Dr. Stephen Henson wrote:
On Thu, Jun 24, 2004, Ben Laurie wrote:
Dr. Stephen Henson wrote:
Well my personal perference would be to give a hard assertion error in
EVP_DigestInit_ex() and EVP_CipherInit_ex() because a non-FIPS algorithm will
only appear in there due to an application source error.
That's horribly unfriendly for (for example) interactive programs that could just tell the user they chose badly and to choose again.
I'd say that an application which offers a choice which will always fail is rather unfriendly too.
True, but not always easily avoided.
We should at least give a loud assertion error if an application gets as far as EVP_*Update() with a non-FIPS algorithm since that would imply that they've blindly ignored the error return from *Init_ex().
That I will buy.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
