I tried
export LD_LIBRARY_PATH=/usr/local/ssl/fips
and
export LD_LIBRARY_PATH=/usr/local/ssl/fips/bin
and
export LD_LIBRARY_PATH=/usr/local/ssl/fips-1.0
and all three failed to avert the assertion failure. How can I be
assured that the FIPS library is being run? Self-tests seem to run and
pass when I call this function with enable set to true. I get the
response of FIPS mode enabled and FIPS_mode=1.
void enable_fips(int enable)
{
#ifdef OPENSSL_FIPS
printf("Please standby while FIPS self-tests are in progress\n");
if(FIPS_mode_set(enable))
{
printf("FIPS mode enabled\n");
}
else
{
printf("FIPS mode failed to enable\n");
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
printf("FIPS mode=%d\n", FIPS_mode());
#else
printf("FIPS mode disabled\n");
#endif
}
Here is my build script which completely removes and rebuilds the
openssl libraries. What am I doing wrong that is preventing it from
creating the shared library as it should be? ldd/bin/ls does not show
the openssl.so shared file.
#! /bin/sh
cd /usr/src
# Remove current directories
echo Removing current directories
rm -r -d openssl
rm -r -d openssl-fips
rm -r -d /usr/local/ssl
# Unpack FIPS OpenSSL
tar -xzvf openssl-fips-1.2.tar.gz
mv openssl-fips-1.2 openssl-fips
# Unpack versioned OpenSSL
tar -xzvf openssl-0.9.8k.tar.gz
mv openssl-0.9.8k openssl
# Build and install FIPS object module
cd openssl-fips
./config fipscanisterbuild no-asm
make
make install
# Build and install versioned OpenSSL
cd ../openssl
./config fips shared
make
make install
# Testing OpenSSL
cd test
./fips_test_suite
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
