[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: FIPS mode
From: Ben Laurie <ben () algroup ! co ! uk>
Date: 2004-03-28 14:19:26
Message-ID: 4066DEEE.1040909 () algroup ! co ! uk
[Download RAW message or body]
Steven Reddie wrote:
> Hi Steve,
>
> I take it that dynamically linking the FIPS OpenSSL into an executable
> means that the FIPS certification is void for that application. So as
> you have stated, static linking is required. However, if I'm producing
> a security library that uses OpenSSL and I statically link the FIPS
> OpenSSL into that security library but applications dynamically link
> against my security library what does this mean as far as the FIPS
> certification is concerned?
IMO, if you can implement a check that the DSO matches the one you
linked against (and that that matches the one compiled from the FIPS
certified source), then you are FIPS compliant - however, we do not
provide that facility out-of-the-box. We should, perhaps, modify the
security policy to this effect.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic