pankaj227 wrote:

> Ok ! I can't modify the fips_premain.c but what If It can't be integrated
> into my application as it is. Doesn't it limit the usage of
> fipscanister.lib
> by making it mandatory to have c like application which can use it.

No, it doesn't. The FIPS canister has to provide some interface, and a
C-like interface is about the best there can be.

> What if I don't use  fips_premain.c at all and write my own code to set
> FIPS_signature[].

Then you're not complying with the security policy, the same as if you
replaced any other cryptographic code with your own code that you claim does
the same thing.

Stop trying to tamper with the FIPS canister. Put your own code *outside*
the canister.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to