JCA wrote: > One of my requirements is to use a FIPS-compliant cryptographic > module, and OpenSSL is an obvious choice. Now I understand that, when > operating in FIPS-compliant mode, all the cryptographic operations in > OpenSSL are completed atomically. In some cases, this could be a > problem. For example, if one crypto application is carrying out a > lengthy crypto operation (for example, generating an asymmetric key > pair of a large size) all other crypto operations will be blocked > until this operation is done. Is this a correct view of the way the > OpenSSL software works when in FIPS-compliant mode?
I believe this is incorrect. Requirements are placed in the security policy precisely because they are *not* enforced by the library. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
