Hello,
I am looking for some help and I do not profess to be an expert in this area,
so forgive me for asking the following.
I am running openssl-fips-2.0.7 with openssl-1.0.1j in my application(in FIPs
mode) and am trying to figure out how to get around the following issue:
sha_locl.h(128): OpenSSL internal error, assertion failed: Low level API call
to digest SHA1 forbidden in FIPS mode!
>From the openssl-1.0.1j "CHANGES" file, I see the following entry:
Low level digest APIs are not approved in FIPS mode: any attempt
to use these will cause a fatal error. Applications that *really* want
to use them can use the private_* version instead.
[Steve Henson]
Does this mean that if I want to use low level digest APIs that I would
comment out the ' if (FIPS_mode())' test below?
If this is correct, am I now violating FIPS?
>From crypto/crypto.h:
#ifdef OPENSSL_FIPS
#define fips_md_init_ctx(alg, cx) \
int alg##_Init(cx##_CTX *c) \
{ \
if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
"Low level API call to digest " #alg " forbidden in FIPS mode!"); \
return private_##alg##_Init(c); \
} \
int private_##alg##_Init(cx##_CTX *c)
If I am barking up the wrong tree(so to speak), what would be the correct
course of action for me to take?
Thank you,
Phil
Phil Bellino
Principal Software Engineer | MRV Communications Inc.
300 Apollo Drive | Chelmsford, MA 01824
Phone: 978-674-6870 | Fax: 978-674-6799
www.mrv.com
[MRV-email]
[E-Banner]<http://www.mrv.com/landing/mrvs-software-defined-networking-sdn-and-network-function-virtualization-nfv-products-and-architecture>
The contents of this message, together with any attachments, are intended only
for the use of the person(s) to whom they are addressed and may contain
confidential and/or privileged information. If you are not the intended
recipient, immediately advise the sender, delete this message and any
attachments and note that any distribution, or copying of this message, or any
attachment, is prohibited.
