Problem building Linux shared library with static FIPS capable OpenSSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am using following openssl versions
openssl-1.0.2r.tar.gz  
openssl-fips-2.0.5.tar.gz

Following are my files,

foo.c :
[root@data-domain-dev-vm poc]# cat foo.c
#include <stdio.h>
#include <openssl/evp.h>
#include <openssl/err.h>
int foo_func()
{
    int rc, mode;
    mode = FIPS_mode();
    if(mode == 0)
    {
        rc = FIPS_mode_set(1);
        if(rc == 0) {
            printf("Failed to enable FIPS mode, ");
            printf("%s\n",ERR_error_string(ERR_get_error(),NULL));
        } else {
            printf("Enabled FIPS mode");
        }
    }
    else
    {
        printf("Already in FIPS mode");
    }
    return 0;
}

poc.c :
[root@data-domain-dev-vm poc]# cat poc.c
#include <stdio.h>
#include "foo.h"
int main(int argc, char* argv[])
{
    foo_func();
    return 0;
}

Makefile :

[root@data-domain-dev-vm poc]# cat Makefile
OPENSSLDIR = /usr/local/ssl/fips­2.0
OPENSSL_INCLUDEDIR = /root/poc/openssl-1.0.2r/include/
FIPSMODULE = $(OPENSSLDIR)/lib/fipscanister.o
CC = /usr/bin/gcc
FIPSLD = /usr/local/ssl/fips-2.0/bin/fipsld

OBJS = poc.o
LIBCRYPTO = /root/poc/openssl-1.0.2r/libcrypto.a
LIBSSL = /root/poc/openssl-1.0.2r/libssl.a

libfoo.so:
        env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) -fPIC -shared -o libfoo.so foo.c $(LIBCRYPTO) $(LIBSSL) # Working

poc.o:
        /usr/bin/gcc -I$(OPENSSL_INCLUDEDIR) -Wall -c poc.c

POC: libfoo.so $(OBJS)
        env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) $(OBJS) $(LIBCRYPTO) $(LIBSSL) -L/root/poc -lfoo -ldl -o POC #working
        #/usr/bin/gcc $(OBJS) -L/root/poc -lfoo -ldl -o POC  #notworking
        #env FIPSLD_CC=/usr/bin/gcc $(FIPSLD) $(OBJS) -L/root/poc -lfoo -ldl -o POC   #notworking

What I am not able to understand is why any of the red colored lines are not working. when I try to do the FIPS_mode_set() when compiled using red highlighted tex, I get an error  
Failed to enable FIPS mode, error:2D06B06F:lib(45):func(107):reason(111)

I actually want to compile  the POC application without  $(LIBCRYPTO) and $(LIBSSL) what can be the done to have $(LIBCRYPTO) and $(LIBSSL) linked to only foo.so and POC application can only use foo.so for successful operation. 

Some more details:
[root@data-domain-dev-vm poc]# OPENSSL_FIPS=1 openssl md5 /dev/null
Error setting digest md5
140539482445728:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256:
[root@data-domain-dev-vm poc]# OPENSSL_FIPS=1 openssl sha1 /dev/null
SHA1(/dev/null)= da39a3ee5e6b4b0d3255bfef95601890afd80709

Any help is appreciated, Please let me know where in code i am going wrong. 

Thanks a lot,
Pankaj
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux