On Mon, 2011-10-17 at 21:18 +0000, Keith Welter wrote: > The OpenSSL FIPS 140-2 User Guide says: > "The FIPS Object Module provides an API for invocation of FIPS approved > cryptographic functions from calling applications, and is designed for use in > conjunction with standard OpenSSL 0.9.8 distributions beginning with 0.9.8j. > Note: OpenSSL 1.0.0 is not supported for use with the OpenSSL FIPS Object > Module. These standard OpenSSL 0.9.8 source distributions support the original > nonFIPS API as well as a FIPS mode in which the FIPS approved algorithms are > implemented by the FIPS Object Module and nonFIPS approved algorithms other > than > DH are disabled by default. These nonvalidated algorithms include, but are not > limited to, Blowfish, CAST, IDEA, RCfamily, and nonSHA message digest and > other > algorithms." > > However, on my installation, the 'openssl version' command reports: > OpenSSL 1.0.0-fips 29 Mar 2010
That's probably because you're running Red Hat Enterprise Linux 6 - the OpenSSL library there was patched to support running in the FIPS mode and it is currently in the process of FIPS validation independent from the upstream FIPS validation. This just shares some parts of the FIPS related code from the upstream module but it does not support the upstream FIPS module. Tomas Mraz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
