[openssl-users] FIPS & FIPS_SIgnature
jbtalley98 at gmail.com
Fri Jun 3 20:30:46 UTC 2016
I have successfully compiled/linked w/ fipsld and FIPS_mode_set(1) returns
I'm trying to understand what the FIPS_signature variable represents. Can
it be used to verify/match against the FIPS library somehow? Is it
supposed to match the sha/mac from the fips build? Or should this value
simply be unique per release - especially in a static build. (So, if I
were to dynamically link, this would stay the same, and in theory, if
someone tried to preload a different library, then the fingerprints would
likely mismatch and result in a failure to enable).
If I dump out the value to truly convince myself that FIPS is enabled, I
FIPS version part of OpenSSL 1.0.2h-fips 3 May 2016.
If I run OPENSSL_FIPS=1 openssl md5 - then I also get denied b/c FIPS mode
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users