I recompiled with dynamic libraries and after linking to them the program runs
without issue. I'll keep trying to hunt down the issues with the static libs.
Thanks for the help.
Thanks,
Matt Heimlich
Linux Security Engineer
SteelCloud LLC
703.999.4346
On Mon, Oct 10, 2016, Matthew Heimlich wrote:
> $openssl version
>
> returns:
>
> OpenSSL 1.0.2j-fips
>
> My FIPS module version is openssl-fips-2.0.13
>
> $OPENSSL_FIPS=1 openssl md5 /dev/null
>
> returns:
>
> Error setting digest md5
> 140066569107136:error:060A80A3:digital envelope
>
$openssl version
returns:
OpenSSL 1.0.2j-fips
My FIPS module version is openssl-fips-2.0.13
$OPENSSL_FIPS=1 openssl md5 /dev/null
returns:
Error setting digest md5
140066569107136:error:060A80A3:digital envelope
routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:
$OPENSSL_FIPS=1
On Fri, Oct 07, 2016, Matthew Heimlich wrote:
> Which returns
>
>
> Attempting to set FIPS mode to 1...
> Last error was: 2d06b06f
> FIPS_mode_set failed: 2d06b06f
> FIPS mode is: 0???
>
> So it would appear that my FIPS mode is never even being set, and walking
> through the code would seem
Running fails specifically on the line:
if(1 != EVP_EncryptFinal_ex(ctx, ciphertext + len, )) handleErrors();
Although I've added some additional debugging code at this point, including
this function:
int Check_Enable_FIPS(void)
{
int mode = FIPS_mode();
int ret = 0;
unsigned
Matt,
What part of the selftest fails? Can you step through it with a debugger?
Cheers,
Ethan
On Fri, Oct 7, 2016 at 10:56 AM, Matthew Heimlich
wrote:
> I'm on RHEL7. I've got a very simple encryption/decryption program that
> works fine without FIPS support