Unable to set fips_mode_set(1) for openssl


#1

Hello,

I have to enable fips for openssl by calling fips_mode_set(1), when i call fips_mode_set(1) it is getting success and fips_mode() is returning 1, but if i close the application and call again fips_mode() it is returning zero instead of one which was set before.

Here is my Makefile


OPENSSLDIR = /usr
INCLUDES = -I/usr/fips2.0/include/
LIBS=/home/vyos/openssl-1.0.1i/libcrypto.a
all:
/home/vyos/openssl-fips-2.0.10/fips/fipsld -ldl fipsctl.c -o fipsctl $(INCLUDES) $(LIBS)

clean:
rm -Rf *.o fipsctl


fipsctl.c


#include <openssl/crypto.h>
#include<openssl/fips.h>
#include <stdio.h>

void main(){
int mode = FIPS_mode(), ret = 0; unsigned long err = 0;

/* Toggle FIPS mode */
if(mode == 0)
{
printf(“fips mode not enabled”);
ret = FIPS_mode_set(1 /on/);
if(ret != 1)
{
err = ERR_get_error();
}
if (ret == 1)
printf("\nreturn success for fips mode operation");
mode = FIPS_mode();
if(mode == 1)
printf("\nfips mode enabled");

}

printf("\n fips self test %d ",FIPS_selftest());

if(ret != 1)
printf(“FIPS_mode_set failed: %lx.”, err);
}

output of fipsctl:

vyos@vyos:~$ ./fipsctl
fips mode not enabled
return success for fips mode operation
fips mode enabled
fips self test 1

I called fipsctl again , but it still returning zero instead of one which was set before.

vyos@vyos:~$ ./fipsctl
fips mode not enabled
return success for fips mode operation
fips mode enabled
fips self test 1

vyos@vyos:~$