[openssl-dev] FIPS mode: how is the code put together ?
jonetsu
jonetsu at teksavvy.com
Mon Aug 8 20:16:44 UTC 2016
Hello,
When using the FIPS module (version 2.0.9 if it matters, with OpenSSL
1.0.1e) the source code of both the regular openssl and the openssl-fips
have a certain number of files named the same. For instance,
crypto/bn/bn_rand.c. The FIPS version of this file has an additional check
for FIPS_module_mode() and an OPENSSL_FIPSAPI defined.
When compiling openssl-fips and then openssl, with the proper options, we
could presume that the binary representation of bn_rand.c as found in
opnssl-fips will be used. Is that so ? How is this solved at compile time
?
Thanks.
--
View this message in context: http://openssl.6102.n7.nabble.com/FIPS-mode-how-is-the-code-put-together-tp67764.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
More information about the openssl-dev
mailing list