On Wed, Feb 20, 2013, Rickard Binnare wrote: > > > So FIPS_mode_set() cannot succeed if FIPS_selftest() fails, for static > > or dynamic linking. > No this is not the case on the windows platform. > Tested on a Windows 7 machine using Visual Studio 2010 with OpenSSL.1.0.1.c > and OpenSSL-Fips-2.0. > The FIPS_mode_set() succeeds but FIPS_selftest() fails. The FIPS_mode_set > method should not succeed as you have stated above if FIPS_selftest fails. > FIPS_selftest > clearly works when it is called in the call chain starting > with FIPS_mode_set, but not otherwise. I think this > has to do with how Windows handles loading and mapping of DLL:s. > I recommend trying this, if you do not believe me. > > Here is a minimalistic test program that displays this anomaly. Dynamic > linked. It could easily be modified to show > OpenSSL error msgs. But I try to keep it short. >
You say it is "dynamic linked". How are you actually handling that? Are you linking to libeay32.dll only or fipscanister.lib too? I've known cases where FIPS_selftest appears to fail on non-Windows platforms because the application was linked against a shared library and fipscanister: effectively there were two instances of fipscanister which were confusing the hell out of each other. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
