That worked!
Thanks a lot for your quick help.
Robert
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson
Sent: Thursday, March 28, 2013 10:11 AM
To: openssl-users@openssl.org
Subject: Re: Got FIPS routines:FIPS_drbg_init:selftest failure, how do
I work around it?
On Wed, Mar 27, 2013, Bao, Robert wrote:
I changed the default DRBG for FIPS to HMAC_SHA384 by following Dr.
Henson's suggestion in another post titled FIPS Mode and Default DRBG
(OpenSSL 1.0.x and FIPS 2.0 Module)
I changed the OpenSSL compile flag OPENSSL_DRBG_DEFAULT_TYPE to
point
to NID_hmacWithSHA384.
In run time however, the FIPS_mode_set(1) function returned
error:2D073087:FIPS routines:FIPS_drbg_init:selftest failure.
What did I do wrong? How to solve/work-around this problem?
Ah, you also need to set the default flags to zero as they're set up to
use
the CTR DRBG. You can do this with: -DOPENSSL_DRBG_DEFAULT_FLAGS=0
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org