1

I'm having some issues getting OpenSSL built with the FIPS module on RHEL7.

I've tried using the built-in RHEL repo OpenSSL, version 1.0.2j from the OpenSSL website, and 1.1.0b from the website (which I now realize states it lack FIPS support).

I've been following all of the directions I've been able to find across Overflow and the wiki.

So far I've been following these steps:

In the extracted OpenSSL directory:

./config --openssldir=/usr/local/ssl
make
make test
make install

Then, in the FIPS module directory:

make
make install

Then, back in the OpenSSL directory:

./config fips --openssldir=/usr/local/ssl
make
make depend
make test

And this is where I hit my failure. 

'not compiled with FIPS support, so exiting without running.'

What am I missing here? I'm unable to get any of the FIPS module tests to compile either.

I'm pulling my hair out here. Any help would be much appreciated.

Matthew Heimlich
  • 343
  • 2
  • 13
  • *... Then, in the FIPS module directory ..."* - The FIPS Object Module (FOM) gets built first. Then, the FIPS Capable OpenSSL (i.e., the "OpenSSL" you and I envision) uses the FOM if its available. The instructions for building the FIPS gear is in the [OpenSSL FIPS 2.0 User Guide](http://www.openssl.org/docs/fips/UserGuide-2.0.pdf), Appendix B.1. There's also an example of doing the FIPS thing on the OpenSSL wiki at [FIPS and Android](https://wiki.openssl.org/index.php/FIPS_Library_and_Android). Its a different platform, but roughly the same steps (modulo the cross-compile). – jww Oct 06 '16 at 17:58
  • Got in installed, thanks a ton. – Matthew Heimlich Oct 06 '16 at 18:43

0 Answers0