[gnutls-help] Compiling with the FIPS option
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Jan 27 08:56:19 CET 2015
On Mon, 2015-01-26 at 18:15 -0500, jonetsu at teksavvy.com wrote:
> [ snip ]
> gnutls[2]: Successfully verified library MAC for libgmp.so.10
> library is in FIPS140-2 mode
> A question regarding the hmac files. The following was previously
> seen for all library files apart from GnuTLS itself:
> gnutls[2]: Could not open
> /usr/lib/x86_64-linux-gnu/.libnettle.so.4.hmac for MAC testing: Error
> while reading file.
> gnutls[2]: Could not open
> /usr/lib/x86_64-linux-gnu/fipscheck/libnettle.so.4.hmac for MAC
> testing: Error while reading file.
> I had to create a fipscheck/ subdirectory and copy all hmac files
> generated by fipshmac there. So now there are hmac files in the
> parent directory (prefixed by a dot) and in this fipscheck directory.
> Why is this redundancy needed ?
It is not needed. Gnutls will check in two places for these files (one
is the fallback of the other), so if you have the files in any one of
them it should be able to work as expected. Isn't that the case?
regards,
Nikos
More information about the Gnutls-help
mailing list