[erlang-questions] OTP in FIPS mode ?
Tue Apr 21 20:22:05 CEST 2015
Here’ s the discussion on a FIPS pull request that’s now closed: https://github.com/erlang/otp/pull/377 <https://github.com/erlang/otp/pull/377>
> On Apr 21, 2015, at 12:32 PM, Niclas Eklund <nick@REDACTED> wrote:
> IMHO I think that it would be good if FIPS could supported by OTP, especially since the purpose of the FIPS standards are issued to ensure computer security and interoperability. I've seen a question about this at least once before on this list before - http://erlang.org/pipermail/erlang-questions/2012-April/065902.html But I don't know what became of it.
> Best regards,
> On 04/21/2015 03:48 PM, jonetsu wrote:
>> We are using an Erlang-based middleware using OTP, ConfD, which
>> must now support FIPS mode. Briefly, FIPS is a U.S. standard
>> that imposes a set of crypto parameters (ciphers, algorithms,
>> etc...). FIPS-applications must use high-level OpenSSL
>> methods (The EVP set of methods) since the low-level functions
>> will make OpenSSL abort. The application must also call
>> FIPS_mode_set(1) to enable this mode for a suitable OpenSSL build
>> that supports FIPS.
>> OTP uses low-level OpenSSL functions.
>> Initially I considered replacing, for instance, the AES_* uses in
>> crypto.c by their EVP equivalent, while keeping the interface to
>> Erlang intact.
>> Now, looking at the extent of the FIPS modifications to the OTP
>> code done last year by Dániel Szoboszlay, who worked at Ericsson
>> and Erlang Solutions, I wonder about my naïve approach.
>> Are anyone here familiar with this FIPS OTP port ? Any comments
>> ? To anyone also familiar with ConfD: do you know of any effort
>> done in using this FIPS-enabled OTP code ?
>> Thanks for any comments and suggestions !
>> erlang-questions mailing list
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions