Need to split the FIPS and non-FIPS compliant technologies:
When I do a fips compile namely
./Configure threads shared no-sse2 fipsdso enable-capieng enable-montasm
enable-cms enable-seed enable-tlsext enable-camellia enable-rfc3779 enable-gmp
enable-mdc2 enable-rc5 zlib-dynamic --prefix="/usr/contrib"
--openssldir="/usr/contrib"
debug-bsdi-x86-elf "-g -O3 -Wall -mcpu=pentium3
with debug-bsdi-x86-elf
"debug-bsdi-x86-elf", "gcc:-DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer
-O9 -march=pentium3 -Wall -g::${BSDthreads}::-ldl -lm -lc:THIRY_TWO_BIT_LONG
RC4_CHUNK BN_LLONG ${x86_gcc_des}
${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
I get:
Testing cipher SEED-ECB(encrypt)
Key
0000 28 db c3 bc 49 ff d8 7d cf a5 09 b1 1d 42 2b e7
Plaintext
0000 b4 1e 6b e2 eb a8 4a 14 8e 2e ed 84 59 3c 5e c7
Ciphertext
0000 9b 9b 7b fc d1 81 3c b9 5d 0b 36 18 f4 0f 51 22
test SSL protocol
test ssl3 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
mode:ssl_lib.c:1402:
8918:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
mode:ssl_lib.c:1402:
test ssl2 is forbidden in FIPS mode
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
mode:ssl_lib.c:1402:
8932:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips
mode:ssl_lib.c:1402:
test tls1
*** IN FIPS MODE ***
Available compression methods:
1: zlib compression
8956:error:0406A08D:rsa routines:RSA_new_method:non fips method:rsa_eng.c:183:
8956:error:0D079064:asn1 encoding routines:ASN1_ITEM_EX_COMBINE_NEW:aux
error:tasn_new.c:221:
8956:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
error:tasn_dec.c:402:Type=RSA
8956:error:0D09B00D:asn1 encoding routines:d2i_PublicKey:ASN1 lib:d2i_pu.c:99:
8956:error:0B077066:x509 certificate routines:X509_PUBKEY_get:err asn1
lib:x_pubkey.c:366:
8956:error:140BF10C:SSL routines:SSL_SET_CERT:x509 lib:ssl_rsa.c:402:
ERROR in SERVER
8956:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1037:
TLSv1, cipher (NONE) (NONE)
1 handshakes of 256 bytes done
*** Error code 1 (continuing)
Test IGE mode
../util/shlib_wrap.sh ./igetest
`tests' not remade because of errors.
util/opensslwrap.sh version -a
OpenSSL 0.9.8j-fips-dev xx XXX xxxx
built on: Sat Sep 20 08:02:29 MDT 2008
platform: debug-bsdi-x86-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int)
blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS
-pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O3 -Wall
-mcpu=pentium3 -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O9
-march=pentium3 -Wall -g -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT
-DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/usr/contrib"
`test' is up to date.
using make -k test .
Please fix.
--
Member - Liberal International
This is [EMAIL PROTECTED] Ici [EMAIL PROTECTED]
God, Queen and country! Beware Anti-Christ rising! Canada vote anything but
Conservative on 14 OCt 2008, join us at http://www.harpocrit.ca .
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
