On 02/01/2013 02:20 PM, Santhosh Kokala wrote: > I would really appreciate if someone answers my question. > ... > > I have a C++ application that links statically with Openssl library. We > already modify some parts of openssl (excludes crypto part) library to > extract session keys and other info to encrypt/decrypt traffic for a > whole different purpose. My question is since my application is > statically linking with Openssl, instead of calling FIPS_mode_set() in > my function, can I call it inside SSL_library_init()? > > My Application calls àSSL_library_init() calls àFIPS_mode_set(). > > Is this a valid thing to do?
>From the FIPS 140-2 perspective yes, as you don't attempt to modify the FIPS module itself. It's not such a good idea from a practical perspective; an OpenSSL library modified that way may not play well with other existing applications. In the context of the FIPS 140-2 validation the "FIPS capable" OpenSSL is just another application and and so is out of scope of the validation. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
