Hi all, I'm trying to compile a FIPS-capable version of OpenSSL on Ubuntu 12.04, based on the latest debian package from Ubuntu (1.0.1-4ubuntu5.16).
I've successfully built the openssl-fips module and it's installed, and I added the 'fips' option to the config call. However, during testing, the package fails, seemingly while running 'testfipsssl'. Looking through the Makefile, it looks like it's invoking this script. Is this something that I should just set the Makefile to skip? All the other tests leading up to this seem to work fine, but I'm wondering if perhaps this test case doesn't detect fips mode properly, and shouldn't be running? Any feedback would be greatly appreciated - pretty new to rolling my own OpenSSL, so want to verify that I'm not doing something very wrong to arrive at this issue. Thanks, Kevin ===== tail end of compilation log including failures begins below, for reference ====== test SSL protocol test ssl3 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression 47734540707488:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1690: 47734540707488:error:140A9129:SSL routines:SSL_CTX_new:only tls allowed in fips mode:ssl_lib.c:1690: test ssl2 is forbidden in FIPS mode *** IN FIPS MODE *** Available compression methods: 1: zlib compression fips_enc.c(100): OpenSSL internal error, assertion failed: Cipher ctrl previous FIPS forbidden algorithm error ignored Aborted test tls1 *** IN FIPS MODE *** Available compression methods: 1: zlib compression fips_enc.c(100): OpenSSL internal error, assertion failed: Cipher ctrl previous FIPS forbidden algorithm error ignored Aborted make[2]: *** [test_ssl] Error 1 make[2]: Leaving directory `/tmp/buildd/openssl-1.0.1/test' make[1]: *** [tests] Error 2 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
