$openssl version returns:
OpenSSL 1.0.2j-fips My FIPS module version is openssl-fips-2.0.13 $OPENSSL_FIPS=1 openssl md5 /dev/null returns: Error setting digest md5 140066569107136:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: $OPENSSL_FIPS=1 openssl sha1 /dev/null returns: SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709 Do that appears to be working correctly. Thanks, Matt Heimlich ________________________________________ From: openssl-users <openssl-users-boun...@openssl.org> on behalf of Dr. Stephen Henson <st...@openssl.org> Sent: Monday, October 10, 2016 8:44 AM To: openssl-users@openssl.org Subject: Re: [openssl-users] Building an application with OpenSSL and FIPS support. On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f > FIPS mode is: 0??? > > So it would appear that my FIPS mode is never even being set, and walking > through the code would seem to confirm this. In addition, the error code > doesn't seem to be present in the FIPS documentation, but errstr informs me > that it is > > > error:2D06B06F:FIPS routines:DSA_BUILTIN_PARAMGEN2:fingerprint does not match > nonpic relocated??? > > Any tips on where to go from here? > Which versions of the FIPS module and OpenSSL are you using? In the FIPS capable OpenSSL try this: OPENSSL_FIPS=1 openssl md5 /dev/null OPENSSL_FIPS=1 openssl sha1 /dev/null Please give details of any errors you get. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
