$openssl version returns: OpenSSL 1.0.2j-fips My FIPS module version is openssl-fips-2.0.13 $OPENSSL_FIPS=1 openssl md5 /dev/null returns: Error setting digest md5 140066569107136:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: $OPENSSL_FIPS=1 openssl sha1 /dev/null returns: SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709 Do that appears to be working correctly. Thanks, Matt Heimlich ________________________________________ From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> on behalf of Dr. Stephen Henson <steve@xxxxxxxxxxx> Sent: Monday, October 10, 2016 8:44 AM To: openssl-users at openssl.org Subject: Re: Building an application with OpenSSL and FIPS support. On Fri, Oct 07, 2016, Matthew Heimlich wrote: > Which returns > > > Attempting to set FIPS mode to 1... > Last error was: 2d06b06f > FIPS_mode_set failed: 2d06b06f > FIPS mode is: 0??? > > So it would appear that my FIPS mode is never even being set, and walking through the code would seem to confirm this. In addition, the error code doesn't seem to be present in the FIPS documentation, but errstr informs me that it is > > > error:2D06B06F:FIPS routines:DSA_BUILTIN_PARAMGEN2:fingerprint does not match nonpic relocated??? > > Any tips on where to go from here? > Which versions of the FIPS module and OpenSSL are you using? In the FIPS capable OpenSSL try this: OPENSSL_FIPS=1 openssl md5 /dev/null OPENSSL_FIPS=1 openssl sha1 /dev/null Please give details of any errors you get. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
