Hi all,
problem 1:
I compiled the binary openssl from FIPS Object Module v1.2. However, I got
"illegal instruction" when I try to use "openssl req" command, regardless
FIPS_MODE set to 1 or 0.
My program got the same error if linking to the FIPS static library. The
bombing place is while executing PEM_read_bio_X509().
problem 2:
In FIPS mode, my TlsServer program will exit with a message "digest.c(150):
OpenSSL internal error, assertion failed: Digest update previous FIPS
forbidden algorithm error ignored \n
Aborted" when my TlsClient try to connect. Does it mean my client use a
algorithm which is not allowed in FIPS mode? How to change the algorithm?
my client code:
SSL_library_init();
SSL_load_error_strings();
SSL_METHOD *meth = TLSv1_method();
/* Create an SSL_CTX structure */
_ctx = SSL_CTX_new(meth);
if(_ctx == NULL)
{
printMsg(ERROR_MSG,"Failed to create a SSL_CTX\n");
return false;
}
if(!SSL_CTX_set_cipher_list(_ctx, "FIPS" ))
{
printMsg(ERROR_MSG,"Fatal: Set Cipher Failed\n");
return false;
}
And Is there anyway to catch such a exception/error rather than terminating
the program?
Could anyone please provide some help or information?
Thank you very much.
Peter
