> Is there a method that is always in the path of execution when a crypto error occurs ?? It looks like fips_set_selftest_fail() would be a likely candidate where to create an empty file on a tmpfs in order to let the OS know about the error. Comments and suggestions welcomed.? Based on your experience with FIPS validation process, and many customers/sponsors, do you think that having a ever so slightly modified OpenSSL FIPS code would increase validation costs for a whole unit (OS and apps) ?? Recently Steve, I think, has mentioned that the cost for an initial OpenSSL FIPS validation was well into the 6 numbers.? Would this type of figure be added to a project if OpenSSL FIPS is modified ?? I think the labs could go with a diff and see how simple the modification is. Regards.
