[openssl-users] FIPS_mode_set(1) error:00000000:lib(0):func(0):reason(0)

Jeffrey Walton noloader at gmail.com
Sun Jan 3 15:27:15 UTC 2016

> It compiles without errors. When I try to enable FIPS mode, I get this
> output:
> arm:~/nitere/new$ ./fipsctl set 1
> *** Enabling FIPS module. ***
> *** Failed to enable FIPS module. ***
> error:00000000:lib(0):func(0):reason(0)
> But FIPS is still disabled:
> arm:~/nitere/new$ ./fipsctl get
> *** FIPS module is disabled. ***
> Does somebody knows what is wrong?

Just a guess, but it looks like ERR_get_error() is returning the
result of loading the error strings.

If FIPS_mode_set fails, then grab ERR_get_error() immediately and
ouput it in hex. With the hex error code, you can:

    $ openssl errstr 0x060800A3
    error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips


More information about the openssl-users mailing list