OpenSSL FIPS is used essentially as a crypto engine, except that it's not called through the standard engine interface.
The FIPS module is validated to perform its advertised functions; if it's in FIPS mode, OpenSSL will use its linked-in OpenSSL FIPS module to perform all of its cryptographic operations (and should be used in preference to engines, as well, since a FIPS operational environment requires all cryptographic operations to be performed within the bounds of a validated cryptographic canister). If the OpenSSL library is not in FIPS mode, then it's essentially ignored. -Kyle H On Thu, May 7, 2009 at 1:31 PM, <carlyo...@keycomm.co.uk> wrote: > Hi, > > Could someone please explain to me in simple terms the relationship between > the OpenSSL FIPS module and OpenSSL itself? > > Is the FIPS module used by OpenSSL as a crypto engine or such like or am I > way off base here? > > Thanks for any assistance or pointers. > > Thanks, > > Carl > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
