I'm hoping someone can help me understand the fact that I enabled FIPS but
the MD5 hash functionality is still working.
I built the FIPS object module using openssl-fips-1.2 on a linux system
./config fipscanisterbuild no-asm
make
make install
then built the FIPS capable OpenSSL using openssl-0.9.8k
./config fips
make
make install
In my application my first call is to the following code
#ifdef OPENSSL_FIPS
if(FIPS_mode_set(1))
{
printf("FIPS mode enabled\n");
}
else
{
printf("FIPS mode failed to enable\n");
ERR_load_crypto_strings();
ERR_print_errors_fp(stderr);
exit(1);
}
printf("FIPS mode=%d\n", FIPS_mode());
#else
printf("FIPS mode disabled\n");
#endif
which outputs
FIPS mode enabled
FIPS mode=1
which indicates that OpenSSL is in FIPS mode, but when I call the following
code
void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8
*mac)
{
MD5_CTX ctx;
size_t i;
int success1 = 22;
int success2 = 22;
int success3 = 22;
success1 = MD5_Init(&ctx);
for(int i = 0; i < num_elem; i++)
{
success2 = MD5_Update(&ctx, addr[i], len[i]);
}
success3 = MD5_Final(mac, &ctx);
printf("md5_vector:success=%d,%d,%d\n", success1, success2, success3);
}
I get the output
md5_vector:success=1,1,1
and the operation I expected to fail works. I'm I missing something or is
FIPS not really enabled?
