Hi, I am using following openssl versions openssl-1.0.2r.tar.gz openssl-fips-2.0.5.tar.gz
Following are my files, *foo.c* : [root@data-domain-dev-vm poc]# cat foo.c #include <stdio.h> #include <openssl/evp.h> #include <openssl/err.h> int foo_func() { int rc, mode; mode = FIPS_mode(); if(mode == 0) { rc = FIPS_mode_set(1); if(rc == 0) { printf("Failed to enable FIPS mode, "); printf("%s\n",ERR_error_string(ERR_get_error(),NULL)); } else { printf("Enabled FIPS mode"); } } else { printf("Already in FIPS mode"); } return 0; } *poc.c* : [root@data-domain-dev-vm poc]# cat poc.c #include <stdio.h> #include "foo.h" int main(int argc, char* argv[]) { foo_func(); return 0; } *Makefile* : [root@data-domain-dev-vm poc]# cat Makefile OPENSSLDIR = /usr/local/ssl/fipsĀ2.0 OPENSSL_INCLUDEDIR = /root/poc/openssl-1.0.2r/include/ FIPSMODULE = $(OPENSSLDIR)/lib/fipscanister.o CC = /usr/bin/gcc FIPSLD = /usr/local/ssl/fips-2.0/bin/fipsld OBJS = poc.o LIBCRYPTO = /root/poc/openssl-1.0.2r/libcrypto.a LIBSSL = /root/poc/openssl-1.0.2r/libssl.a libfoo.so: env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) -fPIC -shared -o libfoo.so foo.c $(LIBCRYPTO) $(LIBSSL) # Working poc.o: /usr/bin/gcc -I$(OPENSSL_INCLUDEDIR) -Wall -c poc.c POC: libfoo.so $(OBJS) env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) $(OBJS) $(LIBCRYPTO) $(LIBSSL) -L/root/poc -lfoo -ldl -o POC #working #/usr/bin/gcc $(OBJS) -L/root/poc -lfoo -ldl -o POC #notworking #env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) $(OBJS) -L/root/poc -lfoo -ldl -o POC #notworking What I am not able to understand is why any of the red colored lines are not working. when I try to do the FIPS_mode_set() when compiled using red highlighted tex, I get an error Failed to enable FIPS mode, error:2D06B06F:lib(45):func(107):reason(111) I actually want to compile the POC application without $(LIBCRYPTO) and $(LIBSSL) what can be the done to have $(LIBCRYPTO) and $(LIBSSL) linked to only foo.so and POC application can only use foo.so for successful operation. Some more details: [root@data-domain-dev-vm poc]# OPENSSL_FIPS=1 openssl md5 /dev/null Error setting digest md5 140539482445728:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256: [root@data-domain-dev-vm poc]# OPENSSL_FIPS=1 openssl sha1 /dev/null SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709 Any help is appreciated, Please let me know where in code i am going wrong. Thanks a lot, Pankaj