Hello All,

OpenSSL version : OpenSSL 0.9.7j-fips-dev
Platform : HPUX

I built OpenSSL by enabling the fips option and did a gmake test.

The following test cases fail

1. trsa
=====
# sh ./trsa
rsa
testing rsa conversions
p -> d
writing RSA key
p -> p
writing RSA key
d -> d
writing RSA key
p -> d
writing RSA key
d -> p
writing RSA key
p -> p
writing RSA key
fff.p f.p differ: char 12, line 1

Reason:
Reading the sample key file testrsa.pem in fips mode produces a different result.

# cat testrsa.pem
-----BEGIN RSA PRIVATE KEY-----
MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3Dwa ffznyHGAFwUJ/I
Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnza HXM/bxGaR5CR1R
rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAi EAsP4BnIaQTM8S
mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp0 6ZeWlR2ADonTZz
rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
-----END RSA PRIVATE KEY-----

# openssl rsa -in testrsa.pem
writing RSA key
-----BEGIN PRIVATE KEY-----
MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAqt t6qS5GTxVxGZYW
a0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO/Re1uwLKXdCjIoaGs4DLdG88rkzf
yK5dPQIDAQABAkBndyfNodcz9vEZpHkJHVGsPWoUEBV+hAWI4f 248mAxqgC6hASK
w8dVxkMpw6/jASDr9MicAhcGcSKC2q9HO7KhAiEA9yBnNSrfJWigBqii/xRtc/Go
eXCjoYEyqe/bTHOR/pkCIQCw/gGchpBMzxKa9ykdnBAl2Z0ceQYoCzfsN/GLrsdu
RQIhAJ5kaWIdcVrTvUWnTpl5aVHYAOidNnOskGF1N7S/mkJ5AiEAhl+SIaAYFfhw
i65yTMSbjeD1YxSPE//QaUrf28jKKHECIQCbKZ6EVFPQy+pbnEAoDHs+CS3wdUrB
WFzYvAYocTQNkw==
-----END PRIVATE KEY-----

Solution :
I generated a new rsa key in fips mode and it worked
# export OPENSSL_FIPS=1
# openssl genrsa -out testrsa.pem

2. testss
======
# sh testss
digest.c(150): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored

Reason:
The default digest algorithm in sample configuration files P1ss.cnf, P2ss.cnf and Uss.cnf is md5 which is forbidden in FIPS mode.

Solution
Changing it to sha1 works

Thanks,
Prakash


---------------------------------
Relax. Yahoo! Mail virus scanning helps detect nasty viruses!
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org