<div dir="ltr">Hi,<div><br></div><div>I am using following openssl versions</div><div>openssl-1.0.2r.tar.gz </div><div>openssl-fips-2.0.5.tar.gz<br></div><div><br></div><div>Following are my files,</div><div><br></div><div><u><b>foo.c</b></u> :</div><div>[root@data-domain-dev-vm poc]# cat foo.c<br>#include <stdio.h><br>#include <openssl/evp.h><br>#include <openssl/err.h><br>int foo_func()<br>{<br> int rc, mode;<br> mode = FIPS_mode();<br> if(mode == 0)<br> {<br> rc = FIPS_mode_set(1);<br> if(rc == 0) {<br> printf("Failed to enable FIPS mode, ");<br> printf("%s\n",ERR_error_string(ERR_get_error(),NULL));<br> } else {<br> printf("Enabled FIPS mode");<br> }<br> }<br> else<br> {<br> printf("Already in FIPS mode");<br> }<br> return 0;<br>}<br></div><div><br></div><div><b><u>poc.c</u></b> :</div><div>[root@data-domain-dev-vm poc]# cat poc.c<br>#include <stdio.h><br>#include "foo.h"<br>int main(int argc, char* argv[])<br>{<br> foo_func();<br> return 0;<br>}<br></div><div><br></div><div><b><u>Makefile</u></b> :</div><div><br></div><div><span style="background-color:rgb(0,255,0)">[root@data-domain-dev-vm poc]# cat Makefile<br>OPENSSLDIR = /usr/local/ssl/fips2.0<br>OPENSSL_INCLUDEDIR = /root/poc/openssl-1.0.2r/include/<br>FIPSMODULE = $(OPENSSLDIR)/lib/fipscanister.o<br>CC = /usr/bin/gcc<br>FIPSLD = /usr/local/ssl/fips-2.0/bin/fipsld<br><br>OBJS = poc.o<br>LIBCRYPTO = /root/poc/openssl-1.0.2r/libcrypto.a<br>LIBSSL = /root/poc/openssl-1.0.2r/libssl.a<br><br>libfoo.so:<br> env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) -fPIC -shared -o libfoo.so foo.c $(LIBCRYPTO) $(LIBSSL) # Working<br><br>poc.o:<br> /usr/bin/gcc -I$(OPENSSL_INCLUDEDIR) -Wall -c poc.c<br><br>POC: libfoo.so $(OBJS)<br> env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) $(OBJS) $(LIBCRYPTO) $(LIBSSL) -L/root/poc -lfoo -ldl -o POC #working</span><br></div><div><span style="background-color:rgb(255,255,255)"><font color="#ff0000"> #/usr/bin/gcc $(OBJS) -L/root/poc -lfoo -ldl -o POC #notworking</font></span></div><font color="#ff0000"> #env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) $(OBJS) -L/root/poc -lfoo -ldl -o POC #notworking</font><br><div><font color="#ff0000"><br></font></div><div><font color="#000000">What I am not able to understand is why any of the red colored lines are not working. when I try to do the FIPS_mode_set() when compiled using red highlighted tex, I get an error </font></div><div>Failed to enable FIPS mode, error:2D06B06F:lib(45):func(107):reason(111)</div><div><br></div><div>I actually want to compile the POC application without
$(LIBCRYPTO) and $(LIBSSL) what can be the done to have $(LIBCRYPTO) and $(LIBSSL) linked to only foo.so and POC application can only use foo.so for successful operation. </div><div><br></div><div>Some more details:</div><div>[root@data-domain-dev-vm poc]# OPENSSL_FIPS=1 openssl md5 /dev/null<br>Error setting digest md5<br>140539482445728:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256:<br>[root@data-domain-dev-vm poc]# OPENSSL_FIPS=1 openssl sha1 /dev/null<br>SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709<br></div><div><br></div><div>Any help is appreciated, Please let me know where in code i am going wrong. </div><div><br></div><div>Thanks a lot,</div><div>Pankaj</div></div>