPS 2.0 User Guide.
>
> Is this an oversight or was this done on purpose? (IOW, is it a bug or a
> feature? ;-)
>
> I checked the git repository and found out that the symbols are listed in
> util/libeay.num
> on the master branch but are missing on the OpenSSL_1_0_2-stable and
> OpenSSL_1_0_1-stable
> branch (see [1]).
>
> In fact, the entire log of the OpenSSL_1_0_{1,2}-stable branch shows no
> indication that these
> symbols were ever added to or removed from libeay.num (see [2]).
>
> This is strange, because the symbols were initially added by you in the
> following commit,
> where you state that symbol ordinals are in sync with the 1.0.1 stable branch.
>
> commit 7bd4095b127f7376bafd9010c45673c7d354fe81
> Author: Dr. Stephen Henson <st...@openssl.org>
> Date: Sun Oct 9 15:29:43 2011 +0000
>
> Sync ordinals with 1.0.1-stable.
>
>
> It would be nice if you could be so kind to shed some light on this to clear
> up my confusion.
>
> Best regards,
> MSP
>
>
>
> [1] ~/src/openssl$ git checkout master
> Switched to branch 'master'
> Your branch is up-to-date with 'origin/master'.
>
> ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
> FIPS_drbg_set_check_interval 4808 NOEXIST::FUNCTION:
> FIPS_drbg_set_callbacks 4811 NOEXIST::FUNCTION:
> FIPS_drbg_free 4812 NOEXIST::FUNCTION:
> FIPS_drbg_get_strength 4813 NOEXIST::FUNCTION:
> FIPS_drbg_set_reseed_interval 4814 NOEXIST::FUNCTION:
> (...)
>
> ~/src/openssl$ git checkout OpenSSL_1_0_2-stable
> Switched to branch 'OpenSSL_1_0_2-stable'
> Your branch is up-to-date with 'origin/OpenSSL_1_0_2-stable'.
>
> ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
> <no output>
>
>
> [2] ~/src/openssl$ git log -p OpenSSL_1_0_2-stable -- util/libeay.num | grep
> FIPS_drbg_
> <no output>
>
> ~/src/openssl$ git log -p OpenSSL_1_0_1-stable -- util/libeay.num | grep
> FIPS_drbg_
> <no output>
>
> msp@msppc:~/src/openssl$ git log -p master -- util/libeay.num | grep
> FIPS_drbg_
> FIPS_drbg_set_check_interval 4808 NOEXIST::FUNCTION:
> FIPS_drbg_get_app_data 4870 NOEXIST::FUNCTION:
> FIPS_drbg_get_app_data 4870 NOEXIST::FUNCTION:
> FIPS_drbg_set_check_interval 4808 NOEXIST::FUNCTION:
> -FIPS_drbg_set_check_interval 4685
> EXIST:OPENSSL_FIPS:FUNCTION:
> -FIPS_drbg_set_rand_callbacks 4687
> EXIST:OPENSSL_FIPS:FUNCTION:
> <more output ...>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
