FIPS: Common method executed in case of error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> From: "Dr. Stephen Henson" <steve at openssl.org> 
> Date: 03/10/15 20:04 

> I mean you could add a callback to FIPS_mode_set using
> FIPS_post_set_callback: see the fips_test_suite.c application
> for an example. The supplied callback is called during each
> POST, continuous RNG and pairwise consistency checks. The "op"
> value is set to FIPS_POST_FAIL if any test fails.

This is basically what was also suggested by Henrik in a related
thread recently, which I understood being implemented in an
application.? The variation here would be that the callback is
part of the library, located in FIPS_mode_set() in o_fips.c, with
the callback itself being defined elsewhere in the same file.

A potentially useful case for some applications that do not need
to be further modified would be for the library to automatically
know that it has to run in FIPS mode.? Eg. to automatically call
FIPS_mode_set() at load time, based on a env. var. or some other
external sign.






[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux