On Tue, Jan 19, 2016, security veteran wrote:
>
> When the environment variable OPENSSL_FIPS is set, does it enable FIPS mode
> globally, so that any applications which use OpenSSL also enter FIPS mode?
>
No it only applies to the "openssl" application.
Steve.
--
Dr Stephen N. Henson. OpenSSL
On 01/19/2016 01:41 PM, security veteran wrote:
> Thanks Steve.
>
> So basically the idea is to allow companies build the OpenSSL with FIPS
> modules in their product and ship only this version of OpenSSL to all
> their customers. For the customers who don't need FIPS, then just simply
> keep the
Thanks Steve.
When the environment variable OPENSSL_FIPS is set, does it enable FIPS mode
globally, so that any applications which use OpenSSL also enter FIPS mode?
On Tue, Jan 19, 2016 at 10:52 AM, Dr. Stephen Henson
wrote:
> On Tue, Jan 19, 2016, security veteran wrote:
>
> >
> > openssl dgst
On Tue, Jan 19, 2016, security veteran wrote:
>
> openssl dgst -md5 FILE_NAME
>
> To me it looks like the openssl commands are always run with FIPS enabled
> in this case. Is that the expected behavior?
>
Ihe openssl command enters FIPS mode if the environmant variable OPENSSL_FIPS
is set.
St
Thanks Steve.
So basically the idea is to allow companies build the OpenSSL with FIPS
modules in their product and ship only this version of OpenSSL to all their
customers. For the customers who don't need FIPS, then just simply keep the
FIPS mode disabled and then the OpenSSL will behave just lik
On 01/19/2016 04:33 AM, security veteran wrote:
> Hi,
>
> I am trying to build a system with both the non-FIPS OpenSSL and the
> OpenSSL with FIPS modules, and was wondering does OpenSSL FIPS modules
> actually only affect libcrypto.so?
Yes and no.
The "FIPS enabled" OpenSSL consists of OpenSSL
