I'm building a FIPS validated module using OpenSSL sources. The system is new, and has absolutely no need for MD2, RC4, MD5, DES, 2DES, 3DES, etc.
When the OpenSSL source code is re-validated, please consider allow folks to remove the algorithms. There are a few reasons to allow the removal of unused algorithms: (1) Less code reduces compile an link times. (2) OpenSSL does not clean compile. For each warning, the code must be audited. Removing unused code reduces the number of audits and saves time. (3) Reduced code size helps reduce memory footprint, which might be a consideration on memory constrained devices. (4) Removing algorithms (and the resulting code) is a best practice, since code which is not present cannot be executed and unexpectedly fail. Thanks in advance for any consideration ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
