Subject: RE: FIPS Support

RE: FIPS Support

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 23 Mar 2011 09:12:56 +0100 (CET)

On Tue, 22 Mar 2011, James Yerge wrote:

> Basically, detect if we're operating in FIPS mode and determine what
> functions cannot be called directly. For instance, RSA_public_decrypt()
> cannot be called directly when operating in FIPS mode, the EVP_Verify*
> functions have to be used instead. I would also assume that determination of
> FIPS only algorithms would need to be used when operating in FIPS mode.
>
> The RSA_public_decrypt() is just an example.

I suggest we have the source code either completely unconditionally adapted to
this API (if it is possible), or it gets conditionally used if the configure
script detects that the used OpenSSL library is "Fipsed".

Patches welcome!

-- 
  / daniel.haxx.se
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Received on 2011-03-23

This message: [ Message body ]
Next message: James Yerge: "RE: FIPS Support"
Previous message: James Yerge: "RE: FIPS Support"
In reply to: James Yerge: "RE: FIPS Support"
Next in thread: James Yerge: "RE: FIPS Support"
Reply: James Yerge: "RE: FIPS Support"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]