gsk_fips_state

Sets the state of FIPS mode for System SSL.

Format

   

   gsk_status gsk_fips_state_set(
                                 GSK_FIPS_STATE_ENUM_VALUE  enum_value)

Parameters

enum_value: Specifies the FIPS state enumeration value.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. The following are some possible errors:

[CMSERR_ATTRIBUTE_INVALID_ENUMERATION]: The enumeration value is not valid or it cannot be set because of the current state.
[CMSERR_FIPS_MODE_EXECUTE_FAILED]: The request to execute in FIPS mode failed because the Cryptographic Services Security Level 3 FMID is not installed so that the required System SSL DLLs could not be loaded.
[CMSERR_FIPS_MODE_SWITCH]: The System SSL FIPS mode state cannot be changed to FIPS mode because it is currently not in FIPS mode.
[CMSERR_KATPW_FAILED]: The power-on known answer tests failed. FIPS mode cannot be set.
[CMSERR_KATPW_ICSF_FAILED]: The power-on known answer tests failed. Either ICSF was not available or FIPS mode was disabled. FIPS mode cannot be set.

Usage

The gsk_fips_state_set() routine sets the enumerated value for the System SSL FIPS mode state.

The FIPS mode setting applies to the entire process. Once set, then all threads of the same process execute in FIPS mode. If any thread switches to non-FIPS mode, then all threads in the same process execute in non-FIPS mode.

In order to set FIPS mode, this function must be executed before all other System SSL API functions except for gsk_get_cms_vector(), gsk_get_ssl_vector(), and gsk_fips_state_query(). It is possible to switch to a non-FIPS mode at a later time. It is not possible to switch from non-FIPS mode to FIPS mode at any time.

The following enumerated values are supported:

GSK_FIPS_STATE_ON: FIPS mode state has been set to FIPS mode.
GSK_FIPS_STATE_OFF: FIPS mode state has been set to non-FIPS mode.