Difference between revisions of "Talk:FIPS Mode"

From OpenSSLWiki
Jump to navigationJump to search
(Created page with "The <tt>FIPS Mode</tt> link on the home page was broken, so I added a redirect as a stopgap, but I think it would be better to use this page to explain what FIPS mode is, and...")
 
 
(6 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
-- [[User:Jflopezfernandez|Jflopezfernandez]] ([[User talk:Jflopezfernandez|talk]]) 15:31, 9 August 2019 (UTC)
 
-- [[User:Jflopezfernandez|Jflopezfernandez]] ([[User talk:Jflopezfernandez|talk]]) 15:31, 9 August 2019 (UTC)
 +
 +
Yes, I agree. And actually the FIPS_mode() page that you have redirected to would be better off as a man page in the source repo rather than as a wiki page. Of course in 1.1.1 this function doesn't do anything at all (although it exists). In 3.0 it will do something again, but that code needs to be implemented.
 +
 +
--[[User:Matt|Matt]] ([[User talk:Matt|talk]]) 15:36, 9 August 2019 (UTC)
 +
 +
: That's good to know, I actually didn't know that. I'll make a note of that on the <tt>FIPS_mode()</tt> page, as there's currently no indication it doesn't do anything right now.
 +
:
 +
: -- [[User:Jflopezfernandez|Jflopezfernandez]] ([[User talk:Jflopezfernandez|talk]]) 15:53, 9 August 2019 (UTC)
 +
 +
: Just to clarify my earlier comment. It does do something in 1.0.2 too. 1.0.2 is a FIPS capable release, 1.1.1 is not FIPS capable, 3.0 will be FIPS capable again. Confused yet? :-)
 +
: --[[User:Matt|Matt]] ([[User talk:Matt|talk]]) 16:07, 9 August 2019 (UTC)
 +
 +
:: Oh, wow, now I really am confused. Can you take a look at the [[FIPS_mode()]] page? I added a notice based on the first thing you told me, but now I'm not sure it's right, and I don't want others to share in my current state of confusion haha.
 +
::
 +
:: -- [[User:Jflopezfernandez|Jflopezfernandez]] ([[User talk:Jflopezfernandez|talk]]) 16:20, 9 August 2019 (UTC)
 +
 +
::: No, it's not quite right. I'd remove the notice and add something in the body of the text saying that OpenSSL 1.1.0 and 1.1.1 are not FIPS capable and therefore this function always returns 0 in those releases
 +
::: --[[User:Matt|Matt]] ([[User talk:Matt|talk]]) 16:24, 9 August 2019 (UTC)
 +
 +
:::: Okay, I just finished making the changes. Could I bother you again to take a look and let me know what you think? Thanks for the feedback.
 +
:::: -- [[User:Jflopezfernandez|Jflopezfernandez]] ([[User talk:Jflopezfernandez|talk]]) 19:05, 9 August 2019 (UTC)
 +
 +
::::: Looks good to me
 +
::::: --[[User:Matt|Matt]] ([[User talk:Matt|talk]]) 22:30, 9 August 2019 (UTC)

Latest revision as of 22:30, 9 August 2019

The FIPS Mode link on the home page was broken, so I added a redirect as a stopgap, but I think it would be better to use this page to explain what FIPS mode is, and then include a link to the FIPS_mode() page.

-- Jflopezfernandez (talk) 15:31, 9 August 2019 (UTC)

Yes, I agree. And actually the FIPS_mode() page that you have redirected to would be better off as a man page in the source repo rather than as a wiki page. Of course in 1.1.1 this function doesn't do anything at all (although it exists). In 3.0 it will do something again, but that code needs to be implemented.

--Matt (talk) 15:36, 9 August 2019 (UTC)

That's good to know, I actually didn't know that. I'll make a note of that on the FIPS_mode() page, as there's currently no indication it doesn't do anything right now.
-- Jflopezfernandez (talk) 15:53, 9 August 2019 (UTC)
Just to clarify my earlier comment. It does do something in 1.0.2 too. 1.0.2 is a FIPS capable release, 1.1.1 is not FIPS capable, 3.0 will be FIPS capable again. Confused yet? :-)
--Matt (talk) 16:07, 9 August 2019 (UTC)
Oh, wow, now I really am confused. Can you take a look at the FIPS_mode() page? I added a notice based on the first thing you told me, but now I'm not sure it's right, and I don't want others to share in my current state of confusion haha.
-- Jflopezfernandez (talk) 16:20, 9 August 2019 (UTC)
No, it's not quite right. I'd remove the notice and add something in the body of the text saying that OpenSSL 1.1.0 and 1.1.1 are not FIPS capable and therefore this function always returns 0 in those releases
--Matt (talk) 16:24, 9 August 2019 (UTC)
Okay, I just finished making the changes. Could I bother you again to take a look and let me know what you think? Thanks for the feedback.
-- Jflopezfernandez (talk) 19:05, 9 August 2019 (UTC)
Looks good to me
--Matt (talk) 22:30, 9 August 2019 (UTC)