[CentOS-devel] [FIPS] FIPS_selftest failing in Centos 7

Thu Apr 9 13:16:08 UTC 2020
Terri Farias <terri.farias at gmail.com>

terriann.farias at navy.mil

On Fri, Mar 6, 2020 at 4:55 AM Akshar Kanak <akshar.kanak1 at gmail.com> wrote:

> Dear team
>     The API FIPS_selftest() is failing .
> The content of the file /proc/sys/crypto/fips_enabled is 1
>     I have executed the below mentioned code
>
>     The code is
> #include "stdio.h"
> int main()
> {
> int ret=0;
> ret=FIPS_mode();
> printf("\nFIPS_mode = %u  \n",ret);
> ret=FIPS_selftest();
> printf("\nFIPS_selftest=%u  \n",ret);
> ERR_print_errors_fp(stderr);
> }
>
>
>      Output  is
> "
> FIPS_mode = 1
>
> FIPS_selftest=0
> 140091346814640:error:0607B0A3:lib(6):func(123):reason(163):evp_enc.c:313:
>
> 140091346814640:error:2D06F065:lib(45):func(111):reason(101):fips_des_selftest.c:134:
> "
>
>      Looks like flag EVP_CIPH_FLAG_FIPS is not set for the cipher returned
> by EVP_des_ede_ecb() .
>
>      I am using openssl-1.0.2k-19.el7.x86_64 on "CentOS Linux release
> 7.6.1810 (Core)"
>
> Please let me know you thoughts on this
>
> Thanks and Regards
> Akshar
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> https://lists.centos.org/mailman/listinfo/centos-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20200409/67edb9b3/attachment-0006.html>