On Tue, Mar 02, 2010, Vikram Arwade wrote: > Does anyone have pointer to this? > > Am running into a issue where I am trying to set FIPS_set_mode(1) in > shared library on HP PA64(11.11) system, but it fails with FINGER_PRINT > error. But if I set it in binary(executable) it works fine. > > > > Any pointer really appreciated. >
What kind of shared library? Is it the standard OpenSSL libcrypto shared library? I'd suggest building an OpenSSL shared library and trying: OPENSSL_FIPS=1 openssl sha1 /dev/null OPENSSL_FIPS=1 openssl md5 /dev/null The first operation should succeed and the second fail with and error that the algorithm is prohibited in FIPS mode. You may need to set some environment variables so the correct shared library is used or the standard OpenSSL script util/shlib_wrap.sh so you'd do: OPENSSL_FIPS=1 util/shlib_wrap.sh openssl sha1 /dev/null OPENSSL_FIPS=1 util/shlib_wrap.sh openssl md5 /dev/null Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
