Thank you for your reply.
Looking at the OpenSSL FIPS Security Policy https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1747.pdf, I see the following statement:
"The Module requires an initialization sequence (see IG 9.5): the calling application invokes FIPS_mode_set(), which returns a “1” for success and “0” for failure. If FIPS_mode_set() fails then all cryptographic services fail from then on. The application can test to see if FIPS mode has been successfully performed."
Therefore, for OpenSSL to switch to FIPS mode, it is required that the application call FIPS_mode_set(1).
Can you please confirm that my understanding is now correct?
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
