Hi Dr. Henson,
On Mon, Jan 14, 2013 at 10:04 AM, Dr. Stephen Henson <st...@openssl.org> wrote:
> On Mon, Jan 14, 2013, Rahul Godbole wrote:
>
>> Hi
>>
>> Can someone please help me on the following 2 issues? I am using FIPS 2.0
>>
>> 1) I am trying to build OpenSSL for FIPS. When I link to the below
>> functions from an external program linking to libcrypto.a, I get a linking
>> error for them. ...
>>
>> AES_set_encrypt_key()
>> AES_encrypt()
>> AES_set_decrypt_key()
>> AES_decrypt()
>
> While this doesn't solve your problem I should point out that if you're using
> FIPS mode for AES then you must use the EVP interface: not the low level APIs.
Well, I think I managed to subvert that requirement. Sigh....
A few questions before I figure out how I am going to fix it in the field.
(1) where is it documented?
(2) what is the motivation for the requirement?
- is it NIST and procedural?
- is it OpenSSL and undefined behavior on occasion?
(3) Do I have to worry about undefined behavior or runtime crash?
>From the User Guide speaking to (1) above:
* Page 20 of the User Guide states non-approved algorithms
are disable through EVP_* and low-level APIs.
* Appendix I of the User Guide states "Note that many of these
Module API functions calls are rarely if ever referenced directly
by applications, instead they are referenced from the separate
OpenSSL product by a non-cryptographic abstraction layer such
as the EVP interface".
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
