Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Crypto-C Micro Edition
21222324252627282930
20 Chapter 3: Resource Management
RSA BSAFE Crypto-C Micro Edition 3.x to 4.1.4 Migration Guide
end:
R_LIB_CTX_free(lib_ctx);
R_STATE_cleanup();
return 0;
}
FIPS 140-2 Provider
The FIPS 140-2 provider manages the configuration, loading, and unloading of the
FIPS 140-2 dynamic libraries. This provider is available when linking against the
ccme_fipsprov library.
Configuration and loading of FIPS 140-2 libraries is no longer performed
automatically. Instead, applications must explicitly create and configure a FIPS 140-2
provider. As a result, applications that were using the
PRODUCT_DEFAULT_RESOURCE_LIST in conjunction with the
cryptocme_fips140 library file must now use the common resources supplied by
R_PROV_
SOFTWARE
_get_default_resource_list(), and add the loaded FIPS
140-2 provider to the library context to make its resources available for use.
In Crypto-C ME 4.1.4 the use of the
R_SHLIB_LD_LIBRARY_PATH environment
variable as a way to configure the location of the FIPS 140-2 dynamic libraries is
deprecated. The application should now set the library path programmatically using
R_PROV_FIPS140_set_path() or R_PROV_FIPS140_set_path_w().
For compatibility purposes, the
R_FIPS140_FEATURE_env_path provider feature
can be supplied when creating the provider, which automatically sets the path from the
environment variable. RSA recommends that existing applications using the
environment variable be updated to supply the library path from application
configuration.
Crypto-C ME 4.1.4 management of the FIPS140-2 modes is no longer enforced by the
provider but rather by the library context. This allows providers other than the
FIPS140-2 provider to supply resource that are FIPS 140-2-compliant. For example,
PKCS #11 devices that are FIPS 140-2-compliant can be used in the various FIPS
140-2 modes.
The following code examples show configuring FIPS 140-2 for Crypto-C ME 3.x and
Crypto-C ME 4.1.4.
FIPS 140-2 Application - Crypto-C ME 3.x
int main(int argc, char **argv)
{
int ret;
R_LIB_CTX *lib_ctx = NULL;
R_RES_LIST *list =
PRODUCT_FIPS140_MODE_RESOURCE_LIST();