On Mon, Jan 23, 2012, Vimol Kshetrimayum wrote: > Hi, > > > I have an application which uses RSA or Diffie Hellman (DH) algorithms for > key exchange and RAND_seed and RAND_bytes to generate pseudo random number. > > > Now, I have added FIPS_mode_set(1) to enable FIPS. As per openSSL-fips > security policy document, my expectation is DH and RAND_seed and > RAND_bytesfunction should not be loaded in FIPS mode. However, these > functions are > loaded and still working fine even in FIPS mode. > > > Is this expected behaviour? > > > If I want to disable all the non FIPS approved algorithms what is the best > practice? > > > I am consuming openSSL-fips-1.2.0 and openSSL-9.8r. >
When FIPS mode is enabled the RAND functions are redirected to an FIPS approved PRNG. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
