fips mode and key management
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Tue Jan 21 20:18:18 UTC 2020
> > distinguish those two cases. Maybe the name OSSL_FIPS_PROVIDER would be
> more fitting than FIPS_MODE?
> Or perhaps OPENSSL_BUILDING_FIPS, since a couple of PR's already have and use OPENSSL_BUILDING_OPENSSL ...
OPENSSL_BUILDING_OPENSSL is really a remarkably long name. I hope this does not blow up any commandline
length limits 😉. How about using OSSL_LIBRARY library instead? This would fit nicely to OSSL_FIPS_PROVIDER:
> There's no reason to use OSSL for internal macros.
But it avoids unnecessary name clashes with system headers. Just today, I saw this collision with Windows headers:
include/openssl/types.h:74:# undef OCSP_REQUEST
include/openssl/types.h:75:# undef OCSP_RESPONSE
(Yes I know, Window headers are really polluting the global namespace).
More information about the openssl-project