Thank you - that was my problem
On Tue, Nov 15, 2011 at 9:43 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > On Mon, Nov 14, 2011, Kevin Fowler wrote: > >> Hi, >> I successfully built the FIPS 2.0 module (20111110), its tests passed, and >> it was installed correctly in /usr/local/ssl/fips-2.0. >> >> I then build openssl 1.0.1 (20111110): >> >> ./config fips shared >> make >> >> which all seems to go ok >> >> Then I do: >> make test >> >> and eventually get this error: >> >> ... >> Testing key generation with NIST Binary-Curve B-571 .... ok >> cat >> base64 >> aes-128-cbc >> 3086473868:error:060A80A3:digital envelope >> routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: >> bad decrypt >> 3086592652:error:060A80A3:digital envelope >> routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: >> 3086592652:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad >> decrypt:evp_enc.c:535: >> ./p ./p.aes-128-cbc.clear differ: byte 1, line 1 >> make[1]: *** [test_enc] Error 1 >> >> It appears that EVP_MD_CTX_FLAG_NON_FIPS_ALLOW flag is not getting set, but >> I'm not familiar enough yet with the code to understand what I may be doing >> wrong. I have OPENSSL_FIPS set to 1 in my environment. I am >> building/running on CentOS 5.6. >> > > Don't set OPENSSL_FIPS=1 before calling "make test" as not all the tests work > in FIPS mode. > > The tests will swicth to FIPS mode themselves if this is being tested. Though > currently only a TLS test does this. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
