I am having a problem with compiling with fips enable mode on. The default is suppose to fips enabled but when the configure runs with no options it states that fips is not enabled and the make runs successfully. When I use the –enable-fips option, the configure runs just fine but the make fails with :
In file included from common.h:374,
from file.c:38:
/usr/include/openssl/fips.h:69:2: error: #error FIPS is disabled.
make: 1254-004 The error code from the last command is 1.
Stop.
make: 1254-004 The error code from the last command is 1.
Stop.
IBM support assures me that FIPS is enabled. At this point I am stuck and do not know what to do next. Can anyone offer any suggestions? My system, oslevel, ssl level, etc… are as follows:
$ uname -a
AIX velssi02 3 5 00C866124C00
$oslevel –s
AIX 5300-12-02-1036
$ lslpp -l | grep libc
bos.rte.libc 5.3.12.2 COMMITTED libc Library
bos.rte.libcfg 5.3.12.1 COMMITTED libcfg Library
bos.rte.libcur 5.3.11.0 COMMITTED libcurses Library
$ gcc -v
Using built-in specs.
Target: powerpc-ibm-aix5.3.0.0
Configured with: ../configure --with-as=/usr/bin/as --with-ld=/usr/bin/ld --enable-languages=c,c++,java --prefix=/opt/freeware --enable-threads --enable-version-specific-runtime-libs --host=powerpc-ibm-aix5.3.0.0 --target=powerpc-ibm-aix5.3.0.0 --build=powerpc-ibm-aix5.3.0.0 --disable-libjava-multilib
Thread model: aix
gcc version 4.2.0
$ ssh –V
OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009
stunnel-4.34
$ /usr/local/bin/stunnel/stunnel -version
stunnel 4.32 on powerpc-ibm-aix5.3.0.0 with OpenSSL 0.9.8k-fips 25 Mar 2009
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Global options
debug = daemon.notice
pid = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /usr/local/etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none