[openssl-users] Building an application with OpenSSL and FIPS support.
Dr. Stephen Henson
steve at openssl.org
Tue Oct 11 14:35:22 UTC 2016
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl version
>
> returns:
>
> OpenSSL 1.0.2j-fips
>
> My FIPS module version is openssl-fips-2.0.13
>
> $OPENSSL_FIPS=1 openssl md5 /dev/null
>
> returns:
>
> Error setting digest md5
> 140066569107136:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:
>
> $OPENSSL_FIPS=1 openssl sha1 /dev/null
>
> returns:
>
> SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709
>
> Do that appears to be working correctly.
>
Can you give more details of the steps you are using to link your application?
If you're linking to the OpenSSL shared libraries then you don't need to use
fipsld at all. I'd suggest you try that as a first step and see if your
application works.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users
mailing list