On Fri, May 27, 2016 at 09:50:47AM +0000, Mody, Darshan (Darshan) wrote: > Thanks Steve, > > My question here is do I need to put openssl in FIPS mode for my application, > even when Kernel is in FIPS mode. I get FIPS_mode() returning true when I > initialize openssl from my application.
You still need to ask Redhat. But if I remember the code correctly, it will also put openssl into FIPS mode as it checks /proc/sys/crypto/fips_enabled from the kernel and goes to FIPS mode. Ciao, marcus > Regards > Darshan > > ________________________________________ > From: openssl-dev [openssl-dev-boun...@openssl.org] on behalf of Steve > Marquess [marqu...@openssl.com] > Sent: Friday, May 27, 2016 2:58 PM > To: openssl-dev@openssl.org > Subject: Re: [openssl-dev] FIPs mode and openssl > > On 05/27/2016 05:11 AM, Mody, Darshan (Darshan) wrote: > > Hi, > > > > > > > > I have a query with regards to FIPS mode and use of Openssl. I have put > > my kernel image n FIPs mode using the documentation > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_documentation_en-2DUS_Red-5FHat-5FEnterprise-5FLinux_6_html_Security-5FGuide_sect-2DSecurity-5FGuide-2DFederal-5FStandards-5FAnd-5FRegulations-2DFederal-5FInformation-5FProcessing-5FStandard.html&d=CwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc&s=-Gf_V2cek9XebA8eKWhFeL2hXCtHLqwJauOD0IuopLU&e= > > ) > > > > > > > > Do I need to put the openssl in FIPs mode using the API FIPS_mode_set(1) > > or will by default the openssl will put itself in FIPS mode for my > > application. There are couple of application on the server we use > > openssl. Do I need to put each of the application openssl in FIPS mode > > or will it put itself in FIPS since the kernel is in FIPS mode. > > > > > > > > Thanks > > > > Darshan > > > > > > > > > You are using the Red Hat FIPS module, not the OpenSSL one, so you'll > need to ask that vendor. > > -Steve M. > > -- > Steve Marquess > OpenSSL Validation Services, Inc. > 1829 Mount Ephraim Road > Adamstown, MD 21710 > USA > +1 877 673 6775 s/b > +1 301 874 2571 direct > marqu...@openssl.com > gpg/pgp key: > https://urldefense.proofpoint.com/v2/url?u=http-3A__openssl.com_docs_0x6D1892F5.asc&d=CwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc&s=pvfmLNV5wFtbE8TvbGtpQdBRmzZzuuCQF0UgxmaZW34&e= > -- > openssl-dev mailing list > To unsubscribe: > https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=CwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=GTOvXwENarIDt6ceeifX3cwsUHwEPSoA5Nst5bYguXc&s=XQfgkJcZEf0I-0-rMIEw2wp4U7mgrCk8EPGFlSM461U&e= > -- > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev -- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meiss...@suse.de> -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
