On Wed, Jan 14, 2015 at 3:28 AM, [email protected] <[email protected]> wrote: > On Tue, 13 Jan 2015 14:25:21 +0100 > Nikos Mavrogiannopoulos <[email protected]> wrote: > > Hello, > Thanks for the reply. It did made some progress, but it's still not > there. I have adjusted the lib path using ldconfig, and I have gotten > the fipshmac utility from Red Hat's fipscheck package (1.4.1) and > generated a .hmac file. Details below. The error now seems to > revolve around not agreeing witht he fipshmac utility.
Correct, I forgot about it. You'll need to patch gnutls' fips.c to use a key that agrees with the fipscheck package. I.e., apply the following patch: diff --git a/lib/fips.c b/lib/fips.c index b99da2d..ac74533 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -107,7 +107,7 @@ void _gnutls_fips_mode_reset_zombie(void) #define HOGWEED_LIBRARY_NAME "libhogweed.so.2" #define GMP_LIBRARY_NAME "libgmp.so.10" -static const char fips_key[] = "I'd rather be skiing"; +static const char fips_key[] = "orboDeJITITejsirpADONivirpUkvarP"; #define HMAC_SUFFIX ".hmac" #define HMAC_SIZE 32 >> You don't really need the FIPS140 mode. The library works much >> better without it, as it is not restricted to NIST-approved >> algorithms and random number generators. > Is the restriction the only drawback or is there currently a problem > using gnutls in FIPS mode ? I'm referring to the restrictions. There is no other known problem in FIPS140-2 mode. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
