On Wed, Mar 03, 2010, Dr. Stephen Henson wrote: > On Tue, Mar 02, 2010, Vikram Arwade wrote: > > > Does anyone have pointer to this? > > > > Am running into a issue where I am trying to set FIPS_set_mode(1) in > > shared library on HP PA64(11.11) system, but it fails with FINGER_PRINT > > error. But if I set it in binary(executable) it works fine. > > > > > > > > Any pointer really appreciated. > > > > What kind of shared library? Is it the standard OpenSSL libcrypto shared > library? I'd suggest building an OpenSSL shared library and trying: > > OPENSSL_FIPS=1 openssl sha1 /dev/null > OPENSSL_FIPS=1 openssl md5 /dev/null > > The first operation should succeed and the second fail with and error that the > algorithm is prohibited in FIPS mode. You may need to set some environment > variables so the correct shared library is used or the standard OpenSSL script > util/shlib_wrap.sh so you'd do: > > OPENSSL_FIPS=1 util/shlib_wrap.sh openssl sha1 /dev/null > OPENSSL_FIPS=1 util/shlib_wrap.sh openssl md5 /dev/null > >
Correction, in the OpenSSL source tree you'd need: OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl sha1 /dev/null OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl md5 /dev/null Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
