On Wed, Nov 14, 2012 at 12:32 PM, Nou Dadoun ndad...@teradici.com wrote:
Hi folks,
We have several projects that use openssl in both FIPS-mode and
non-FIPS-mode; one of the projects that we have that does not use FIPS-mode
is one that uses the Boost ASIO library in which we can reach done into the
openssl properties to get properties and operations that aren't provided
directly by Boost. This project currently uses openssl 0.9.8x.
We're interested in moving this project to run in FIPS-mode (with a
corresponding openssl version upgrade) and I was wondering if anyone here had
experience in setting up a Boost project to run in FIPS-mode. Any general
comments? ... N
On Windows, you will likely have problems with Boost. I could not get
Boost to compile properly due to problems with their preprocessor
macros (“Mixing a dll boost library with a static runtime is a really
bad idea…”,
http://stackoverflow.com/questions/9527713/mixing-a-dll-boost-library-with-a-static-runtime-is-a-really-bad-idea).
Boost also lacks thread safety, so I'm skeptical about ASIO reaching
into OpenSSL (for which you provide locks).
Boost does have threading support, which is almost completely broken
the last time I checked (I actually audited it about a year ago). Its
full of Comp Sci 101 mistakes. The library did not validate parameters
and ignored return values on critical code paths. Don't believe all
the Fan Boi chatter about quality as Boost seems to lack a QA process.
Jeff
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org