Using FIPS-validated Libraries

The SDK can be configured to use FIPS-validated libcrypto library. You can set it programmatically on a per session basis or persistently across the environment. Both approaches require the path to the libcrypto library on your system.

Enabling FIPS Mode Programmatically

To configure the SDK to use a FIPS-validated libcrypto library, execute the following:

oci.fips.enable_fips_mode('</path/to/libcrypto.x.x.x>')

Setting the Environment Variables

If you do not want to run enable_fips_mode() for every session, you can set an environment variable so that the SDK uses the library every time.

Set the following environment variable to the path to the libcrypto library:

  • FIPS_LIBCRYPTO_PATH

Verifying the Configuration

To verify that the SDK is using the libcrypto library that you specified, execute the following:

oci.fips.is_fips_mode()

This should return True, indicating that the SDK is using the library specified by the environment variable.