GitHub - jatedev/libcrypt-fips

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
include_libc		include_libc
COPYING		COPYING
COPYING.LIB		COPYING.LIB
Makefile		Makefile
README		README
Versions		Versions
cert.c		cert.c
crypt-fips.c		crypt-fips.c
crypt-fips.h		crypt-fips.h
crypt-private.h		crypt-private.h
crypt.c		crypt.c
crypt.h		crypt.h
crypt_util.c		crypt_util.c
md5-crypt.c		md5-crypt.c
md5.h		md5.h
sha-test.c		sha-test.c
sha256-crypt.c		sha256-crypt.c
sha256.h		sha256.h
sha512-crypt.c		sha512-crypt.c
sha512.h		sha512.h
ufc-crypt.h		ufc-crypt.h

Repository files navigation

#
# libcrypt implementation linked with OpenSSL FIPS
#
# Jate Sujjavanich <[email protected]>

The is an implementation of libcrypt derived from eglibc 2.17. It
generates a shared libcrypt that links with a FIPS-compliant OpenSSL to
assist with STIG compliance.

It was developed in an Ubuntu 10.04 environment. The shared library
created is symbol compatible with GLIBC_2.0, and libcrypt.so.1. It can
be dropped into the appropriate multiarch directory and be picked up
with an ldconfig.

The test programs sha-test and cert (from eglibc) can be built.

Further needs to be done to make it more cross-platform aware.
Ultimately, it could be added as a feature to eglibc.


To assure FIPS compliance, the following C call must be done in
the application code. Any subsequent libcrypt calls will fail if
disallowed in FIPS mode.


if (!FIPS_mode_set(1))
  {
    ERR_load_crypto_strings();
    ERR_print_errors_fp(stderr);
    exit(1);
  }
else
  printf("*** IN FIPS MODE***\n");