On Wed, Mar 27, 2013, Bao, Robert wrote: > I changed the default DRBG for FIPS to HMAC_SHA384 by following Dr. > Henson's suggestion in another post titled "FIPS Mode and Default DRBG > (OpenSSL 1.0.x and FIPS 2.0 Module)" > > > > I changed the OpenSSL compile flag "OPENSSL_DRBG_DEFAULT_TYPE" to point > to "NID_hmacWithSHA384". > > > > In run time however, the FIPS_mode_set(1) function returned > "error:2D073087:FIPS routines:FIPS_drbg_init:selftest failure". > > > > What did I do wrong? How to solve/work-around this problem? >
Ah, you also need to set the default flags to zero as they're set up to use the CTR DRBG. You can do this with: -DOPENSSL_DRBG_DEFAULT_FLAGS=0 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
