My company is currently trying to leverage OpenSSL FIPS through emscripten and have made progress, but not enough to be compliant.
The biggest issue we're seeing right now is that FIPS creates a separate file fipscanister.o.sha1 that is apart of the process to verify the code's integrity, https://wiki.openssl.org/index.php/FIPS_Build_Guidelines. This file is generated through emscripten, but contains nothing in it. Additionally, this digest is supposed to be checked when FIPS_mode_set is called, which does not appear anywhere in the generated output for fipscanister.js. It appears we've gotten the encryption/decryption working, but rand_bytes does not work due to checking if FIPS was turned on (https://github.com/openssl/openssl/blob/894c04aa05ba1e64735d7beb9c2a1da93d288e31/fips/rand/fips_rand_lib.c#L123), which cannot be turned on due to the previous issues. We reached out to Alon, who said we should post it here, so any help would definitely be appreciated. -- You received this message because you are subscribed to the Google Groups "emscripten-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
