On Thu, Dec 11, 2008 at 10:03:32AM -0500, Geoff Thorpe wrote: > > Engines like eng_cryptodev.c *are* built in (they're in ./crypto/engine/ > rather ./engines/) and the intention is that they should be the > implementation "de base" for those build targets to which they apply.
I'm surprised this can be certified for FIPS. Are you sure it is the case for the FIPS module? Consider that eng_cryptodev will in many cases end up using unknown -- and thus presumptively unvalidated -- hardware implementations of most of the core algorithms, in some cases even software implementations in the kernel. I would be surprised that the test lab would allow 'hooks' like this in the FIPS module. Thor ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]