Hi guys, We used to use 0.9.8 Openssl on Linux platform. We want to use FIPS now.
We did following to make FIPS mode work: - library is linked statically because FIPS cannot be implemented as shared library - we had to make little work around to link FIPS using C compiler because c++ compiler doesn't work with it. - Once it was working we had to regenerate keys. With FIPS they have to be in PCKS8 format. - Because MD5 is not supported in FIPS mode consequently 3DES to encrypt private key didn't work. We used function OpenSSL_add_all_algorithms(); that enabled it and it does work now. We use EVP_des_ede3_cbc() to encrypt private RSA key, this function was failing. We found in the mail archive discrussion about the problem where someone explained that MD5 is not supported in FIPS and consequently EVP_des_ede3_cbc() didn't work. But OpenSSL_add_all_algorithms(); made it work anyway. Does anyone know what has changed by calling OpenSSL_add_all_algorithms()? Does it brake FIPS certification in any way? If that is not correct what private key encryption is supposed to be used with FIPS? Thanks Stan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
