openssl FIPS on linux - Openssl

This is a discussion on openssl FIPS on linux - Openssl ; Hi all, I want to use FIPS mode under linux. With openssl-0.9.8o, I typed "./config fipscanisterbuild" and then typed "make". The compile successful. Then I did a test about fips, below is my test code (main.cpp): #include #include #include int ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: openssl FIPS on linux

  1. openssl FIPS on linux

    Hi all,

    I want to use FIPS mode under linux. With openssl-0.9.8o, I typed "./config fipscanisterbuild" and then typed "make". The compile successful.

    Then I did a test about fips, below is my test code (main.cpp):
    #include
    #include
    #include
    int main(int argc, char *argv[])
    {
    OpenSSL_add_all_algorithms();
    #ifdef OPENSSL_FIPS
    std::cout << "OPENSSL_FIPS be defined" << std::endl;
    bool bRet = FIPS_mode();
    if(bRet)
    {
    std::cout << "Already in fips mode" << std::endl;
    }
    else
    {
    bRet = FIPS_mode_set(1);
    if(bRet)
    std::cout << "FIPS mode set ok" << std::endl;
    else
    std::cout << "FIPS mode set failed" << std::endl;
    }
    #else
    std::cout << "OPENSSL_FIPS not be defined" << std::endl;
    #endif
    return 0;
    }

    And my Makefile is like:
    XX = g++
    CFLAGS = -DOPENSSL_FIPS -I/usr/local/openssl-0.9.8o/include
    LDFLAGS = --enable-auto-import -L/usr/local/openssl-0.9.8o/lib -Wl,-Bstatic -lssl -lcrypto -Wl,-Bdynamic -ldl

    TARGET = ./test
    %.o : %.cpp
    $(XX) $(CFLAGS) -c $< -o $@ -g

    SOURCES = $(wildcard *.c *.cpp)
    OBJS = $(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES)))

    $(TARGET) : $(OBJS)
    $(XX) $(OBJS) -o $(TARGET) $(LDFLAGS)
    chmod a+x $(TARGET)

    clean:
    rm $(OBJS)

    And the output is:
    xxx@xxx-desktop:~/test$ ./test
    OPENSSL_FIPS be defined
    FIPS mode set failed

    Can anyone see where I have made mistakes? Any suggestion would be much appreciated.

    Best Regards,
    rentt

  2. Re: openssl FIPS on linux

    this issue has been solved, below are my steps:
    1) compile and install openssl0.9.8o
    1-1) type "./config fipscanisterbuild"
    1-2) type "make"
    1-3) type "make install", the openssl with fips will be installed at "usr/local/ssl/fips" as default

    2) add "/usr/local/ssl/fips/bin" to the environment variable PATH.

    3) modify Makefile to this:
    XX = g++
    FIPSLD=fipsld

    CFLAGS = -I/usr/local/ssl/fips/include
    LDFLAGS = -lstdc++ -L/usr/local/ssl/fips/lib -Wl, -Bstatic -lssl -lcrypto -Wl, -Bdynamic -ldl

    TARGET = ./test

    %.o : %.cpp
    $(XX) $(CFLAGS) -c $< -o $@ -g

    SOURCES = $(wildcard *.c *.cpp)
    OBJS = $(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES)))

    $(TARGET) : $(OBJS)
    $(FIPSLD) $(OBJS) -o $(TARGET) $(LDFLAGS)
    chmod a+x $(TARGET)

    clean:
    rm $(OBJS)

    4) make with "make CC=fipsld FIPSLD_CC=gcc"

    That is all, hope it will be helpful.

+ Reply to Thread