[openssl-dev] FIPs mode and openssl

Mody, Darshan (Darshan) darshanmody at avaya.com
Fri May 27 09:50:47 UTC 2016 

Thanks Steve,

My question here is do I need to put openssl in FIPS mode for my application, even when Kernel is in FIPS mode. I get FIPS_mode() returning true when I initialize openssl from my application.

Regards
Darshan

________________________________________
From: openssl-dev [openssl-dev-bounces at openssl.org] on behalf of Steve Marquess [marquess at openssl.com]
Sent: Friday, May 27, 2016 2:58 PM
To: openssl-dev at openssl.org
Subject: Re: [openssl-dev] FIPs mode and openssl

On 05/27/2016 05:11 AM, Mody, Darshan (Darshan) wrote:
> Hi,
>
>
>
> I have a query with regards to FIPS mode and use of Openssl. I have put
> my kernel image n FIPs mode using the documentation
> (https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_6_html_Security-5FGuide_sect-2DSecurity-5FGuide-2DFederal-5FStandards-5FAnd-5FRegulations-2DFederal-5FInformation-5FProcessing-5FStandard.html&d=CwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc&s=-Gf_V2cek9XebA8eKWhFeL2hXCtHLqwJauOD0IuopLU&e= )
>
>
>
> Do I need to put the openssl in FIPs mode using the API FIPS_mode_set(1)
> or will by default the openssl will put itself in FIPS mode for my
> application. There are couple of application on the server we use
> openssl. Do I need to put each of the application openssl in FIPS mode
> or will it put itself in FIPS since the kernel is in FIPS mode.
>
>
>
> Thanks
>
> Darshan
>
>
>


You are using the Red Hat FIPS module, not the OpenSSL one, so you'll
need to ask that vendor.

-Steve M.

--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: https://urldefense.proofpoint.com/v2/url?u=http-3A__openssl.com_docs_0x6D1892F5.asc&d=CwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc&s=pvfmLNV5wFtbE8TvbGtpQdBRmzZzuuCQF0UgxmaZW34&e=
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=CwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc&s=XQfgkJcZEf0I-0-rMIEw2wp4U7mgrCk8EPGFlSM461U&e=
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160527/38ed78d9/attachment-0001.html>

More information about the openssl-dev mailing list