[openssl-users] OpenSSL FIPS mode system integration
jonetsu
jonetsu at teksavvy.com
Fri Feb 20 14:06:42 UTC 2015
On Feb 19, 2015 10:50am Henrik Grindal Bakken wrote:
> I'm not sure it will be called on every conceivable error in
> the FIPS module, but what I do in similar situations is
> something like this:
> static int post_cb(int op, int id, int subid, void *ex)
> {
> if (op == FIPS_POST_FAIL)
> system("/bin/fipserror");
> return 1;
> }
> And there somewhere:
> FIPS_post_set_callback(post_cb)
This is very interesting, thanks. Following this hint, in the same vein the
FIPS code also has:
FIPS_drbg_set_callbacks(<args>)
Although this one looks more like an entropy callback than
anythong that could be used to know about status.
The FIPS User Guide mentions both, although the information on
FIPS_post_set_callback() is not much at all. Is there another
source than the User Guide 2.0, for detailed descriptions of
these FIPS-related methods ? For isnatnce, the 'op' variable of
FIPS_post_set_callback() is not described at all. Any manual or
info pages ? Could be other potentially interesting methods in there.
--
View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-OpenSSL-FIPS-mode-system-integration-tp56563p56586.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users
mailing list