[openssl-users] Building an application with OpenSSL and FIPS support.
Matthew Heimlich
MHeimlich at Steelcloud.com
Wed Oct 12 17:55:01 UTC 2016
I recompiled with dynamic libraries and after linking to them the program runs without issue. I'll keep trying to hunt down the issues with the static libs. Thanks for the help.
Thanks,
Matt Heimlich
Linux Security Engineer
SteelCloud LLC
703.999.4346
________________________________________
From: openssl-users <openssl-users-bounces at openssl.org> on behalf of Dr. Stephen Henson <steve at openssl.org>
Sent: Tuesday, October 11, 2016 10:35 AM
To: openssl-users at openssl.org
Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS support.
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl version
>
> returns:
>
> OpenSSL 1.0.2j-fips
>
> My FIPS module version is openssl-fips-2.0.13
>
> $OPENSSL_FIPS=1 openssl md5 /dev/null
>
> returns:
>
> Error setting digest md5
> 140066569107136:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:
>
> $OPENSSL_FIPS=1 openssl sha1 /dev/null
>
> returns:
>
> SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709
>
> Do that appears to be working correctly.
>
Can you give more details of the steps you are using to link your application?
If you're linking to the OpenSSL shared libraries then you don't need to use
fipsld at all. I'd suggest you try that as a first step and see if your
application works.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list