Talk:FIPS Mode

From OpenSSLWiki
Revision as of 16:24, 9 August 2019 by Matt (talk | contribs)

Jump to: navigation, search

The FIPS Mode link on the home page was broken, so I added a redirect as a stopgap, but I think it would be better to use this page to explain what FIPS mode is, and then include a link to the FIPS_mode() page.

-- Jflopezfernandez (talk) 15:31, 9 August 2019 (UTC)

Yes, I agree. And actually the FIPS_mode() page that you have redirected to would be better off as a man page in the source repo rather than as a wiki page. Of course in 1.1.1 this function doesn't do anything at all (although it exists). In 3.0 it will do something again, but that code needs to be implemented.

--Matt (talk) 15:36, 9 August 2019 (UTC)

That's good to know, I actually didn't know that. I'll make a note of that on the FIPS_mode() page, as there's currently no indication it doesn't do anything right now.
-- Jflopezfernandez (talk) 15:53, 9 August 2019 (UTC)
Just to clarify my earlier comment. It does do something in 1.0.2 too. 1.0.2 is a FIPS capable release, 1.1.1 is not FIPS capable, 3.0 will be FIPS capable again. Confused yet? :-)
--Matt (talk) 16:07, 9 August 2019 (UTC)
Oh, wow, now I really am confused. Can you take a look at the FIPS_mode() page? I added a notice based on the first thing you told me, but now I'm not sure it's right, and I don't want others to share in my current state of confusion haha.
-- Jflopezfernandez (talk) 16:20, 9 August 2019 (UTC)
No, it's not quite right. I'd remove the notice and add something in the body of the text saying that OpenSSL 1.1.0 and 1.1.1 are not FIPS capable and therefore this function always returns 0 in those releases
--Matt (talk) 16:24, 9 August 2019 (UTC)