wodSFTP API library - FIPS Property
 FIPS function
      
 

Description

Specifies FIPS enabled libeay32.dll to load.


Return type

A Long value. If successful, 0 is returned, otherwise error as specified here.  


Syntax

long Sftp_GetFIPS(void *Sftp, char *Buffer, int *Bufsize);
 long Sftp_SetFIPS(void *Sftp, char *newVal);

The FIPS function syntax has these parts:

Part Description
void *Sftp Handle of the created Sftp instance.
char *Buffer Buffer that will hold the returned string. Represents the path of the FIPS library (or empty string if none loaded).
int *Bufsize Size of the buffer.

Remarks

wodSFTP allows you to go into special FIPS mode by using external FIPS-certified OpenSSL library. You should provide full path to libeay32.dll file in FIPS property to do so, prior to calling Connect function.


When FIPS property is set, wodSFTPdll internally calls crypto functions from provided library, first by enabling FIPS mode using FIPS_mode_set() OpenSSL call. If call fails, error 33016 or 33017 is returned. Please note that if FIPS is set during development and debugging, it will most probably fail - due to debugger being attached to the process and process will be unable to load libeay32.dll at required address space (0xFB00000).


You can compile your own FIPS 140-2 certified OpenSSL library to provide to this property, or you can download ours from URL

 

https://secure.weonlydo.com/Samples/libeay32.zip

 

We have compiled library exactly as specified in "OpenSSL FIPS Object Module" UserGuide that can be found at http://www.openssl.org/docs/fips/UserGuide-1.2.pdf , on clean Windows XP using "Microsoft Visual Studio 2005" and "The Netwide Assembled NASM", using exact steps explained in above document. Source was not tampered in any way before compilation process. There are no digital signatures or any other binary changes after the compilation - since that would also result in FIPS_mode_set() call to fail.

If wodSFTP detects that loaded DLL is already used by your application (such as if you want to share same DLL for your own FIPS capable code), and FIPS_mode() API returns TRUE, wodSFTP will not call FIPS_mode_set() again. Note that if your application decides to remove FIPS requirement, it should clear out this property by setting it to empty string. In that case wodSFTP will revert back to internal libeay32 functions.

NOTE: this property can be empty, and FIPS will not be enabled - wodSFTP will work as it was working before. We have internally linked non-FIPS version of libeay32.dll so wodSFTP does not have any 3rd party requirements for normal usage.