|
Re: openssl-1.0.2r Re: openssl-fips-2.0.16 OS: Linux Mint 19.1 (Ubuntu) I have added a shared library initializer function to cryptlib.c to force OpenSSL into FIPS mode, without requiring a “module operator” to directly initiate (i.e. call FIPS_mode_set(1)). void __attribute__((constructor)) ForceFIPSModeOn() { FIPS_mode_set(1); FIPS_selftest_check(); } The build fails shortly after creating the executable ‘fips_premain_dso’. fips.c(140): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE Aborted (core dumped) I traced the problem to a failed FIPS_check_incore_fingerprint call. The embedded signature appears uninitialized: Starting FIPS_selftest I am at a loss to explain what is happening. Is my initializer running before the embedded sig is loaded? Or is there another issue. If I remove the call to FIPS_selftest_check(), the link completes, but the selftest still fails, when it is initiated from the initializer. A “module operator” can still use the libcrypto.so services, because all subsequent selftests pass. How can I get my module initializer to pass the selftest? Sent from Mail for Windows 10 |
