On Thu, Jan 15, 2015 at 05:46:22AM -0500, jone...@teksavvy.com wrote: > On Tue, 13 Jan 2015 21:33:49 -0500 > "jone...@teksavvy.com" <jone...@teksavvy.com> wrote: > > > So basically every app that uses libssl will have to be modified to > > add a FIPS_mode_set() call near the beginning. Is that right ? > > Is there a way to automatically have the FIPS test executed when an > application loads the library, w/o the application being modified ? Is > such a way used at all ?
This is actually mandated these days. The library should do this in its ELF constructor for instance. On Linux usually triggered by /proc/sys/crypto/fips_enabled containing "1" or the environment variable OPENSSL_FORCE_FIPS_MODE=1 (at least for the certs done by SUSE and Redhat, which do not use the container blob). Ciao, Marcus _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users