2

Does Erlang 19.x compliant FIPS? Or it needs to be built?

How can we build FIPS enable erlang and once build is there, is there some mechanism to verify it?

When search erlang documentation, there is no mention of FIPS http://erlang.org/doc/search/?q=fips&x=0&y=0. But when search the github repo of erlang there are quit a referance to fips https://github.com/erlang/otp/search?p=2&q=fips&type=&utf8=%E2%9C%93

Rafiq
  • 51
  • 7

1 Answers1

4

FIPS 140-2 support was merged into the master branch in this pull request. It is was released in Erlang/OTP 20.0 (see entry OTP-13921 in the readme file), so the answer to your question is "no": Erlang 19 is not FIPS 140 compliant. (Though you could apply the patch on top of Erlang 19, if you really want to.)

Even with the new release, you'd have to:

  • configure Erlang to support it, using the command line ./configure --enable-fips before compiling it
  • ensure that Erlang is linked to a FIPS-compliant OpenSSL library
  • set the fips_mode setting of the crypto application to true before loading the crypto module - the most convenient place would be in the sys.config file of your Erlang release
legoscia
  • 39,593
  • 22
  • 116
  • 167
  • 1
    Thanks @legoscia, I did pull the erlang code (https://github.com/erlang/otp/pull/1180) and build it successfully. Change the kernel to FIPS mode thing did ran smoothly. I was able to verify the basic FIPS test. – Rafiq May 11 '17 at 07:26