Hello,
Has the AES key wrap feature been removed from the nightly OpenSSL in FIPS
mode?
I have built a FIPS-capable OpenSSL using the following:
ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20111025.tar.gz
ftp://ftp.openssl.org/snapshot/openssl-fips-2.0-test-20111025.tar.gz
When I call AES_set_encrypt_key(), while in FIPS mode, I get the following
abort:
.\crypto\aes\aes_misc.c(73): OpenSSL internal error, assertion failed: Low level
API call to cipher AES forbidden in FIPS mode!
I can see that this is intentional per crypto\aes\aes_misc.c:
67 /* FIPS wrapper functions to block low level AES calls in FIPS mode */
68
69 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
70 AES_KEY *key)
71 {
72 #ifdef OPENSSL_FIPS
73 fips_cipher_abort(AES);
74 #endif
75 return private_AES_set_encrypt_key(userKey, bits, key);
76 }
No such abort occurs with a FIPS-capable OpenSSL using the following:
http://openssl.org/source/openssl-0.9.8r.tar.gz
http://openssl.org/source/openssl-fips-1.2.3.tar.gz
Is there an alternate way to do AES key wrap using the nightly OpenSSL in FIPS
mode?
Thanks,
Bill
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
