FIPS_mode_set(1)错误:00000000:lib(0):func(0):reason(0)

时间:2015-12-27 19:30:05

标签: openssl fips

我正在尝试使用以下代码启用FIPS模式:

#include <openssl/crypto.h>
#include <openssl/err.h>
#include <stdio.h>

int main ( int argc, char *argv[] )
{
#ifdef OPENSSL_FIPS 
    int mode, result;

    // Get FIPS mode
    if(strcmp("get",argv[1]) == 0)
    {
        mode = FIPS_mode();
        if(mode == 0)
        {
            printf("*** FIPS module is disabled. ***\n");
        }
        if(mode == 1)
        {
            printf("*** FIPS module is enabled. ***\n");
        }
    }

    // Set FIPS mode
    else if(strcmp("set",argv[1]) == 0)
    {
        if(strcmp("0",argv[2]) == 0)
        {
            printf("*** Disabling FIPS module. ***\n");
            result = FIPS_mode_set(0);
            if(result != 1)
            {
                ERR_load_crypto_strings();
                printf("*** Failed to disable FIPS module. ***\n"); 
                printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
                return 1;
            }
        }
        else if (strcmp("1",argv[2]) == 0)
        {
            printf("*** Enabling FIPS module. ***\n");
            result = FIPS_mode_set(1);  
            if(result != 1)
            {
                ERR_load_crypto_strings();
                printf("*** Failed to enable FIPS module. ***\n");  
                printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
                return 1;
            }   
        }
        else
        {
            printf("*** Error: unsupported option. ***\n");
            return 1;
        }
    }

    // Unsupported option
    else
    {
        printf("*** Error: unsupported option. ***\n");
        return 1;
    }

    return 0;

#else 
        printf("OPENSSL_FIPS is not defined"); 

#endif //OPENSSL_FIPS 
}   

使用此Makefile:

CC=gcc
OPENSSLDIR=/usr/local/ssl
LIBS=$(OPENSSLDIR)/lib/libcrypto.a $(OPENSSLDIR)/lib/libssl.a -ldl 
INCLUDES=-I$(OPENSSLDIR)/include
CMD=fipsctl

OBJS=$(CMD).o

$(CMD): $(OBJS)
    FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS) -ldl \
    $(LIBS)

$(OBJS): $(CMD).c
    $(CC) -c $(CMD).c $(INCLUDES)

clean:
    rm -Rf *.o $(CMD)

它编译没有错误。当我尝试启用FIPS模式时,我得到了这个输出:

arm:~/nitere/new$ ./fipsctl set 1
*** Enabling FIPS module. ***
*** Failed to enable FIPS module. ***
error:00000000:lib(0):func(0):reason(0)

但FIPS仍然被禁用:

arm:~/nitere/new$ ./fipsctl get
*** FIPS module is disabled. ***

有人知道出了什么问题吗?

任何提示都会非常有用,

感谢。

0 个答案:

没有答案