That's it! I've set the personalization size to match the value of "entropy_blocklen" passed when setting up the callbacks.
Thanks Leon Brits > -----Original Message----- > From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] > On Behalf Of Dr. Stephen Henson > Sent: 14 May 2013 08:05 PM > To: openssl-dev@openssl.org > Subject: Re: DRBGs questions > > On Tue, May 14, 2013, Leon Brits wrote: > > > So, I've continued and assumed I can use the header files in the "fips- > 2.0" directory and added them to my code with: > > : > > #include <../fips-2.0/include/openssl/fips.h> > > #include <../fips-2.0/include/openssl/fips_rand.h> > > : > > All compile fine. > > > > When executing the test using NID_sha1 as the DRBG type, then > FIPS_drbg_instantiate() fails. I can see that the DRBG successfully got > and freed entropy data from my hardware source. So I guess it must be the > personalization information given as part of the instantiation which is > wrong. > > The fips test application simply gives it 10 bytes from a static array > but I am not sure what the length sould be. The documentation says: "If > the personalisation string is of an invalid length for the DRBG mechanism > a non-fatal error is returned". What does non-fatal error means? I assumed > that the length must be 16 bytes (128 bits) since the NID_sha1 DRBG is 128 > bit strong? It still fails. > > > > Any suggestions? (FIPS is enabled successfully) > > > > The parameters to the callback tell you how much data is required. Also > you can't return the same data all the time as there is a sanity check for > that which will return an error. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org