OPENSSL_FIPS=1 causes openssl to invoke FIPS_mode_set(1). Once that occurs, MD5 is a prohibited algorithm unless it's explicitly limited to the TLSv1 PRF (and that only because SHA is also used). If an MD5 operation completes successfully, it's not a FIPS canister that's running the cryptography.
In other words: If it's FIPS, it will refuse to do it. If it doesn't refuse to do it, it's not FIPS. I agree that a differentiated string would be nice, but that's not something that's going to really help the underlying problem of people (like those companies) lying. Looking at it pragmatically: as a client, one can either base the decision on declaration or on demonstrable, observable, and well-defined behavior. If one is worried about trusting the former, the only thing that one can really do is rely on the latter. -Kyle H On Thu, Dec 23, 2010 at 1:40 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
On Thu, Dec 23, 2010 at 3:35 PM, <aerow...@gmail.com> wrote:Export the environment variable OPENSSL_FIPS=1, and then try openssl md5?I am aware of two companies which are (were?) claiming a FIPS validated module via OpenSSL sources, but not building the canister. For completeness, the companies may have fixed the issues with their internal build and compliance processes. I believe something stronger is needed to audit vendor provided binaries. JeffOn Tue, Dec 21, 2010 at 1:04 PM, Zamora, Robert <robert.zam...@serco-na.com> wrote:Is there a way to determine if OpenSSL binaries were compiled with the FIPS "certified" module v1.2.x ? Compiling OpenSSL FIPS test module gives me the same results using fips_test_suite.______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME Cryptographic Signature
