问题
Does Erlang 19.x compliant FIPS? Or it needs to be built?
How can we build FIPS enable erlang and once build is there, is there some mechanism to verify it?
When search erlang documentation, there is no mention of FIPS http://erlang.org/doc/search/?q=fips&x=0&y=0. But when search the github repo of erlang there are quit a referance to fips https://github.com/erlang/otp/search?p=2&q=fips&type=&utf8=%E2%9C%93
回答1:
FIPS 140-2 support was merged into the master branch in this pull request. It is was released in Erlang/OTP 20.0 (see entry OTP-13921 in the readme file), so the answer to your question is "no": Erlang 19 is not FIPS 140 compliant. (Though you could apply the patch on top of Erlang 19, if you really want to.)
Even with the new release, you'd have to:
- configure Erlang to support it, using the command line
./configure --enable-fipsbefore compiling it - ensure that Erlang is linked to a FIPS-compliant OpenSSL library
- set the
fips_modesetting of thecryptoapplication totruebefore loading thecryptomodule - the most convenient place would be in thesys.configfile of your Erlang release
来源:https://stackoverflow.com/questions/43799204/is-erlang-19-xx-is-fips-compliant