turning on FIPS mode for different applications- Does POST takes place every time FIPS_mode_set() is called?
Hi, According to FIPS security requirement, untill POST and other tests are successful in FIPS mode, no crypto interfaces should be up. Now, i have a doubt here. I have two daemons, sshd and apache. I turn on FIPS in *sshd*, which runs POST and other algorithm tests and then listens on port 22 in FIPS mode. Now if i turn on FIPS mode in *apache*, will the POST and other tests will be run again? If so, i am in trouble since my ssh interface is already up which is a crypto interface. How to sync up the power on tests and other tests for different applications? Any suggestions would be a great help. -- View this message in context: http://openssl.6102.n7.nabble.com/turning-on-FIPS-mode-for-different-applications-Does-POST-takes-place-every-time-FIPS-mode-set-is-ca-tp44786.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [patch] openssl s_{client,server} improvements for Kerberos (fwd)
Hello, A patch I submitted has been sitting in RT for several months now with no action: http://rt.openssl.org/Ticket/Display.html?id=2962 Is there anything else I should do to get this looked at? Thanks, -- Richard E. Silverman __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: turning on FIPS mode for different applications- Does POST takes place every time FIPS_mode_set() is called?
On 04/15/2013 03:16 AM, Cipher wrote: Hi, According to FIPS security requirement, untill POST and other tests are successful in FIPS mode, no crypto interfaces should be up. Now, i have a doubt here. I have two daemons, sshd and apache. I turn on FIPS in *sshd*, which runs POST and other algorithm tests and then listens on port 22 in FIPS mode. Now if i turn on FIPS mode in *apache*, will the POST and other tests will be run again? If so, i am in trouble since my ssh interface is already up which is a crypto interface. How to sync up the power on tests and other tests for different applications? This is really a question about how shared libraries work, and really should have gone to the user list. Each process, sshd and httpd, copies the writable segments of the libcrypto library (which contains the FIPS module) into private memory. So each such process performs actions which modify that private memory (such as enabling FIPS mode) entirely independently of other processes. The same is true for static linking, of course, as each process has separate copies of both readonly and writable code. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org