On Tue, Aug 12, 2008, Justin A wrote: > Hi, > > When fips mode enabled I am running into issue with this call in my code > > 1) > Issue:- > --------------------- > PEM_write_bio_RSAPrivateKey(priv_bp, key, EVP_des_ede3_cbc(), NULL, NULL, > some_cb, NULL) > > When I checked the code which in turns points to > > int > PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, > char *x, const EVP_CIPHER *enc, unsigned char *kstr, > int klen, pem_password_cb *callback, void *u) > > The source where I extracted from is > cvs -d [EMAIL PROTECTED]:/openssl-cvs co -r OpenSSL-fips-0_9_8-stable openssl > > 2) > In this implementation internally its using EVP_md5() which is not supported > by FIPS. > > So is there a patch for this one..? or a different API which I could us, > which is FIPS compliant. >
OpenSSL 0.9.8 does not support FIPS mode. The validated 0.9.7 source and the (hopefully) soon to be validate 0.9.8-fips source in FIPS mode redirects such calls automatically to PEM_write_bio_PKCS8PrivateKey() which uses SHA1 for key derivation. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
