Re: [openssl-users] Enable the FIPS mode in the library level

Am 05.03.2018 um 20:39 schrieb Alan Dean: > Thanks Matthias for your response. > > I have a different question: > > Per your suggestion in the previous email, FIPS_mode_set() can be > moved inside of OPENSSL_init(), in order to force the FIPS mode > enabled in the library level. > > However

Re: [openssl-users] Enable the FIPS mode in the library level

Thanks Matthias for your response. I have a different question: Per your suggestion in the previous email, FIPS_mode_set() can be moved inside of OPENSSL_init(), in order to force the FIPS mode enabled in the library level. However currently OPENSSL_init() is actually invoked from within

Re: [openssl-users] Enable the FIPS mode in the library level

Am 05.03.2018 um 19:55 schrieb Alan Dean: > Thanks a lot Matthias for the suggestion. > > I have few follow-up questions below: > Please see my other replies. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Enable the FIPS mode in the library level

Am 05.03.2018 um 20:07 schrieb Salz, Rich via openssl-users: > > * Did you mean if an application uses the low level crypto algorithm > functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then > they won't work under FIPS mode (and hence may cause unpredictable > issues)? > >

Re: [openssl-users] Enable the FIPS mode in the library level

* Did you mean if an application uses the low level crypto algorithm functions (e.g. SHA256_Init/ SHA256_Update/ SHA256_Final) then they won't work under FIPS mode (and hence may cause unpredictable issues)? Yes. It’s not unpredictable issues, but rather that your application cannot claim

Re: [openssl-users] Enable the FIPS mode in the library level

On Mon, Mar 5, 2018 at 3:04 AM, Dr. Matthias St. Pierre < matthias.st.pie...@ncp-e.com> wrote: > > > On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote: > > > > However, I am sceptical whether this approach will be accepted, > > because there are (at least) two potential problems: > > > > *

Re: [openssl-users] Enable the FIPS mode in the library level

Thanks a lot Matthias for the suggestion. I have few follow-up questions below: On Mon, Mar 5, 2018 at 2:57 AM, Dr. Matthias St. Pierre < matthias.st.pie...@ncp-e.com> wrote: > > > On 05.03.2018 10:46, Alan Dean wrote: > > Question 1: Is it even feasible to make the FIPS mode always enabled for

Re: [openssl-users] Enable the FIPS mode in the library level

Dr. Matthias St. Pierre wrote: > On 05.03.2018 10:46, Alan Dean wrote: >> Question 1: Is it even feasible to make the FIPS mode always enabled >> for the whole OpenSSL library (i.e. for both libcrypto and libssl), so > The optimal location for

Re: [openssl-users] Enable the FIPS mode in the library level

On 05.03.2018 11:57, Dr. Matthias St. Pierre wrote: > > However, I am sceptical whether this approach will be accepted, > because there are (at least) two potential problems: > > * Normally, it is mandatory to check the result of FIPS_mode_set() or > FIPS_mode() to ensure that the FIPS

Re: [openssl-users] Enable the FIPS mode in the library level

On 05.03.2018 10:46, Alan Dean wrote: > Question 1: Is it even feasible to make the FIPS mode always enabled > for the whole OpenSSL library (i.e. for both libcrypto and libssl), so > that most the applications which dynamically linked to libcrypto and > libssl will be automatically use OpenSSL