On Thu, Sep 25, 2008, joshi chandran wrote: > I am trying to test the Fips capable openssl and when i am testing it i am > getting some error > > openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform > PEM > > Generating a 2048 bit RSA private key > ....................................................................................+++ > ......+++ > writing new private key to '//exampleca/private/cakey.pem' > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > ----- > digest.c(150): OpenSSL internal error, assertion failed: Digest update > previous FIPS forbidden algorithm error ignored > IOT/Abort trap(coredump) > > There is another error also when i am issuing the smime command > > Data Base Updated > openssl smime -encrypt -in /server_req/mail.txt -des3 -out > /server_req/mail.enc /exampleca/certs/01.pem > > in smime command > Enter pass phrase for /server_req/server_priv_key.pem: > unable to load signing key file > 704646:error:0608008D:digital envelope routines:EVP_DigestInit:disabled for > fips:digest.c:237: > 704646:error:06065064:digital envelope routines:EVP_DecryptFinal:bad > decrypt:evp_enc.c:509: > 704646:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:423: > > > Does this means that this function (EVP_DigestInit) is not supported by > fips mode >
No it means an attempt is being made to use a forbidden algorithm in FIPS mode, probably MD5 from the private key PEM encryption algorithm. You shouldn't get that error with "req" though. I'll look into that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
