[openssl-users] FIPS_mode_set(1) error:00000000:lib(0):func(0):reason(0)

Sun, 27 Dec 2015 11:31:11 -0800 


Hello, 
I'm trying to enable FIPS mode with this 
code:__________________________________________________________________#include 
<openssl/crypto.h>#include <openssl/err.h>#include <stdio.h>
int main ( int argc, char *argv[] ){#ifdef OPENSSL_FIPS         int mode, 
result;
        // Get FIPS mode        if(strcmp("get",argv[1]) == 0)  {               
mode = FIPS_mode();             if(mode == 0)           {                       
printf("*** FIPS module is disabled. ***\n");           }               if(mode 
== 1)           {                       printf("*** FIPS module is enabled. 
***\n");            }       }               // Set FIPS mode        else 
if(strcmp("set",argv[1]) == 0)     {               if(strcmp("0",argv[2]) == 0) 
           {                       printf("*** Disabling FIPS module. ***\n");  
                   result = FIPS_mode_set(0);                      if(result != 
1)                 {                               ERR_load_crypto_strings();   
                           printf("*** Failed to disable FIPS module. ***\n");  
                                   printf("%s\n", 
ERR_error_string(ERR_get_error(), NULL));                                return 
1;                       }               }               else if 
(strcmp("1",argv[2]) == 0)              {                       printf("*** 
Enabling FIPS module. ***\n");                      result = FIPS_mode_set(1);  
                            if(result != 1)                 {                   
            ERR_load_crypto_strings();                              printf("*** 
Failed to enable FIPS module. ***\n");                                      
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));                        
        return 1;                       }                       }               
else            {                       printf("*** Error: unsupported option. 
***\n");                 return 1;               }       }
        // Unsupported option   else    {               printf("*** Error: 
unsupported option. ***\n");         return 1;       }
        return 0;
#else         printf("OPENSSL_FIPS is not defined"); 
#endif //OPENSSL_FIPS }   
__________________________________________________________________
And with this Makefile:
__________________________________________________________________CC=gccOPENSSLDIR=/usr/local/sslLIBS=$(OPENSSLDIR)/lib/libcrypto.a
 $(OPENSSLDIR)/lib/libssl.a -ldl INCLUDES=-I$(OPENSSLDIR)/includeCMD=fipsctl
OBJS=$(CMD).o
$(CMD): $(OBJS) FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS) -ldl 
\       $(LIBS)
$(OBJS): $(CMD).c       $(CC) -c $(CMD).c $(INCLUDES)
clean:  rm -Rf *.o 
$(CMD)__________________________________________________________________
It compiles without errors. When I try to enable FIPS mode, I get this output:
arm:~/nitere/new$ ./fipsctl set 1*** Enabling FIPS module. ****** Failed to 
enable FIPS module. ***error:00000000:lib(0):func(0):reason(0)
But FIPS is still disabled:
arm:~/nitere/new$ ./fipsctl get*** FIPS module is disabled. ***
Does somebody knows what is wrong?
Any tip will be very helpful,Thanks.

                                          
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users






















					Reply via email to