On 07/05/2014 02:09 AM, Jayalakshmi bhat wrote: > Hi All, > > We want to support a hardware accelerator on our device. We are using > OpenSSL with OpenSSL FIPS Object module. I wanted to know if we can add > engine support in OpenSSL FIPS Object module. > > I welcome all valuable inputs.
First, please don't cross post to both lists. The openssl-users list would suffice. You've more or less asked this question already. The OpenSSL FIPS Object Module source code is available under an open source license, so subject to the very liberal terms of that license you can hack that code to your hearts content. However... The FIPS 140-2 Level 1 validation of that module (certificate #1747) is a different thing entirely. The instant you touch the code that validation no longer applies. The code without the validation is worthless (it does nothing regular OpenSSL doesn't do better, faster, more securely). A new validation will be necessary. You will find such a validation a significant challenge even without the source code mods you contemplate. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
