0

I want to use openssl with fips 140-2 to encrypt and decrypt files.

Source OS: ubuntu 18.04. I have followed below steps:

  1. I have uninstalled the existing openssl version.
  2. Downloaded openssl-3.1.0.tar.gz, and compiled it with following commands (./configure,make, make install).
  3. Now i have downloaded openssl-fips-2.0.16.tar.gz, and compiled with following commands (./configure,make, make install)
  4. export OPENSSL_FIPS=/root/openssl-fips-2.0.16
  5. executed the command from openssl-3.1.0 folder to enable openssl use fips module ./config --prefix=/usr/local/ssl enable-fips following make and make install.
  6. Now if i execute followi command i am not seeing any fips version in openssl version -a, also openssl rand -fips 32 > aes_key.bin gives me rand: Unknown option: -fips this error.

Not sure if i am doing it correct.

Improve this question
2
  • 1
    The FIPS module you downloaded, openssl-fips-2.0.16, has nothing to do with OpenSSL 3.1.0, which has its own FIPS module included. The 2.0.16 module is for OpenSSL 1.0.2. I think you need to read the instructions on how to configure, build, and above all properly install, the openssl 3.1.0 libraries for enabling FIPS mode of operation. Commented Apr 17, 2023 at 8:38
  • @WhozCraig I have followed documentation, check out latest code. ./configure, make and make install => to install openssl. to enable support for fips ./config fips enable-fips, make, make install and then openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib64/ossl-modules/fips.so followed from this link. github.com/openssl/openssl/blob/master/README-FIPS.md Commented Apr 17, 2023 at 10:46

1 Answer 1

Reset to default
2

Followed below steps to install.

  1. Downloaded openssl-3.1.0.tar.gz, and compile it with following commands (./configure,make,make test, make install)
  2. To Enable fips to used alongside with openssl use below commands (./config fips enable-fips,Make,Make install openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib64/ossl-modules/fips.so)
  3. couple of changes in openssl.conf mentioned as here openssl
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.