I strongly recommend reading the user guide, as it'll help a lot. You need to do more than simply link your application with libcrypto and libssl. There's a sample shell script, fipsld, that's also provided in the distribution that shows the necessary actions (and can even be called in place of ld on most UNIX and UNIX-like systems). Additionally, if you truly needs FIPS 140 mode, you don't want to simply download openssl-fips-2.0.2, as the new requirements from the CMVP indicate that you need a trusted path for obtaining the source code, and that you need to verify your source package with a FIPS 140 approved algorithm (again, it's explained in the user's guide). The best way to do get what you need is to request a CD-ROM with the right stuff (again, see the User Guide).
http://www.openssl.org/docs/fips/UserGuide-2.0.pdf On Mar 8, 2013, at 2:27 AM, Leon Brits wrote: > Hi list, > > I am not able to enable FIPS mode. FIPS_mode_set(1) fails. > Our build system uses SCons so I hope somebody can help me… > > First: I downloaded openssl-fips-2.0.2 and openssl-1.0.1e and extracted them. > Next: In the openssl-fips-2.0.2 directory I typed: > ./config > make > sudo make install > > This created the directory /usr/local/ssl/fips-2.0 and some other such as the > /usr/local/ssl/include directory > > Next: in the openssl-.1.0.1 directory I typed: > ./config fips > make > sudo make install > > which added some more files and directories to the /usr/local/ssl directory > such as bin and lib. I made a symbolic link to /usr/bin/openssl from > /usr/local/ssl/bin/openssl and “openssl version” reports “OpenSSL 1.0.1e-fips > …”. All seem fine. > > Next: I want to use the static libraries with my app so I added the following > code to SConstruct which compiles my app: > libssl = File('/usr/local/ssl/lib/libssl.a') > libcrypto = File('/usr/local/ssl/lib/libcrypto.a') > env.Append(LIBS = [libssl, libcrypto, ….]) > > as well as prepending the path to the new includes so that it will be used > instead of default installed includes: > > env.Prepend(CPPPATH = > ['/usr/local/ssl/include','/usr/include','/usr/local/include']) > > I also changed my environment compiler variable from cc=”gcc” to cc=”fipsld”. > > The compilation completes successfully, but when I execute the application > simply refuses to enter FIPS mode. > > Any suggestions? (please) > > Thanks > Leon Brits > > > > > Leon Brits > Senior Design Engineer > > > <image001.jpg> > > Work +27 12 678 9740 Fax +27 12 678 9741 > Cell +27 (84) 250 2855 Email [email protected] > Building 10, Manhattan Office Park, 16 Pieter Street, Centurion > Disclaimer ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
