Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
OpenSSL: Report -fips in version if OpenSSL is built with FIPS #3771
Older versions of OpenSSL report FIPS availabilty via an OPENSSL_FIPS
Reported-by: Ricky Leverence Jr
Doesn't appear so. 1.1.1 doesn't seem to support it at all, given this line in their 1.1.1 stable branch:
On the 1.1.0 branch, you'll see the
So.. long answer short, it shouldn't do
OpenSSL 1.1.0 does not have FIPS support either. See the end of https://www.openssl.org/blog/blog/2018/09/25/fips/
The upcoming OpenSSL 3.0.0 will be the first version that will have FIPS support:
But the patch is good to go.
@Jan-E Thanks for verifying the patch is good. Can you clarify what you mean by OpenSSL not having FIPS support presently? The effort your links are referring to seem to be the effort to build the next generation FIPS module.
Are you saying that you believe that existing builds of OpenSSL don't report -fips if it has the existing FIPS 140-2 validated cryptographic module, the OpenSSL FIPS Object Module 2.0?
There is existing FIPS support here that works with OpenSSL 1.0.1 and 1.0.2.
We are running into this issue presently with a combination of open source packages, so I don't want it to seem like this patch isn't valuable until OpenSSL 3.0.