Hi, I successfully built the FIPS 2.0 module (20111110), its tests passed, and it was installed correctly in /usr/local/ssl/fips-2.0.
I then build openssl 1.0.1 (20111110): ./config fips shared make which all seems to go ok Then I do: make test and eventually get this error: ... Testing key generation with NIST Binary-Curve B-571 .... ok cat base64 aes-128-cbc 3086473868:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: bad decrypt 3086592652:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: 3086592652:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:535: ./p ./p.aes-128-cbc.clear differ: byte 1, line 1 make[1]: *** [test_enc] Error 1 It appears that EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag is not getting set, but I'm not familiar enough yet with the code to understand what I may be doing wrong. I have OPENSSL_FIPS set to 1 in my environment. I am building/running on CentOS 5.6. Thanks, Kevin