[openssl-users] FIPS_mode_set(1) error:00000000:lib(0):func(0):reason(0)

Marcos Bontempo marcosbontempo at hotmail.com
Sun Dec 27 19:30:25 UTC 2015




Hello, 
I'm trying to enable FIPS mode with this code:__________________________________________________________________#include <openssl/crypto.h>#include <openssl/err.h>#include <stdio.h>
int main ( int argc, char *argv[] ){#ifdef OPENSSL_FIPS 	int mode, result;
	// Get FIPS mode	if(strcmp("get",argv[1]) == 0)	{		mode = FIPS_mode();		if(mode == 0)		{			printf("*** FIPS module is disabled. ***\n");		}		if(mode == 1)		{			printf("*** FIPS module is enabled. ***\n");		}	}		// Set FIPS mode	else if(strcmp("set",argv[1]) == 0)	{		if(strcmp("0",argv[2]) == 0)		{			printf("*** Disabling FIPS module. ***\n");			result = FIPS_mode_set(0);			if(result != 1)			{				ERR_load_crypto_strings();				printf("*** Failed to disable FIPS module. ***\n");					printf("%s\n", ERR_error_string(ERR_get_error(), NULL));				return 1;			}		}		else if (strcmp("1",argv[2]) == 0)		{			printf("*** Enabling FIPS module. ***\n");			result = FIPS_mode_set(1);				if(result != 1)			{				ERR_load_crypto_strings();				printf("*** Failed to enable FIPS module. ***\n");					printf("%s\n", ERR_error_string(ERR_get_error(), NULL));				return 1;			}			}		else		{			printf("*** Error: unsupported option. ***\n");			return 1;		}	}
	// Unsupported option	else	{		printf("*** Error: unsupported option. ***\n");		return 1;	}
	return 0;
#else         printf("OPENSSL_FIPS is not defined"); 
#endif //OPENSSL_FIPS }   __________________________________________________________________
And with this Makefile:
__________________________________________________________________CC=gccOPENSSLDIR=/usr/local/sslLIBS=$(OPENSSLDIR)/lib/libcrypto.a $(OPENSSLDIR)/lib/libssl.a -ldl INCLUDES=-I$(OPENSSLDIR)/includeCMD=fipsctl
OBJS=$(CMD).o
$(CMD): $(OBJS)	FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS) -ldl \	$(LIBS)
$(OBJS): $(CMD).c	$(CC) -c $(CMD).c $(INCLUDES)
clean:	rm -Rf *.o $(CMD)__________________________________________________________________
It compiles without errors. When I try to enable FIPS mode, I get this output:
arm:~/nitere/new$ ./fipsctl set 1*** Enabling FIPS module. ****** Failed to enable FIPS module. ***error:00000000:lib(0):func(0):reason(0)
But FIPS is still disabled:
arm:~/nitere/new$ ./fipsctl get*** FIPS module is disabled. ***
Does somebody knows what is wrong?
Any tip will be very helpful,Thanks.

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151227/511b346b/attachment-0001.html>


More information about the openssl-users mailing list