On Wed, Feb 29, 2012, Jacob White wrote: > Using windows I have compiled an tested the fips 2.0 module and it is good. > I then compile and build the fips compatible openssl-1.0.1 with the fips > option and run the built in tests. Every thing is fine. I then add the > openssl-1.0.1\out32dll into my system path. > > with 7zip i extract the compressed files > using visual studio command prompt I cd to the openssl-fips-2.0 folder > set fipsdir=c:\fips_dir > set tmp=c:\tmp_dir > ms\do_fips > out32dll\fips_test_suite (passes) > then cd to openssl-1.0.1 beta2 folder > ms\do_nasm > nmake -f ms\ntdll.mak > nmake -f ms\ntdll.mak test (passes) > > > The problem here is when I run my application I make a reference to the > libeay32.dll and call FIPS_mode_set(1) and FIPS_mode_set(2) but both return > 0. No matter what I seem to do I cannot get a call to FIPS_mode() to return > 1. If I call FIPS_mode_set(0) it returns 1. I have also tried calling > OPENSSL_init() and RAND_init_fips() with no luck. > > I have read the user guide with no luck: > http://www.openssl.org/docs/fips/UserGuide.pdf >
What is the exact procedure you are using to build the FIPS capable OpenSSL? Do you get an error message for FIPS_mode_set(1)? If so what is it. Check the output of "openssl version -a" for the FIPS capable OpenSSL. Also try entering FIPS mode in the openssl utility something like this: set OPENSSL_FIPS=1 openssl md5 README <should fail saying algorithm is disabled> openssl sha1 README <should be OK> Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
