[openssl-users] FIPS mode on Windows
Alessandro Gherardi
alessandro.gherardi at yahoo.com
Fri Sep 7 14:18:48 UTC 2018
Thank you for your reply.
Looking at the OpenSSL FIPS Security Policy https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1747.pdf, I see the following statement:
"The Module requires an initialization sequence (see IG 9.5): the calling application invokes FIPS_mode_set(), which returns a “1” for success and “0” for failure. If FIPS_mode_set() fails then all cryptographic services fail from then on. The application can test to see if FIPS mode has been successfully performed."
Therefore, for OpenSSL to switch to FIPS mode, it is required that the application call FIPS_mode_set(1).
Can you please confirm that my understanding is now correct?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180907/5c42b9dd/attachment.html>
More information about the openssl-users
mailing list