Can't recall previous discussions on this, but would it be possible to have a FIPS engine?
Cheers Richard Steve Marquess <marqu...@openssl.com> skrev: (31 oktober 2015 13:34:33 CET) >On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote: >> Hi, >> >> I don't know what your intentions are with FIPS support in master, >... > >We would like to continue to provide a FIPS validated module for the >1.1 >(and subsequent) releases. Unfortunately the current module ("OpenSSL >FIPS Object Module 2.0") designed for compatibility with the 1.0 >releases won't be compatible with 1.1. That means we need to obtain a >new validation for a new module, an endeavor fraught with many >difficulties (none of them technical). > >I do expect the stars will align for that eventually, as they have for >the five previous open source based validations. In the interim, since >the FIPS module is shaped almost entirely by policy and metaphysical >considerations, we should not include any incomplete FIPS specific code >in 1.1 -- code that even if complete in some speculative sense would >also be unusable absent a matching FIPS 140-2 validation. > >-Steve M. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev