<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Your first question should be presented to the Python developers
that provide support for OpenSSL. They would be the user of the
OpenSSL API. I'm not a Python expert, but somewhere they would have
a native layer that leverages the OpenSSL API. This native layer
code would need to invoke FIPS_mode_set(). The question is whether
our not they expose a knob to the Python user layer to
enable/disable FIPS. Maybe someone on this mailer happens to know
the answer. If not, reach out to the Python developer community.<br>
<br>
Regarding your second question, FIPS_mode_set() needs to be invoked
once within each process space. Therefore, if your Python code was
all running in a single process space, then you'd only need to
invoke it once. But if you're spawning multiple processes, then
you'll need to invoke it whenever a new process was created.<br>
<br>
<br>
<div class="moz-cite-prefix">On 09/14/2015 03:51 PM, security
veteran wrote:<br>
</div>
<blockquote
cite="mid:CAC5owtHjHuX3YAuTtyhVha8kmdGfL-kk-T6N+0QG4zHGPK9T7g@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr">Hi,
<div><br>
</div>
<div>I've built an openssl library with the FIPS objects
modules, and I was testing the new lib files by replacing the
original library files such as libcrypto.so with the new ones.</div>
<div><br>
</div>
<div>From the FIPS user guide I understand that any applications
which need to use the OpenSSL FIPS modules will need to run
the API FIPS_mode_set to enable the FIPS mode.</div>
<div><br>
</div>
<div>My question is, for the applications/ libraries like
Python-openssl which depends on the openssl libraries, how do
I make the Python-openssl module to run the FIPS_mode_set API,
in order to initialize/enable FIPS mode?</div>
<div><br>
</div>
<div>Also, does the FIPS_mode_set API only need to be run once
by one of the applications/ libraries which use OpenSSL?</div>
<div><br>
</div>
<div>Thanks for your helps!</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
openssl-users mailing list
To unsubscribe: <a class="moz-txt-link-freetext" href="https://mta.openssl.org/mailman/listinfo/openssl-users">https://mta.openssl.org/mailman/listinfo/openssl-users</a>
</pre>
</blockquote>
<br>
</body>
</html>