I read about FIPS kernel support. It is necessary? My system doesn't have the /proc/sys/crypto/fips_enabled file.
From: marcosbontempo@xxxxxxxxxxx
To: openssl-users at openssl.org
Date: Sun, 3 Jan 2016 14:24:45 -0200
Subject: Re: FIPS_mode_set(1) error:00000000:lib(0):func(0):reason(0)
I'm getting the code 0 but the FIPS mode still is disabled.#include <openssl/crypto.h>#include <openssl/err.h>#include <stdio.h>int main ( int argc, char *argv[] ){ int rc, mode; mode = FIPS_mode(); if(mode == 0) { rc = FIPS_mode_set(1); ERR_load_crypto_strings(); printf("%s\n", ERR_error_string(ERR_get_error(), NULL)); } else { printf("Already in FIPS mode\n"); } return 0;} Every time I run it I get error:00000000:lib(0):func(0):reason(0).
> Date: Sun, 3 Jan 2016 10:54:19 -0500
> Subject: Re: [openssl-users] FIPS_mode_set(1) error:00000000:lib(0):func(0):reason(0)
> From: noloader at gmail.com
> To: marcosbontempo at hotmail.com
>
> On Sun, Jan 3, 2016 at 10:48 AM, Marcos Bontempo
> <marcosbontempo at hotmail.com> wrote:
> > Thanks for the answer! The function ERR_get_error() is returning 0x00000000.
> > Do you know what it means?
>
> I believe it means success.
>
> > I used the command you suggested:
> >
> > arm:~/nitere/new$ openssl errstr 0x00000000
> > error:00000000:lib(0):func(0):reason(0)
>
> You should run the command on the error code you receive immediately
> after calling FIPS_mode_set.
>
> Or, use ERR_print_errors() to print the entire error stack.
>
> You should probably reduce your testing to something simpler until you
> figure out what's going on. Maybe somethin glike
> https://wiki.openssl.org/index.php/Fipsld_and_C%2B%2B#The_C.2B.2B_Program
> .
>
> Jeff
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160104/a6c65648/attachment.html>
