Hello All,
 
OpenSSL version : OpenSSL  0.9.7j-fips-dev
 Platform               :  HPUX
  
 I built OpenSSL by enabling the fips option and did a gmake test.
  
 The following test cases fail
  
 1. trsa
=====
# sh ./trsa
rsa
testing rsa  conversions
p -> d
writing RSA key
p -> p
writing RSA key
d  -> d
writing RSA key
p -> d
writing RSA key
d ->  p
writing RSA key
p -> p
writing RSA key
fff.p f.p differ: char  12, line 1
  
 Reason:
Reading the sample key file testrsa.pem in fips  mode produces a different 
result.
  
 # cat testrsa.pem
-----BEGIN RSA PRIVATE  KEY-----
MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
-----END  RSA PRIVATE KEY-----
  
 # openssl rsa -in testrsa.pem
writing RSA key
-----BEGIN PRIVATE  KEY-----
MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqtt6qS5GTxVxGZYW
a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf
yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f248mAxqgC6hASK
w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go
eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu
RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw
i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB
WFzYvAYocTQNkw==
-----END  PRIVATE KEY-----
  
 Solution :
I generated a new rsa key in fips mode and  it worked
 # export OPENSSL_FIPS=1
 # openssl genrsa -out testrsa.pem
  
 2. testss
======
# sh testss
digest.c(150):  OpenSSL internal error, assertion failed: Digest update 
previous FIPS forbidden  algorithm error ignored
  
 Reason:
The default digest algorithm in sample  configuration files P1ss.cnf, P2ss.cnf 
and Uss.cnf is md5 which  is forbidden in FIPS mode.
  
 Solution
Changing it to sha1 works
  
 Thanks,
 Prakash

                
---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to