<html>
<head>
</head>
<body class='hmmessage'><div dir='ltr'>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Hello, <div><br></div><div>I'm trying to enable FIPS mode with this code:</div><div><span style="font-size: 12pt;">__________________________________________________________________</span></div><div><div>#include <openssl/crypto.h></div><div>#include <openssl/err.h></div><div>#include <stdio.h></div><div><br></div><div>int main ( int argc, char *argv[] )</div><div>{</div><div>#ifdef OPENSSL_FIPS </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>int mode, result;</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>// Get FIPS mode</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if(strcmp("get",argv[1]) == 0)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mode = FIPS_mode();</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if(mode == 0)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** FIPS module is disabled. ***\n");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if(mode == 1)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** FIPS module is enabled. ***\n");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>// Set FIPS mode</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>else if(strcmp("set",argv[1]) == 0)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if(strcmp("0",argv[2]) == 0)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** Disabling FIPS module. ***\n");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>result = FIPS_mode_set(0);</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if(result != 1)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ERR_load_crypto_strings();</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** Failed to disable FIPS module. ***\n");<span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("%s\n", ERR_error_string(ERR_get_error(), NULL));</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>return 1;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>else if (strcmp("1",argv[2]) == 0)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** Enabling FIPS module. ***\n");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>result = FIPS_mode_set(1);<span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if(result != 1)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ERR_load_crypto_strings();</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** Failed to enable FIPS module. ***\n");<span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("%s\n", ERR_error_string(ERR_get_error(), NULL));</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>return 1;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}<span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>else</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** Error: unsupported option. ***\n");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>return 1;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>// Unsupported option</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>else</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>printf("*** Error: unsupported option. ***\n");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>return 1;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>return 0;</div><div><br></div><div>#else </div><div> printf("OPENSSL_FIPS is not defined"); </div><div><br></div><div>#endif //OPENSSL_FIPS </div><div>} </div></div><div>__________________________________________________________________</div><div><br></div><div>And with this Makefile:</div><div><br></div><div>__________________________________________________________________</div><div><div>CC=gcc</div><div>OPENSSLDIR=/usr/local/ssl</div><div>LIBS=$(OPENSSLDIR)/lib/libcrypto.a $(OPENSSLDIR)/lib/libssl.a -ldl </div><div>INCLUDES=-I$(OPENSSLDIR)/include</div><div>CMD=fipsctl</div><div><br></div><div>OBJS=$(CMD).o</div><div><br></div><div>$(CMD): $(OBJS)</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS) -ldl \</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>$(LIBS)</div><div><br></div><div>$(OBJS): $(CMD).c</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>$(CC) -c $(CMD).c $(INCLUDES)</div><div><br></div><div>clean:</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rm -Rf *.o $(CMD)</div></div><div>__________________________________________________________________</div><div><br></div><div>It compiles without errors. When I try to enable FIPS mode, I get this output:</div><div><br></div><div><div>arm:~/nitere/new$ ./fipsctl set 1</div><div>*** Enabling FIPS module. ***</div><div>*** Failed to enable FIPS module. ***</div><div>error:00000000:lib(0):func(0):reason(0)</div></div><div><br></div><div>But FIPS is still disabled:</div><div><br></div><div><div>arm:~/nitere/new$ ./fipsctl get</div><div>*** FIPS module is disabled. ***</div></div><div><br></div><div>Does somebody knows what is wrong?</div><div><br></div><div>Any tip will be very helpful,</div><div>Thanks.</div><div><br></div></div>
</div></body>
</html>