[openssl-users] FIPS & FIPS_SIgnature

Jason Talley jbtalley98 at gmail.com
Fri Jun 3 20:30:46 UTC 2016

Hello all,
I have successfully compiled/linked w/ fipsld and FIPS_mode_set(1) returns

I'm trying to understand what the FIPS_signature variable represents.  Can
it be used to verify/match against the FIPS library somehow?  Is it
supposed to match the sha/mac from the fips build?  Or should this value
simply be unique per release - especially in a static build.  (So, if I
were to dynamically link, this would stay the same, and in theory, if
someone tried to preload a different library, then the fingerprints would
likely mismatch and result in a failure to enable).

If I dump out the value to truly convince myself that FIPS is enabled, I

FIPS version  part of OpenSSL 1.0.2h-fips  3 May 2016.
Signature: dd:4a:38:e6:5d:db:d3:80:c2:aa:8d:20:c2:01:31:26:83:44:fd:1e:

If I run OPENSSL_FIPS=1 openssl md5 - then I also get denied b/c FIPS mode
is enabled.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160603/335454a6/attachment.html>

More information about the openssl-users mailing list