On Fri, Feb 10, 2012 at 10:01:43AM -0500, Erik Tkal wrote: > Yes, I understand all that; we currently have our own certified FIPS module > that I wired into OpenSSL via the engine APIs. Assuming that the module > boundary is the code in the FIPS canister, I want that module to perform all > FIPS-compliant operations, but still need the "outer" OpenSSL to perform > other operations.
Personally, I think if they're in the same address space (or, at least, namespace) this is dubious. But you probably have people advising you (or available to advise you) who know a lot better than I do! Thor ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
