forked from rabbitmq/rabbitmq-c
-
Notifications
You must be signed in to change notification settings - Fork 666
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why enabling OpenSSL FIPS ? #654
Comments
You are correct in that FIPS mode has never been used in rabbitmq-c, this was cargo-culted from somewhere else when figuring out how to do this (I think it came from the OpenSSL wiki). I believe this can be safely removed. |
gitting-around
added a commit
to gitting-around/rabbitmq-c
that referenced
this issue
May 24, 2022
reunanen
pushed a commit
to reunanen/rabbitmq-c
that referenced
this issue
Nov 21, 2023
This was cargo-culted from the OpenSSL wiki for uninitializing OpenSSL. This API has been removed v3.x and newer of OpenSSL, additionally rabbitmq-c doesn't use FIPS mode, so this is likely a no-op even using older OpenSSL. Fixes alanxz#654 Fixes alanxz#627 Signed-off-by: GitHub <noreply@github.com> (cherry picked from commit c5622b1)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I tried to build this library against OpenSSL v3. Now, FIPS certified algorithms were moved to dedicated 'provider' and the function
FIPS_mode_set
has been removed.The following lines in librabbitmq/amqp_openssl.c in fact do not seem good:
In fact, the effects of such a call has changed across the OpenSSL revision:
crypto/o_fips.c
):To me, those lines should be removed, but as I have no background on this library, there is perhaps a reason why this was added. But reading the commit 6726405, it is just to deinit openssl, but probably useless as FIPS mode has never been enabled.
Regards,
The text was updated successfully, but these errors were encountered: