OpenSSL 1.0.1 has the following flag definitions: RSA_FLAG_NON_FIPS_ALLOW DSA_FLAG_NON_FIPS_ALLOW EC_FLAG_NON_FIPS_ALLOW EVP_CIPH_FLAG_NON_FIPS_ALLOW EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
And these flags are checked in either the FIPS Module 2.0 code itself (fipscanister.o) or in the FIPS capable OpenSSL (libcrypto). If an application using FIPS capable OpenSSL: 1) Sets the FIPS mode of FIPS Module 2.0 AND 2) Sets the above NON_FIPS_ALLOW flags Is the FIPS certificate of FIPS Module 2.0 violated? Thanks Varma
