Because the 'fipsld' script isn't actually necessary to pass FIPS validation. The steps that that script does are necessary to maintain validation, but they can be done by anything (once the FIPS canister is created, anyway). Try setting "OPENSSL_FIPS=1" in your environment, and make sure that the openssl commands do what they're supposed to. (md5 shouldn't work if OPENSSL_FIPS is set, for example.)
-Kyle H On Fri, Sep 11, 2009 at 3:51 PM, Lin Hwang <[email protected]> wrote: > Hi, > > I am an Openssl newby. Recently I am trying to build FIPS module and FIPS > capable lib on a Linux system. > I notice that all the fips_xxxtest programs at link time all go through > fipsld and linked with a digest. I expect > the same thing with application "openssl", but I don't see it happens when I > check the build log. When I run > the command, it worked !! For example when I ran "openssl version", it shows > me "OpenSSL 0.9.8j-fips 07 Jan > 2009". Why there is no fingerprint, but it seems to pass FIPS_mode_set > without problem? > > > Lin > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
