'[openssl-users] Enable FIPS mode of OpenSSL by changing the configuration file, will it work for Pyt'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    [openssl-users] Enable FIPS mode of OpenSSL by changing the configuration file, will it work for Pyt
From:       security veteran <security.veteran () gmail ! com>
Date:       2015-09-16 23:09:46
Message-ID: CAC5owtE+vjFyowaycyYP_HXbFnXzySHu6dNHuV-oR3tmk06F9g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

Hi All:

I tried to enable the FIPS mode by making the following changes in my
openssl.cfg config file.

After making the changes, I verified that I can no longer run the non FIPS
approval algorithm such as MD5 by running openssl command, which is
expected:

openssl md5 123.txt

However, I can still use Python hashlib.md5() function to generate MD5 hash.

Does anyone know should the FIPS mode work for Python as well? My
understanding is Python SSL module also use openssl underneath, so ideally
the FIPS mode should have impacted my Python as well.

Thanks and any suggestions are greatly appreciated.

..........
 # Default appname: should match "appname" parameter (if any)
 # supplied to CONF_modules_load_file et al.
openssl_conf = openssl_conf_section

[openssl_conf_section]
 # Configuration module list
alg_section = evp_sect

[evp_sect]
 # Set to "yes" to enter FIPS mode if supported
fips_mode = yes

[ new_oids ]
.................

[Attachment #5 (text/html)]

<div dir="ltr"><div>Hi All:</div><div><br></div>I tried to enable the FIPS mode by \
making the following changes in my openssl.cfg config file.<div><br></div><div>After \
making the changes, I verified that I can no longer run the non FIPS approval \
algorithm such as MD5 by running openssl command, which is \
expected:</div><div><br></div><div>openssl md5 \
123.txt</div><div><br></div><div><br></div><div>However, I can still use Python \
hashlib.md5() function to generate MD5 hash.</div><div><br></div><div>Does anyone \
know should the FIPS mode work for Python as well? My understanding is Python SSL \
module also use openssl underneath, so ideally the FIPS mode should have impacted my \
Python as well.</div><div><br></div><div>Thanks and any suggestions are greatly \
appreciated.</div><div><br></div><div><br></div><div>..........</div><div><span \
style="">  # Default appname: should match &quot;appname&quot; parameter (if \
any)</span><br style=""><span style="">  # supplied to CONF_modules_load_file et \
al.</span><br style=""><span style="">openssl_conf = openssl_conf_section</span><br \
style=""><br style=""><span style="">[openssl_conf_section]</span><br style=""><span \
style="">  # Configuration module list</span><br style=""><span style="">alg_section \
= evp_sect</span><br style=""><br style=""><span style="">[evp_sect]</span><br \
style=""><span style="">  # Set to &quot;yes&quot; to enter FIPS mode if \
supported</span><br style=""><span style="">fips_mode = yes</span><br style=""><br \
style=""><br style=""><span style="">[ new_oids ]</span><br style=""></div><div><span \
style="">.................</span></div></div>

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[prev in list] [next in list] [prev in thread] [next in thread] 