On Thu, Feb 05, 2009, Young, Alistair wrote: > > Thanks Steve. Unfortunately we need to something with FIPS validation > behind it, so the standard Java crypto libraries (or something like > BouncyCastle) are out. It also means that we can't modify the OpenSSL > source so would have to add wrappers if we wanted to extend its > functionality. > > JNI is looking increasingly inevitable - but, of course, while I believe > that the general OpenSSL libraries can be built with JNI bindings, this > is not true of the FIPS build - so we'll have to write those ourselves > too. > > If I find an alternative approach, I'll post it back to this list. >
Well you can modify the OpenSSL source just not the validated source. OpenSSL 0.9.8j is an example of that. I'm not a JNI expert but if the bindings use the shared libraries you should just be able to use 0.9.8j+fips shared libraries. The only addition you'd need is FIPS_mode_set(). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
