Using FIPS mode and modifying apps

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 15, 2015 at 05:46:22AM -0500, jonetsu at teksavvy.com wrote:
> On Tue, 13 Jan 2015 21:33:49 -0500
> "jonetsu at teksavvy.com" <jonetsu at teksavvy.com> wrote:
> 
> > So basically every app that uses libssl will have to be modified to
> > add a FIPS_mode_set() call near the beginning.  Is that right ?
> 
> Is there a way to automatically have the FIPS test executed when an
> application loads the library, w/o the application being modified ?  Is
> such a way used at all ?

This is actually mandated these days.

The library should do this in its ELF constructor for instance.

On Linux usually triggered by /proc/sys/crypto/fips_enabled containing "1"
or the environment variable OPENSSL_FORCE_FIPS_MODE=1 (at least for the certs
done by SUSE and Redhat, which do not use the container blob).

Ciao, Marcus


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux