On Wed, Apr 18, 2012, Erik Tkal wrote: > Any takers? Should I be able to build a FIPS-capable OpenSSL and have some > of the implementation be provided via an ENGINE (e.g. let's say I have a > hardware module to perform AES) but some by the OpenSSL FIPS canister? Or is > it truly all or nothing? >
Yes the FIPS capable OpenSSL should behave in a manner similar to non-FIPS capable OpenSSL when not in FIPS mode, though it currently use the algorithm implementations in the FIPS module even when not in FIPS mode. I'll look into it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
