Release Notes

FIPS 140-2 Operations 25

RSA BSAFE Crypto-C Micro Edition 4.1.4 Release Notes

FIPS 140-2 Operations

Self Tests and Entropy

A set of self tests are performed when the FIPS 140-2-validated cryptographic module

is loaded by an application. These self tests access an internally created random

cryptographic object. This random cryptographic object requires entropy to operate

and if there is insufficient entropy, the cryptographic module fails to load. On

platforms where the sources of entropy are limited, a file-based method of providing

entropy is supported so that the self tests can execute.

The default filename is

entropy and the file must be located in the same location as

the executable. You can override the default filename and location by setting the

R_CR_RAND_ENV_ENTROPY_FILE environment variable to point to the appropriate

file. The absolute path should be specified.

FIPS 140-2 Providers

FIPS 140-2 providers, created using R_PROV_FIPS140_new(), provide both FIPS

140-2-approved and non-approved algorithms and resources. The FIPS 140-2

provider defaults to the FIPS 140-2 mode of operation.

You can change the mode on the library context to limit the algorithms available to only

those that are FIPS 140-2-approved by calling

R_LIB_CTX_set_mode()

with either

the

R_MODE_FILTER_FIPS140

R_MODE_FILTER_FIPS140_SSL

identifiers.