FYI, I played with "no-rsax" without "no-engine", and it works.
Without RSAX, the engine is NULL, and the default method (in this case,
FIPS) weren't getting overridden in RSA_new_method().
I think I will go with this.
Hong.
On Fri, Feb 27, 2015 at 12:56 PM, Hong Cho wrote:
> Steve,
>
> Tha
Steve,
Thank you for the response.
Here is what ENGINE_get_id() is saying.
--
XXX RSA_new_method: ret->engine = 0x800e28100
XXX RSA_new_method: ENGINE_get_id(ret->engine) = rsax
XXX RSA_new_method: ret->meth = 0x800b2ee40
--
Hong.
On Fri, Feb 27, 2015 at 10:16 AM, Dr. Stephen Henson
w
On Fri, Feb 27, 2015, Hong Cho wrote:
> Hi,
>
> I generated OpenSSL libcrypto (1.0.1l) with the OpenSSL FIPS crypto module
> (2.0.8) on FreeBSD 8.4 amd64.
>
> It seems to build fine, and with OPENSSL_FIPS, it seems to behave correctly
> (e.g., MD5 is refused, DH with 512-bit key is refused, etc.
Hi,
I generated OpenSSL libcrypto (1.0.1l) with the OpenSSL FIPS crypto module
(2.0.8) on FreeBSD 8.4 amd64.
It seems to build fine, and with OPENSSL_FIPS, it seems to behave correctly
(e.g., MD5 is refused, DH with 512-bit key is refused, etc.).
However, genrsa(1) is failing with the following
