[openssl-users] Execute failed when I tried to enable fips_mode.
Steve Marquess
marquess at openssl.com
Fri Apr 8 11:39:56 UTC 2016
On 04/08/2016 03:31 AM, Ken Chow wrote:
> Dear all,
>
> I am trying to compile a sample for testing openssl FIP mode, I have
> successfully compiled executable file in ubuntu 14.04.
>
> *Sample:*
> /* test.c */
> #include <stdio.h>
> #include <openssl/crypto.h>
> #include <openssl/err.h>
> #include <openssl/fips.h>
>
> int main()
> {
> #ifdef OPENSSL_FIPS
> if(!FIPS_mode_set(1))
> {
> fprintf(stderr, "MSG: \n");
> ERR_load_crypto_strings();
> ERR_print_errors_fp(stderr);
> exit(1);
> }
> else
> fprintf(stderr,"*** IN FIPS MODE ***\n");
>
> #else
> fprintf(stderr, "NO DEFINE_FIPS !\n");
> #endif
> }
> /
> /
> *The error message I got:*
> /
> /
> MSG:
> 140270859593376:error:0F06D065:common libcrypto
> routines:FIPS_mode_set:fips mode not supported:o_fips.c:92:
> ...
You linked your test program with a stock version of OpenSSL, not the
"FIPS capable" OpenSSL that contains the OpenSSL FIPS Object Module.
Building of the "FIPS capable" OpenSSL is discussed in the OpenSSL FIPS
User Guide:
https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list