The API does not have any mechanism for enforcing a lack of concurrency. Each system that the FIPS module goes into is supposed to be custom-built, anyway, so that the entire thing adheres to FIPS 140-2 processing policies.
-Kyle H On Wed, Aug 19, 2009 at 4:55 PM, Pandit Panburana<ppanb...@yahoo.com> wrote: > I would like to get a clarification. The OpenSSL Security Policy version 1.2 > states the followings. > "Only one role may be active at a time and the Module does not allow > concurrent operators." > Do you mean the Module does not have any prevention for conncurrent > operators and it depends on the user to follow i.e. enforce no concurrent > operators elsewhere? > Thank you, > -Pandit > ________________________________ > From: Kyle Hamilton <aerow...@gmail.com> > To: openssl-users@openssl.org > Sent: Wednesday, August 19, 2009 1:41:53 PM > Subject: Re: Prevent concurrent operator in FIPS mode > > The API does not prevent concurrent operators. The guidance from the > CMVP is that an application (even if operated by a webserver on behalf > of someone else) is an operator for purposes of determining compliance > with that restriction. > > Of course, the CMVP seems to want to reduce the functionality of > systems that use validated crypto to zero, as well, so I dunno where > the balance lies. Neither does Steve M, and he's pretty much > openssl's most visible diplomat to the Priesthood of the CMVP. > > -Kyle H > > On Wed, Aug 19, 2009 at 9:27 AM, Pandit Panburana<ppanb...@yahoo.com> wrote: >> Hello, >> The security policy of states that the module does not allow >> concurrent >> operators. How does API prevent concurrent operator? >> Thank you, >> -Pandit >> ________________________________ >> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
