Hi team, I just build the shared libraries of FIPS capable OpenSSL in Suse Linux 32bit with FIPS Object Module v1.2.3. The OpenSSL version is 0.9.8n, and the shared libraries generated are libssl.so.0.9.8 and libcrypto.so.0.9.8.
I want to link the shared libraries with different module in one application, but not all of the modules are FIPS capable. Is it OK to make some of them be FIPS compliant and others not, with the same shared libraries? For example, the application have used module A and module B, and both of them are shared libraries which are linked with OpenSSL shared libraries without FIPS object module. Now Module A needs to be FIPS 140-2 compliant, so I am going to add "-DOPENSSL_FIPS" in its Makefile, call "FIPS_mode_set(1)" in its code, and link it with the FIPS capable OpenSSL shared libraries. Module B needs to be non-FIPS compliant for backward compatibility, so I will not change anything and only link it with the FIPS capable OpenSSL shared libraries. If I do it, will module B act as the same as before when the application is running? Best Regards, Hao
