Libcrypto in FIPS mode?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Libcrypto in FIPS mode?

Cipher
All,

I do know that setting Env variable OPENSSL_FIPS=1 will turn on FIPS mode for openssl/sshd binary.
Now, Is there a way to turn on FIPS mode for all the applications(SSH, Apache Server etc) which uses libcrypto using a single switch? Or in other words, how to make libcryto to work in FIPS mode?
Reply | Threaded
Open this post in threaded view
|

Re: Libcrypto in FIPS mode?

ken@bitzermobile.com
You have to do it from each application. openssl is an application that statically links the crypto libraries. Even if you used the dynamic crypto libraries (so or dll depending on your platform). you still have to set it. Look at the  FIPS_140-2-opensslUserGuide. There are a couple version out there, but all have the basic question you are asking. Also, make sure you read the FIPS_1402-opensslSecurityPolicy document.

Last, you may find this link helpful for testing and validating:

http://openssl.com/fips/2.0/platforms/ for help with specific platforms.