On Thursday, June 24, 2004 3:57 PM Peter Waltenberg wrote:
>>The non-sequestered versions of the FIPS algorithms are omitted entirely
>>(by "#ifndef OPENSSL_FIPS..." wrappers) when building in fips mode, so how
>>would both FIPS and non-FIPS implementations co-exist? You are thinking of
>>the possibility of adding both implementations using different names...?
>
>We have code which "namespaces" OpenSSL.
>
>It was written to allow our code to coexist with other versions of OpenSSL
>in the same process, but that's pretty much what you are talking about.
>It's tidy enough to allow the SSL layer to continute to work with only a
>recompile. We are planning on donating that code to OpenSSL anyway - so if
>you want to go that route, let me know.
Sounds like an interesting idea to me, but I'll leave it to the OpenSSL
core team to decide. I'm just pushing the more narrow agenda of getting
some minimal mechanism to disable non-FIPS crypto in FIPS mode.
-Steve M.
Steve Marquess
DMLSS Technical Manager
JMLFDC, 623 Porter Street, Ft. Detrick, MD 21702
DSN 343-3933, COM 301-619-3933, FAX 301-619-7831
[EMAIL PROTECTED]
