[openssl-users] Execute failed when I tried to enable fips_mode.

Ken Chow kenchow.cn at gmail.com
Fri Apr 8 07:31:54 UTC 2016 

Dear all,

I am trying to compile a sample for testing openssl FIP mode, I have
successfully compiled executable file in ubuntu 14.04.

*Sample:*
/* test.c */
#include <stdio.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/fips.h>

int main()
{
#ifdef OPENSSL_FIPS
    if(!FIPS_mode_set(1))
    {
        fprintf(stderr, "MSG: \n");
        ERR_load_crypto_strings();
        ERR_print_errors_fp(stderr);
        exit(1);
    }
    else
        fprintf(stderr,"*** IN FIPS MODE ***\n");

#else
    fprintf(stderr, "NO DEFINE_FIPS !\n");
#endif
}

*The error message I got:*

MSG:
140270859593376:error:0F06D065:common libcrypto routines:FIPS_mode_set:fips
mode not supported:o_fips.c:92:


*Makefile for sample:*

# targets
BIN = test
OBJS= test.c

# openssl
OPENSSLDIR = /home/ken/Work/openssl-fips/compile_fips/ssl/

# relevant path
INCLUDES = -I$(OPENSSLDIR)/include/
INCLUDES += -I$(OPENSSLDIR)/fips2.0/include/
LFLAGS = -L$(OPENSSLDIR)/lib/

# compiler
CC = $(OPENSSLDIR)/fips2.0/bin/fipsld
export FIPSLD_CC=gcc
CFLAGS = -Wall

# for FIPS
FIPSMODULE = $(OPENSSLDIR)/fips2.0/lib/fipscanister.o

# librarys
LIBS = -lcrypto -lssl -ldl

$(BIN): $(OBJS) $(FIPSMODULE)
$(CC) $(CLFAGS) -o $@ $(OBJS) $(INCLUDES) $(LFLAGS) $(LIBS)

clean:
rm -rf $(BIN) *.o

*And the Makefile for building and installing openssl fips mode:*

#
all: openssl-1.0.1c/.built setenv

openssl-fips-2.0.12.tar.gz:
#wget http://www.openssl.org/source/openssl-fips-2.0.1.tar.gz
wget http://45.78.29.98/openssl-fips-2.0.12.tar.gz

openssl-1.0.2g.tar.gz:
#wget http://www.openssl.org/source/openssl-1.0.1c.tar.gz
wget http://45.78.29.98/openssl-1.0.2g.tar.gz

ssl/:
mkdir ssl

setenv:
env OPENSSL_FIPS=1

openssl-fips-2.0.12/.built: openssl-fips-2.0.12.tar.gz ssl/ setenv
gunzip -c openssl-fips-2.0.12.tar.gz | tar xf -
cd openssl-fips-2.0.12 && \
export FIPSDIR=$$PWD/../ssl/fips2.0 && \
./config && \
make && \
make install && \
touch .built

openssl-1.0.1c/.built: openssl-fips-2.0.12/.built openssl-1.0.2g.tar.gz
gunzip  -c openssl-1.0.2g.tar.gz | tar xf -
cd openssl-1.0.2g && \
./config fips shared --openssldir=$$PWD/../ssl
--with-fipsdir=$$PWD/../ssl/fips2.0 && \
make depend && \
make && \
make install_sw &&\
touch .built

clean:
rm -rf openssl-fips-2.0.12 openssl-1.0.2g ssl


so, how should I enable openssl fips mode? thank you for you help.
<http://about.me/kenchowcn>


Ken Chow
about.me/kenchowcn
[image: Ken Chow on about.me]
  <http://about.me/kenchowcn>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160408/0af775ba/attachment.html>

More information about the openssl-users mailing list