Hi,
After building OpenSSL FIPS module in a manner required by security policy,
I tested non-supported algorithm in FIPS mode. I saw two different result
behaviours:
1. application aborts
when non-supported symmetric key encryption algorithms are invoked,
like rc2, rc4, idea. They will end up invoking abort() if FIPS mode is
detected;
2. application finish smoothly but with incorrect result
This happend against non-supported hash functions like md5, ripemd.
Wrong hash result will be got. However, when I invoke openssl
ERR_peek_last_error(), I can get error code, further I can get error message
like "disabled for fips".
Why are the FIPS check processings on those algorithm different? Is there
a good way to programmatically check if an algorithm is supported in FIPS mode?
Thanks
Raymond
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today!
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
