I have a couple of questions about the FIPS-140 stuff: 1) I don't see any Diffie-Hellman code in the fips part of the source tree except for the dh_test() function in fips_test_suite.c. Will DH be available to use in an application that will be running in FIPS mode without violating the security policy?
2) I have a multi-threaded AIX application for which I needed to add a couple of compiler flags in the OpenSSL Configure script in order to support threading under AIX. After the FIPS code is validated would making this change be allowed within the security policy? Would the source code maintainers be interested in adding these flags to the distribution? FWIW I have included the change below. diff -r1.314.2.85.2.14 Configure 448c448 < "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::", -- > "aix43-cc", "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::-qthreaded > -D_THREAD_SAFE:::BN_LLONG > RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::", Thanks! Troy Monaghen ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]