Chris Brook wrote: > If I read your reply right, responsibility for DAC and Known Answer Test > checking is the responsibility of the app developer, though you will provide > the DAC checksum for the crypto module. Have you also included the KATs, > since they essentially exist the OpenSSL test modules?
_Everything_ is included. > Since OpenSSL is providing source code (which presumably includes the DAC > checksum generation code), what's to prevent a user modifying the crypto > code and regenerating the checksum? Nothing. What's to prevent you claiming you're using FIPS-140 certified stuff and not doing so? Nothing. That's not the way it works. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
