OpenSSL 1.0.1e在FIPS模式下失败 [英] OpenSSL 1.0.1e failed in FIPS mode
问题描述
我正在使用FIPS编译OpenSSL.
I am compiling OpenSSL with FIPS.
当我尝试通过导出OPENSSL_FIPS = 1在FIPS模式下运行openssl二进制文件时,它给出了以下错误,
When I tried running openssl binary in FIPS mode by exporting OPENSSL_FIPS=1, it is giving below error,
47657709811344:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232:
我的平台是Linux Suse.
My platform is Linux Suse.
请帮助.
我正在使用以下命令进行构建
I am using below command to build
./Configure no-idea fips --prefix=build/Linux.2.6.16_x86-64_gcc-4.1.2/result --with-fipslibdir=Current/lib/Linux.2.6.16_x86-64_gcc-4.1.2/ --with-fipsdir=Current linux-x86_64 --openssldir=/opt/VRTSssl shared no-zlib no-sse2 no-ec2m
make depend ; make ; make install
推荐答案
使依赖;制作 ;进行安装
make depend ; make ; make install
执行make all
,而不仅仅是make
.这里的问题之一是make install
可以构建事物,而不仅仅是安装事物.它过去打破了其他平台,例如Android.我知道避免在安装过程中构建东西的一种方法是发出make all
.
Do a make all
rather than just make
. One of the issues here is make install
builds things rather than just installing things. Its broken other platforms in the past, such as Android. One way I know to avoid the building of things during install is to issue the make all
.
关于嵌入指纹的OpenSSL脚本的另一个坏处是,它会静默失败.我也知道在Android上很难做到这一点.
Another bad thing about the OpenSSL script that embeds the fingerprint is that it fails silently. I learned that the hard way on Android too.
-with-fipsdir =当前linux-x86_64
--with-fipsdir=Current linux-x86_64
此空间可能会引起问题.
This space is probably causing problems.
-with-fipsdir = ...
--with-fipsdir=...
我似乎想起了fips目录应该包含fips-2.0
的位置.与openssldir
有点不同.
I seem to recall the fips directory should include fips-2.0
somewhere. Its a little different than just openssldir
.
-with-fipslibdir =当前/lib/Linux.2.6.16_x86-64_gcc-4.1.2/
--with-fipslibdir=Current/lib/Linux.2.6.16_x86-64_gcc-4.1.2/
由于您使用的是--with-fipsdir
,所以我认为您不需要--with-fipslibdir
.
Since you are using --with-fipsdir
, I don't believe you need --with-fipslibdir
.
openssl二进制文件是否具有libcrypto.so
依赖项或rpath
设置?我现在在Mac上,因此无法查看Linux的功能.
Does the openssl binary have an libcrypto.so
dependency or rpath
set? I'm on a Mac now so I can't check what Linux does.
这篇关于OpenSSL 1.0.1e在FIPS模式下失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!