[erlang-questions] OTP in FIPS mode ?
Drew Varner
drew.varner@REDACTED
Tue Apr 21 20:22:05 CEST 2015
Here’ s the discussion on a FIPS pull request that’s now closed: https://github.com/erlang/otp/pull/377 <https://github.com/erlang/otp/pull/377>
- Drew
> On Apr 21, 2015, at 12:32 PM, Niclas Eklund <nick@REDACTED> wrote:
>
> Hi!
>
> IMHO I think that it would be good if FIPS could supported by OTP, especially since the purpose of the FIPS standards are issued to ensure computer security and interoperability. I've seen a question about this at least once before on this list before - http://erlang.org/pipermail/erlang-questions/2012-April/065902.html But I don't know what became of it.
>
> Best regards,
>
> Nick
>
>
> On 04/21/2015 03:48 PM, jonetsu wrote:
>> Hello,
>>
>> We are using an Erlang-based middleware using OTP, ConfD, which
>> must now support FIPS mode. Briefly, FIPS is a U.S. standard
>> that imposes a set of crypto parameters (ciphers, algorithms,
>> etc...). FIPS-applications must use high-level OpenSSL
>> methods (The EVP set of methods) since the low-level functions
>> will make OpenSSL abort. The application must also call
>> FIPS_mode_set(1) to enable this mode for a suitable OpenSSL build
>> that supports FIPS.
>>
>> OTP uses low-level OpenSSL functions.
>>
>> Initially I considered replacing, for instance, the AES_* uses in
>> crypto.c by their EVP equivalent, while keeping the interface to
>> Erlang intact.
>>
>> Now, looking at the extent of the FIPS modifications to the OTP
>> code done last year by Dániel Szoboszlay, who worked at Ericsson
>> and Erlang Solutions, I wonder about my naïve approach.
>>
>> Are anyone here familiar with this FIPS OTP port ? Any comments
>> ? To anyone also familiar with ConfD: do you know of any effort
>> done in using this FIPS-enabled OTP code ?
>>
>> Thanks for any comments and suggestions !
>>
>> Regards.
>>
>>
>>
>>
>> _______________________________________________
>> erlang-questions mailing list
>> erlang-questions@REDACTED
>> http://erlang.org/mailman/listinfo/erlang-questions
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20150421/dc5ec7f0/attachment.htm>
More information about the erlang-questions
mailing list