Hello All, OpenSSL version : OpenSSL 0.9.7j-fips-dev Platform : HPUX I built OpenSSL by enabling the fips option and did a gmake test. The following test cases fail 1. trsa ===== # sh ./trsa rsa testing rsa conversions p -> d writing RSA key p -> p writing RSA key d -> d writing RSA key p -> d writing RSA key d -> p writing RSA key p -> p writing RSA key fff.p f.p differ: char 12, line 1 Reason: Reading the sample key file testrsa.pem in fips mode produces a different result. # cat testrsa.pem -----BEGIN RSA PRIVATE KEY----- MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM= -----END RSA PRIVATE KEY----- # openssl rsa -in testrsa.pem writing RSA key -----BEGIN PRIVATE KEY----- MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqtt6qS5GTxVxGZYW a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f248mAxqgC6hASK w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB WFzYvAYocTQNkw== -----END PRIVATE KEY----- Solution : I generated a new rsa key in fips mode and it worked # export OPENSSL_FIPS=1 # openssl genrsa -out testrsa.pem 2. testss ====== # sh testss digest.c(150): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored Reason: The default digest algorithm in sample configuration files P1ss.cnf, P2ss.cnf and Uss.cnf is md5 which is forbidden in FIPS mode. Solution Changing it to sha1 works Thanks, Prakash
--------------------------------- Relax. Yahoo! Mail virus scanning helps detect nasty viruses! ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]