[openssl-users] Execute failed when I tried to enable fips_mode.

Steve Marquess marquess at openssl.com
Fri Apr 8 11:39:56 UTC 2016


On 04/08/2016 03:31 AM, Ken Chow wrote:
> Dear all,
> 
> I am trying to compile a sample for testing openssl FIP mode, I have
> successfully compiled executable file in ubuntu 14.04.
> 
> *Sample:*
> /* test.c */
> #include <stdio.h>
> #include <openssl/crypto.h>
> #include <openssl/err.h>
> #include <openssl/fips.h>
> 
> int main()
> {
> #ifdef OPENSSL_FIPS 
>     if(!FIPS_mode_set(1)) 
>     {
>         fprintf(stderr, "MSG: \n");
>         ERR_load_crypto_strings();
>         ERR_print_errors_fp(stderr);
>         exit(1); 
>     } 
>     else
>         fprintf(stderr,"*** IN FIPS MODE ***\n");
> 
> #else
>     fprintf(stderr, "NO DEFINE_FIPS !\n");
> #endif 
> }
> /
> /
> *The error message I got:*
> /
> /
> MSG: 
> 140270859593376:error:0F06D065:common libcrypto
> routines:FIPS_mode_set:fips mode not supported:o_fips.c:92:
> ...

You linked your test program with a stock version of OpenSSL, not the
"FIPS capable" OpenSSL that contains the OpenSSL FIPS Object Module.

Building of the "FIPS capable" OpenSSL is discussed in the OpenSSL FIPS
User Guide:

  https://www.openssl.org/docs/fips/UserGuide-2.0.pdf

-Steve M.



-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


More information about the openssl-users mailing list