[openssl-users] FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

Dr. Matthias St. Pierre Matthias.St.Pierre at ncp-e.com
Wed Sep 2 06:33:21 UTC 2015


Dear Mr. Henson,

sorry for bothering you again with my question: is there a reason why the FIPS_drbg_*() 
functions are not exported from libeay32.dll on Windows, although they are officially
documented in the OpenSSL FIPS 2.0 User Guide? Aren't they intended to be used by 
application developers? 

Thank you in advance,

Regards,
Matthias St. Pierre


On 08/26/2015 05:14 PM, Dr. Matthias St. Pierre wrote:
> 
> Dear Mr. Henson,
> 
> I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable libeay32.dll
> does not export any of the FIPS_drbg_*() functions, although they are officially
> documented by the OpenSSL FIPS 2.0 User Guide.
> 
> Is this an oversight or was this done on purpose? (IOW, is it a bug or a feature? ;-)
> 
> I checked the git repository and found out that the symbols are listed in util/libeay.num
> on the master branch but are missing on the OpenSSL_1_0_2-stable and OpenSSL_1_0_1-stable
> branch (see [1]).
> 
> In fact, the entire log of the OpenSSL_1_0_{1,2}-stable branch shows no indication that these
> symbols were ever added to or removed from libeay.num (see [2]).
> 
> This is strange, because the symbols were initially added by you in the following commit,
> where you state that symbol ordinals are in sync with the 1.0.1 stable branch.
> 
>     commit 7bd4095b127f7376bafd9010c45673c7d354fe81
>     Author: Dr. Stephen Henson <steve at openssl.org>
>     Date:   Sun Oct 9 15:29:43 2011 +0000
>     
>         Sync ordinals with 1.0.1-stable.
> 
> 
> It would be nice if you could be so kind to shed some light on this to clear up my confusion.
> 
> Best regards,
> MSP
> 
> 
> 
> [1] ~/src/openssl$ git checkout master
>     Switched to branch 'master'
>     Your branch is up-to-date with 'origin/master'.
> 	
>     ~/src/openssl$ grep FIPS_drbg_ util/libeay.num 
>     FIPS_drbg_set_check_interval            4808	NOEXIST::FUNCTION:
>     FIPS_drbg_set_callbacks                 4811	NOEXIST::FUNCTION:
>     FIPS_drbg_free                          4812	NOEXIST::FUNCTION:
>     FIPS_drbg_get_strength                  4813	NOEXIST::FUNCTION:
>     FIPS_drbg_set_reseed_interval           4814	NOEXIST::FUNCTION:
> 	(...)
> 
>     ~/src/openssl$ git checkout OpenSSL_1_0_2-stable 
>     Switched to branch 'OpenSSL_1_0_2-stable'
>     Your branch is up-to-date with 'origin/OpenSSL_1_0_2-stable'.
> 	
>     ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
> 	<no output>
> 
> 
> [2] ~/src/openssl$ git log -p OpenSSL_1_0_2-stable -- util/libeay.num | grep FIPS_drbg_
>     <no output>
> 
>     ~/src/openssl$ git log -p OpenSSL_1_0_1-stable -- util/libeay.num | grep FIPS_drbg_
>     <no output>
> 
>     msp at msppc:~/src/openssl$ git log -p master -- util/libeay.num | grep FIPS_drbg_ 
>      FIPS_drbg_set_check_interval            4808	NOEXIST::FUNCTION:
>      FIPS_drbg_get_app_data                  4870	NOEXIST::FUNCTION:
>      FIPS_drbg_get_app_data                  4870	NOEXIST::FUNCTION:
>      FIPS_drbg_set_check_interval            4808	NOEXIST::FUNCTION:
>     -FIPS_drbg_set_check_interval            4685	EXIST:OPENSSL_FIPS:FUNCTION:
>     -FIPS_drbg_set_rand_callbacks            4687	EXIST:OPENSSL_FIPS:FUNCTION:
> 	<more output ...>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 


More information about the openssl-users mailing list