On Thu, Feb 19, 2015 at 05:19:37AM -0500, jonetsu at teksavvy.com wrote: > Hello, > > Could you please comment on the following ? Any suggestion, insight, > hint, is greatly appreciated. > > In FIPS mode, the OS, the device, must be aware of crypto errors, and > adopt a certain behaviour when one occurs. Like shutting down all > data output interfaces. > > This means that when using OpenSSL, a link must be made between > OpenSSL (or the application using it) and the OS, if only to signal > the OS of such errors. > > I would like to modify the FIPS OpenSSL library in such a way that a > OS-specific action is taken when a FIPS error is detected. That > action could be writing a file, writing a specific log msg, sending a > signal to an application, etc. To continue in the same vein, are > there major exit points in the library that could reduce the amount of > modifications to be made ? Is error information inh FIPS mode > traveling in the library in such a way that it could be examined and > acted upon at a precise point, covering all error conditions ? > > Are these mainlines making sense, based on your experience with the > OpenSSL library ? > > Another way would be to modify the applications that uses the OpenSSL > library. I tend to think that it would be more efficient and easier on > maintenance to modify the OpenSSL library. But then, the complexity > of tapping on (every) exit point from the library could be > overwhelming, when compared to the source code of several > applications. Well, the writing is that the "crypto module" must stop operating on error. We solved this by calling abort(); in the openssl library on FIPS related error conditions. Ciao, Marcus
