Back to product page

FIPS function


Specifies FIPS enabled OpenSSL configuration to load.

Type

A Long value. If successful, 0 is returned, otherwise error as specified here

Syntax

  • C
long Sftp_GetFIPS(void *Sftp, char *Buffer, int *Bufsize);
long Sftp_SetFIPS(void *Sftp, char *newVal);
The FIPS(void *Sftp,char *Buffer,int *Bufsize) syntax has these parts:
void *SftpHandle of the created Sftp instance.
char *BufferBuffer that will hold the returned string. Represents the path of the FIPS library (or empty string if none loaded).
int *BufsizeSize of the buffer.

Remarks

wodSFTPdll allows you to go into special FIPS mode by using external FIPS-certified OpenSSL library. You should provide full path to fipsmodule.cnf file in FIPS property to do so, prior to calling Connect method.

When FIPS property is set, wodSFTPdll internally calls crypto functions from provided library. If loading FIPS fails, error 33016 or 33017 is returned. Please note that if FIPS is set during development and debugging, it will most probably fail - due to debugger being attached to the process and process will be unable to load FIPS library.

You can compile your own FIPS 140-2 certified OpenSSL library to provide to this property, or you can download ours from URL

https://download.weonlydo.com/openssl3_fips.zip

We have compiled library exactly as specified in "OpenSSL FIPS Object Module" UserGuide that can be found at https://docs.openssl.org/3.0/man7/fips_module/ , on clean Windows 11 using "Microsoft Visual Studio 2022". Source was not tampered in any way before compilation process. There are no digital signatures or any other binary changes after the compilation, since it's not our DLL.

If wodSFTPdll detects that loaded DLL is already used by your application (such as if you want to share same DLL for your own FIPS capable code), FIPS will be automatically used on other wodSFTPdll instances as well. Note that if your application decides to remove FIPS requirement, it should clear out this property by setting it to empty string. In that case wodSFTPdll will revert back to internal OpenSSL functions, and so will happen on all wodSFTPdll instances.

NOTE: this property can be empty, and FIPS will not be enabled - wodSFTPdll will work as it was working before. We have internally linked non-FIPS version of OpenSSL so wodSFTPdll does not have any 3rd party requirements for normal usage.

Warning: changing this property also internally changes EncryptionList, HMacList, KeyExchangeList and KeySignatureList properties.

Platforms

Windows