Hi Dr. Henson, On Mon, Jan 14, 2013 at 10:04 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Mon, Jan 14, 2013, Rahul Godbole wrote: > >> Hi >> >> Can someone please help me on the following 2 issues? I am using FIPS 2.0 >> >> 1) I am trying to build OpenSSL for FIPS. When I link to the below >> functions from an external program linking to libcrypto.a, I get a linking >> error for them. ... >> >> AES_set_encrypt_key() >> AES_encrypt() >> AES_set_decrypt_key() >> AES_decrypt() > > While this doesn't solve your problem I should point out that if you're using > FIPS mode for AES then you must use the EVP interface: not the low level APIs. Well, I think I managed to subvert that requirement. Sigh....
A few questions before I figure out how I am going to fix it in the field. (1) where is it documented? (2) what is the motivation for the requirement? - is it NIST and procedural? - is it OpenSSL and undefined behavior on occasion? (3) Do I have to worry about undefined behavior or runtime crash? >From the User Guide speaking to (1) above: * Page 20 of the User Guide states non-approved algorithms are disable through EVP_* and low-level APIs. * Appendix I of the User Guide states "Note that many of these Module API functions calls are rarely if ever referenced directly by applications, instead they are referenced from the separate OpenSSL product by a non-cryptographic abstraction layer such as the EVP interface". Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org