We are on version 0.9.8l of OpenSSL with FIPS module version 1.2 if that is
what you are asking.
Thanks
Anamitra
On 6/10/11 4:37 PM, "Dr. Stephen Henson" <st...@openssl.org> wrote:
> On Fri, Jun 10, 2011, anmajumd wrote:
>
>>
>> We are preparing for a FIPS review with our lab.
>>
>> We have found that there is a piece of code that initializes the
>> encryption context for bf_cbc which works perfectly fine in FIPS mode.
>>
>> Specifically this is the code snippet I am referring to
>>
>> EVP_EncryptInit(ctx, EVP_bf_cbc(), key, iv);
>> out = (char*) malloc(inlen + EVP_CIPHER_CTX_block_size(ctx));
>>
>> for (index = 0; index < inlen / 50; index++) {
>> EVP_EncryptUpdate(ctx, &out[outlen], &temp, &input[outlen], 50);
>> outlen += temp;
>> }
>>
>> Our application binary containing the above code is linked dynamically to
>> fips capable OpenSSL library
>>
>> Any idea why this is working fine in the fips mode without issues.
>>
>> On the other using bf from the openssl command line fails with fips error as
>> expected.
>>
>
> Which version of OpenSSL and which module?
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
