Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

RAND_bytes always returns 0 in OpenSSL-FIPS mode

Skip to first unread message

Vikas Goel

Sep 21, 2017, 4:34:08 PM9/21/17

I am trying to understand why RAND_bytes() always returns 0 when used in OpenSSL FIPS mode. I am using OpenSSL-FIPS-2.0.9.

To enable FIPS mode, my code first makes a call to FIPS_mode_set( 1 ), defined in openssl-1.0.2j/crypto/o_fips.c. This ensures that FIPS mode is set. Thereafter if I make a call to RAND_bytes(), which internally triggers FIPS_rand_bytes() defined in openssl-fips-2.0.9/fips/rand/fips_rand_lib.c and it always returns 0 ( essentially no random bytes ).

On further debugging, I notice that "fips_rand_meth" is set to NULL, which I am unable to reason out.

I tried using a gdb and watching that value of this function pointer and where it could be set to a NULL but it turns out that it is set as static RAND_METHOD *fips_rand_meth = NULL in the beginning and thereafter it gets set to fips_rand_meth = meth in FIPS_rand_set_method().

As suggested, I even tried checking the error code ( if any ) using ERR_get_error() call, immediately after calling RAND_bytes(). However, it returns 0 ( which suggests that there is no error ).

There is definitely some gap in my understanding this interaction of setting FIPS mode and then calling its APIs. It would be great if someone can help. Thanks in advance.

PS: I have posted the same on SO:

Robert Rodriguez

Jul 19, 2023, 7:17:02 AM7/19/23
When your garage door springs go bad, it’s important to bring the problem and its solution to the attention of a professional so that the problem doesn’t worsen.
0 new messages