Re: [stunnel-users] stunnel with FIPS and SIGHUP

15 Jan 2011


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Lambert wrote:
...
With the suggested fix, it would look as follows:
int ssl_configure(void) { /* configure global SSL settings */
#ifdef USE_FIPS
    FIPS_mode_set(0);
    RAND_set_rand_method(NULL);
    if(!FIPS_mode_set(global_options.option.fips)) {
        ERR_load_crypto_strings();
        sslerror("FIPS_mode_set");
        return 0;
    }
    s_log(LOG_NOTICE, "FIPS mode %s",
        global_options.option.fips ? "enabled" : "disabled");
#endif /* USE_FIPS */
    :
    :
}


Does the above seem reasonable.  Could this change, or some other  
modification which would support using SIGHUP with FIPS, be  
considered for a future stunnel update?
What about:
#ifdef USE_FIPS
     if(FIPS_mode()!=global_options.option.fips) {
         RAND_set_rand_method(NULL); /* reset RAND methods */
         if(!FIPS_mode_set(global_options.option.fips)) {
             ERR_load_crypto_strings();
             sslerror("FIPS_mode_set");
             return 0;
         }
         s_log(LOG_NOTICE, "FIPS mode %s",
             global_options.option.fips ? "enabled" : "disabled");
     }
#endif /* USE_FIPS */
?
Mike
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAk0x9V8ACgkQ/NU+nXTHMtHadQCgyoxGzwuGW8GbDqTu9DCqyba4
WbcAoKIw/zrddw9HUoAR519n281oXbJt
=oxtU
-----END PGP SIGNATURE-----

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [stunnel-users] stunnel with FIPS and SIGHUP