>From the command prompt I run: openssl version -a Error: "5156:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:.\fips\fips.c:229:"
set OPENSSL_FIPS=1 openssl md5 README Error: "2456:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:.\fips\fips.c:229:" openssl sha1 README Error: "2560:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:.\fips\fips.c:229:" My exact build procedure is: with 7zip i extract the compressed files using visual studio command prompt I cd to the openssl-fips-2.0 folder set fipsdir=c:\fips_dir (Existing Empty folder) set tmp=c:\tmp_dir (Existing Empty folder) ms\do_fips out32dll\fips_test_suite (passes) then cd to openssl-1.0.1 beta2 folder ms\do_nasm nmake -f ms\ntdll.mak nmake -f ms\ntdll.mak test (passes) On Wed, Feb 29, 2012 at 11:49 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Wed, Feb 29, 2012, Jacob White wrote: > > > Using windows I have compiled an tested the fips 2.0 module and it is > good. > > I then compile and build the fips compatible openssl-1.0.1 with the fips > > option and run the built in tests. Every thing is fine. I then add the > > openssl-1.0.1\out32dll into my system path. > > > > with 7zip i extract the compressed files > > using visual studio command prompt I cd to the openssl-fips-2.0 folder > > set fipsdir=c:\fips_dir > > set tmp=c:\tmp_dir > > ms\do_fips > > out32dll\fips_test_suite (passes) > > then cd to openssl-1.0.1 beta2 folder > > ms\do_nasm > > nmake -f ms\ntdll.mak > > nmake -f ms\ntdll.mak test (passes) > > > > > > The problem here is when I run my application I make a reference to the > > libeay32.dll and call FIPS_mode_set(1) and FIPS_mode_set(2) but both > return > > 0. No matter what I seem to do I cannot get a call to FIPS_mode() to > return > > 1. If I call FIPS_mode_set(0) it returns 1. I have also tried calling > > OPENSSL_init() and RAND_init_fips() with no luck. > > > > I have read the user guide with no luck: > > http://www.openssl.org/docs/fips/UserGuide.pdf > > > > What is the exact procedure you are using to build the FIPS capable > OpenSSL? > > Do you get an error message for FIPS_mode_set(1)? If so what is it. > > Check the output of "openssl version -a" for the FIPS capable OpenSSL. Also > try entering FIPS mode in the openssl utility something like this: > > set OPENSSL_FIPS=1 > openssl md5 README > <should fail saying algorithm is disabled> > openssl sha1 README > <should be OK> > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
