On 04/15/2013 03:16 AM, Cipher wrote: > Hi, > According to FIPS security requirement, untill POST and other tests are > successful in FIPS mode, no crypto interfaces should be up. > Now, i have a doubt here. > I have two daemons, sshd and apache. > I turn on FIPS in *sshd*, which runs POST and other algorithm tests and then > listens on port 22 in FIPS mode. Now if i turn on FIPS mode in *apache*, > will the POST and other tests will be run again? If so, i am in trouble > since my ssh interface is already up which is a crypto interface. > > How to sync up the power on tests and other tests for different > applications?
This is really a question about how shared libraries work, and really should have gone to the user list. Each process, sshd and httpd, copies the writable segments of the libcrypto library (which contains the FIPS module) into private memory. So each such process performs actions which modify that private memory (such as enabling FIPS mode) entirely independently of other processes. The same is true for static linking, of course, as each process has separate copies of both readonly and writable code. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
