OpenSSL FIPS mode system integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



"jonetsu at teksavvy.com"
<jonetsu at teksavvy.com> writes:

> Hello,
>
> Could you please comment on the following ?  Any suggestion, insight,
> hint, is greatly appreciated.
>
> In FIPS mode, the OS, the device, must be aware of crypto errors, and
> adopt a certain behaviour when one occurs.  Like shutting down all
> data output interfaces.
>
> This means that when using OpenSSL, a link must be made between
> OpenSSL (or the application using it) and the OS, if only to signal
> the OS of such errors.

I'm not sure it will be called on every conceivable error in the FIPS
module, but what I do in similar situations is something like this:

static int post_cb(int op, int id, int subid, void *ex)
{
    if (op == FIPS_POST_FAIL)
        system("/bin/fipserror");
    return 1;
}

And there somewhere:

FIPS_post_set_callback(post_cb);

-- 
Henrik Grindal Bakken <hgb at ifi.uio.no>
PGP ID: 8D436E52
Fingerprint: 131D 9590 F0CF 47EF 7963  02AF 9236 D25A 8D43 6E52



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux