That worked! Thanks a lot for your quick help.
Robert -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, March 28, 2013 10:11 AM To: openssl-users@openssl.org Subject: Re: Got "FIPS routines:FIPS_drbg_init:selftest failure", how do I work around it? On Wed, Mar 27, 2013, Bao, Robert wrote: > I changed the default DRBG for FIPS to HMAC_SHA384 by following Dr. > Henson's suggestion in another post titled "FIPS Mode and Default DRBG > (OpenSSL 1.0.x and FIPS 2.0 Module)" > > > > I changed the OpenSSL compile flag "OPENSSL_DRBG_DEFAULT_TYPE" to point > to "NID_hmacWithSHA384". > > > > In run time however, the FIPS_mode_set(1) function returned > "error:2D073087:FIPS routines:FIPS_drbg_init:selftest failure". > > > > What did I do wrong? How to solve/work-around this problem? > Ah, you also need to set the default flags to zero as they're set up to use the CTR DRBG. You can do this with: -DOPENSSL_DRBG_DEFAULT_FLAGS=0 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
