我正在尝试使用以下代码启用FIPS模式:
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <stdio.h>
int main ( int argc, char *argv[] )
{
#ifdef OPENSSL_FIPS
int mode, result;
// Get FIPS mode
if(strcmp("get",argv[1]) == 0)
{
mode = FIPS_mode();
if(mode == 0)
{
printf("*** FIPS module is disabled. ***\n");
}
if(mode == 1)
{
printf("*** FIPS module is enabled. ***\n");
}
}
// Set FIPS mode
else if(strcmp("set",argv[1]) == 0)
{
if(strcmp("0",argv[2]) == 0)
{
printf("*** Disabling FIPS module. ***\n");
result = FIPS_mode_set(0);
if(result != 1)
{
ERR_load_crypto_strings();
printf("*** Failed to disable FIPS module. ***\n");
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return 1;
}
}
else if (strcmp("1",argv[2]) == 0)
{
printf("*** Enabling FIPS module. ***\n");
result = FIPS_mode_set(1);
if(result != 1)
{
ERR_load_crypto_strings();
printf("*** Failed to enable FIPS module. ***\n");
printf("%s\n", ERR_error_string(ERR_get_error(), NULL));
return 1;
}
}
else
{
printf("*** Error: unsupported option. ***\n");
return 1;
}
}
// Unsupported option
else
{
printf("*** Error: unsupported option. ***\n");
return 1;
}
return 0;
#else
printf("OPENSSL_FIPS is not defined");
#endif //OPENSSL_FIPS
}
使用此Makefile:
CC=gcc
OPENSSLDIR=/usr/local/ssl
LIBS=$(OPENSSLDIR)/lib/libcrypto.a $(OPENSSLDIR)/lib/libssl.a -ldl
INCLUDES=-I$(OPENSSLDIR)/include
CMD=fipsctl
OBJS=$(CMD).o
$(CMD): $(OBJS)
FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS) -ldl \
$(LIBS)
$(OBJS): $(CMD).c
$(CC) -c $(CMD).c $(INCLUDES)
clean:
rm -Rf *.o $(CMD)
它编译没有错误。当我尝试启用FIPS模式时,我得到了这个输出:
arm:~/nitere/new$ ./fipsctl set 1
*** Enabling FIPS module. ***
*** Failed to enable FIPS module. ***
error:00000000:lib(0):func(0):reason(0)
但FIPS仍然被禁用:
arm:~/nitere/new$ ./fipsctl get
*** FIPS module is disabled. ***
有人知道出了什么问题吗?
任何提示都会非常有用,
感谢。