[openssl-users] FIPS_mode_set(1) error:00000000:lib(0):func(0):reason(0)
Jeffrey Walton
noloader at gmail.com
Sun Jan 3 15:27:15 UTC 2016
> It compiles without errors. When I try to enable FIPS mode, I get this
> output:
>
> arm:~/nitere/new$ ./fipsctl set 1
> *** Enabling FIPS module. ***
> *** Failed to enable FIPS module. ***
> error:00000000:lib(0):func(0):reason(0)
>
> But FIPS is still disabled:
>
> arm:~/nitere/new$ ./fipsctl get
> *** FIPS module is disabled. ***
>
> Does somebody knows what is wrong?
Just a guess, but it looks like ERR_get_error() is returning the
result of loading the error strings.
If FIPS_mode_set fails, then grab ERR_get_error() immediately and
ouput it in hex. With the hex error code, you can:
$ openssl errstr 0x060800A3
error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips
Jeff
More information about the openssl-users
mailing list