How do I verify the FIPS mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/10/2016 02:56 PM, Lesley Kimmel wrote:
> Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may
> have no affect against a non-FIPS enabled OpenSSL. According to some
> posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an
> error as md5 is not an enabled cipher in FIPS mode.

It depends on the version. Recent versions of OpenSSL will give a "FIPS
mode not supported" error for

  env OPENSSL_FIPS=1 openssl md5 ...

Whereas that command for a properly built FIPS-enabled OpenSSL will give
a "not permitted in FIPS mode" error.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux