On Mon, Aug 26, 2013, Leon Brits wrote: > I am using a FIPS compiled OpenSSL and I switch between FIPS and non-FIPS > mode with the FIPS_mode_set() API call. The selection is made by the > application linked to my library based on its configuration. >
That's weird. It should be using exactly the same algorithm implementation then. Assuming there's no problem with your code the only thing I can think of is some inconsistency between FIPS and non-FIPS initialisation of EVP. To test that have a look in crypto/evp/evp_enc.c in OpenSSL 1.0.1 for the lines that check FIPS_mode(). Change them so they're always caled and not just if FIPS_mode() is non-zero. If possible also try OpenSSL 1.0.1 without the "fips" compilation option: it will then use its internal implementation and not the one in the FIPS module. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
