[openssl-users] OpenSSL FIPS mode system integration

jonetsu jonetsu at teksavvy.com
Fri Feb 20 14:06:42 UTC 2015

On Feb 19, 2015 10:50am Henrik Grindal Bakken wrote:

> I'm not sure it will be called on every conceivable error in
> the FIPS module, but what I do in similar situations is
> something like this:

> static int post_cb(int op, int id, int subid, void *ex)
> {
>     if (op == FIPS_POST_FAIL)
>         system("/bin/fipserror");
>     return 1;
> }

> And there somewhere:

> FIPS_post_set_callback(post_cb)

This is very interesting, thanks.  Following this hint, in the same vein the
FIPS code also has:


Although this one looks more like an entropy callback than
anythong that could be used to know about status.

The FIPS User Guide mentions both, although the information on
FIPS_post_set_callback() is not much at all.  Is there another
source than the User Guide 2.0, for detailed descriptions of
these FIPS-related methods ?  For isnatnce, the 'op' variable of 
FIPS_post_set_callback() is not described at all.  Any manual or 
info pages ?  Could be other potentially interesting methods in there. 

View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-OpenSSL-FIPS-mode-system-integration-tp56563p56586.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list