LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices



Reply
 
Search this Thread
Old 08-18-2010, 10:06 PM   #1
kevin747
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Rep: Reputation: 0
How to use openssl fips mode on Linux


Hi all,

I want to use FIPS mode under linux. With openssl-0.9.8o, I typed "./config fipscanisterbuild" and then typed "make". The compile successful.
Then I did a test about fips, below is my test code (main.cpp):
#include <iostream>
#include <openssl/ssl.h>
#include <openssl/fips.h>
int main(int argc, char *argv[])
{
OpenSSL_add_all_algorithms();
#ifdef OPENSSL_FIPS
std::cout << "OPENSSL_FIPS be defined" << std::endl;
bool bRet = FIPS_mode();
if(bRet)
std::cout << "Already in fips mode" << std::endl;
else
{
bRet = FIPS_mode_set(1);
if(bRet)
std::cout << "FIPS mode set ok" << std::endl;
else
std::cout << "FIPS mode set failed" << std::endl;
}
#else
std::cout << "OPENSSL_FIPS not be defined" << std::endl;
#endif
return 0;
}


And my Makefile is like:
XX = g++
CFLAGS = -DOPENSSL_FIPS -I/usr/local/openssl-0.9.8o/include
LDFLAGS = --enable-auto-import -L/usr/local/openssl-0.9.8o/lib -Wl, -Bstatic -lssl -lcrypto -Wl, -Bdynamic -ldl

TARGET = ./test

%.o : %.cpp
$(XX) $(CFLAGS) -c $< -o $@ -g

SOURCES = $(wildcard *.c *.cpp)
OBJS = $(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES)))

$(TARGET) : $(OBJS)
$(XX) $(OBJS) -o $(TARGET) $(LDFLAGS)
chmod a+x $(TARGET)

clean:
rm $(OBJS)


And the output is:
xxx@xxx-desktop:~/test$ ./test
OPENSSL_FIPS be defined
FIPS mode set failed


Can anyone see where I have made mistakes? Any suggestion would be much appreciated.

Best Regards,
rentt
 
Old 08-22-2010, 10:18 AM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
Doesn't FIPS_mode_set() return 0 on success? You seem to have the condition wrong.
 
Old 08-27-2010, 11:07 AM   #3
kevin747
LQ Newbie
 
Registered: Aug 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Hi Mara,

If the fips mode be setted, the function FIPS_mode_set() will be return 1(true).
I followd the The OpenSSL FIPS User Guide and solved this issue.
Here is the step:
1) add /usr/local/ssl/fips/bin to the environment variable PATH.
2) modify the Makefile to this:
XX = g++
FIPSLD=fipsld

CFLAGS = -I/usr/local/ssl/fips/include
LDFLAGS = -lstdc++ -L/usr/local/ssl/fips/lib -Wl, -Bstatic -lssl -lcrypto -Wl, -Bdynamic -ldl

TARGET = ./test

%.o : %.cpp
$(XX) $(CFLAGS) -c $< -o $@ -g

SOURCES = $(wildcard *.c *.cpp)
OBJS = $(patsubst %.c,%.o,$(patsubst %.cpp,%.o,$(SOURCES)))

$(TARGET) : $(OBJS)
$(FIPSLD) $(OBJS) -o $(TARGET) $(LDFLAGS)
chmod a+x $(TARGET)

clean:
rm $(OBJS)


3)when do make, type "make CC=fipsld FIPSLD_CC=gcc"
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Looking for a FIPS certified IPsec VPN Client for Ubuntu & other Linux flavors honeydog Linux - Software 0 06-12-2009 01:04 PM
fdisk in small linux will not recognize partitions made by FIPS in DOS linuxnovo Linux - Software 6 03-08-2009 10:03 PM
rhel5 openssl-fips apache2 frndrfoe Linux - Server 0 04-09-2008 12:55 PM
LXer: OpenSSL receives FIPS certification LXer Syndicated Linux News 0 01-24-2006 07:16 AM
upgrading openssl using tarballs and console mode Ian_Hawdon Slackware 2 12-17-2005 03:46 AM


All times are GMT -5. The time now is 02:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration