FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

Dr. Matthias St. Pierre

Dear Mr. Henson,

I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable libeay32.dll
does not export any of the FIPS_drbg_*() functions, although they are officially
documented by the OpenSSL FIPS 2.0 User Guide.

Is this an oversight or was this done on purpose? (IOW, is it a bug or a feature? ;-)

I checked the git repository and found out that the symbols are listed in util/libeay.num
on the master branch but are missing on the OpenSSL_1_0_2-stable and OpenSSL_1_0_1-stable
branch (see [1]).

In fact, the entire log of the OpenSSL_1_0_{1,2}-stable branch shows no indication that these
symbols were ever added to or removed from libeay.num (see [2]).

This is strange, because the symbols were initially added by you in the following commit,
where you state that symbol ordinals are in sync with the 1.0.1 stable branch.

    commit 7bd4095b127f7376bafd9010c45673c7d354fe81
    Author: Dr. Stephen Henson <[hidden email]>
    Date:   Sun Oct 9 15:29:43 2011 +0000
   
        Sync ordinals with 1.0.1-stable.


It would be nice if you could be so kind to shed some light on this to clear up my confusion.

Best regards,
MSP



[1] ~/src/openssl$ git checkout master
    Switched to branch 'master'
    Your branch is up-to-date with 'origin/master'.
       
    ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
    FIPS_drbg_set_check_interval            4808 NOEXIST::FUNCTION:
    FIPS_drbg_set_callbacks                 4811 NOEXIST::FUNCTION:
    FIPS_drbg_free                          4812 NOEXIST::FUNCTION:
    FIPS_drbg_get_strength                  4813 NOEXIST::FUNCTION:
    FIPS_drbg_set_reseed_interval           4814 NOEXIST::FUNCTION:
        (...)

    ~/src/openssl$ git checkout OpenSSL_1_0_2-stable
    Switched to branch 'OpenSSL_1_0_2-stable'
    Your branch is up-to-date with 'origin/OpenSSL_1_0_2-stable'.
       
    ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
        <no output>


[2] ~/src/openssl$ git log -p OpenSSL_1_0_2-stable -- util/libeay.num | grep FIPS_drbg_
    <no output>

    ~/src/openssl$ git log -p OpenSSL_1_0_1-stable -- util/libeay.num | grep FIPS_drbg_
    <no output>

    msp@msppc:~/src/openssl$ git log -p master -- util/libeay.num | grep FIPS_drbg_
     FIPS_drbg_set_check_interval            4808 NOEXIST::FUNCTION:
     FIPS_drbg_get_app_data                  4870 NOEXIST::FUNCTION:
     FIPS_drbg_get_app_data                  4870 NOEXIST::FUNCTION:
     FIPS_drbg_set_check_interval            4808 NOEXIST::FUNCTION:
    -FIPS_drbg_set_check_interval            4685 EXIST:OPENSSL_FIPS:FUNCTION:
    -FIPS_drbg_set_rand_callbacks            4687 EXIST:OPENSSL_FIPS:FUNCTION:
        <more output ...>
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: FIPS_drbg_*() are not exported from FIPS capable libeay32.dll on Windows (OpenSSL 1.0.2x and 1.0.1x)

Dr. Matthias St. Pierre
Dear Mr. Henson,

sorry for bothering you again with my question: is there a reason why the FIPS_drbg_*()
functions are not exported from libeay32.dll on Windows, although they are officially
documented in the OpenSSL FIPS 2.0 User Guide? Aren't they intended to be used by
application developers?

Thank you in advance,

Regards,
Matthias St. Pierre


On 08/26/2015 05:14 PM, Dr. Matthias St. Pierre wrote:

>
> Dear Mr. Henson,
>
> I noticed that for OpenSSL 1.0.2x and 1.0.1x on Windows the FIPS capable libeay32.dll
> does not export any of the FIPS_drbg_*() functions, although they are officially
> documented by the OpenSSL FIPS 2.0 User Guide.
>
> Is this an oversight or was this done on purpose? (IOW, is it a bug or a feature? ;-)
>
> I checked the git repository and found out that the symbols are listed in util/libeay.num
> on the master branch but are missing on the OpenSSL_1_0_2-stable and OpenSSL_1_0_1-stable
> branch (see [1]).
>
> In fact, the entire log of the OpenSSL_1_0_{1,2}-stable branch shows no indication that these
> symbols were ever added to or removed from libeay.num (see [2]).
>
> This is strange, because the symbols were initially added by you in the following commit,
> where you state that symbol ordinals are in sync with the 1.0.1 stable branch.
>
>     commit 7bd4095b127f7376bafd9010c45673c7d354fe81
>     Author: Dr. Stephen Henson <[hidden email]>
>     Date:   Sun Oct 9 15:29:43 2011 +0000
>    
>         Sync ordinals with 1.0.1-stable.
>
>
> It would be nice if you could be so kind to shed some light on this to clear up my confusion.
>
> Best regards,
> MSP
>
>
>
> [1] ~/src/openssl$ git checkout master
>     Switched to branch 'master'
>     Your branch is up-to-date with 'origin/master'.
>
>     ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
>     FIPS_drbg_set_check_interval            4808 NOEXIST::FUNCTION:
>     FIPS_drbg_set_callbacks                 4811 NOEXIST::FUNCTION:
>     FIPS_drbg_free                          4812 NOEXIST::FUNCTION:
>     FIPS_drbg_get_strength                  4813 NOEXIST::FUNCTION:
>     FIPS_drbg_set_reseed_interval           4814 NOEXIST::FUNCTION:
> (...)
>
>     ~/src/openssl$ git checkout OpenSSL_1_0_2-stable
>     Switched to branch 'OpenSSL_1_0_2-stable'
>     Your branch is up-to-date with 'origin/OpenSSL_1_0_2-stable'.
>
>     ~/src/openssl$ grep FIPS_drbg_ util/libeay.num
> <no output>
>
>
> [2] ~/src/openssl$ git log -p OpenSSL_1_0_2-stable -- util/libeay.num | grep FIPS_drbg_
>     <no output>
>
>     ~/src/openssl$ git log -p OpenSSL_1_0_1-stable -- util/libeay.num | grep FIPS_drbg_
>     <no output>
>
>     msp@msppc:~/src/openssl$ git log -p master -- util/libeay.num | grep FIPS_drbg_
>      FIPS_drbg_set_check_interval            4808 NOEXIST::FUNCTION:
>      FIPS_drbg_get_app_data                  4870 NOEXIST::FUNCTION:
>      FIPS_drbg_get_app_data                  4870 NOEXIST::FUNCTION:
>      FIPS_drbg_set_check_interval            4808 NOEXIST::FUNCTION:
>     -FIPS_drbg_set_check_interval            4685 EXIST:OPENSSL_FIPS:FUNCTION:
>     -FIPS_drbg_set_rand_callbacks            4687 EXIST:OPENSSL_FIPS:FUNCTION:
> <more output ...>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users