On Tue, May 14, 2013, Leon Brits wrote: > So, I've continued and assumed I can use the header files in the "fips-2.0" > directory and added them to my code with: > : > #include <../fips-2.0/include/openssl/fips.h> > #include <../fips-2.0/include/openssl/fips_rand.h> > : > All compile fine. > > When executing the test using NID_sha1 as the DRBG type, then > FIPS_drbg_instantiate() fails. I can see that the DRBG successfully got and > freed entropy data from my hardware source. So I guess it must be the > personalization information given as part of the instantiation which is wrong. > The fips test application simply gives it 10 bytes from a static array but I > am not sure what the length sould be. The documentation says: "If the > personalisation string is of an invalid length for the DRBG mechanism a > non-fatal error is returned". What does non-fatal error means? I assumed that > the length must be 16 bytes (128 bits) since the NID_sha1 DRBG is 128 bit > strong? It still fails. > > Any suggestions? (FIPS is enabled successfully) >
The parameters to the callback tell you how much data is required. Also you can't return the same data all the time as there is a sanity check for that which will return an error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
