Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

> What about to remove declaration of FIPS_mode and FIPS_mode_set? > Those functions could be used by external packages at configure time to > detect that fips is not supported at all. > Note 1.0.0 does not declare both functions. For various reasons, the team wants them there.

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

> What about to remove declaration of FIPS_mode and FIPS_mode_set? > Those functions could be used by external packages at configure time to > detect that fips is not supported at all. > Note 1.0.0 does not declare both functions. For various reasons, the team wants them there.

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

This has been (partially) fixed, so it can probably be closed. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

[openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

we did everything we want to do, closing this. -- Rich Salz, OpenSSL dev team; rs...@openssl.org ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

> So, does the above mean that my patch is not going to be merged? No. It will be. ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

On Sat, Oct 31, 2015 at 08:34:33am -0400, Steve Marquess wrote: > On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote: > > Hi, > > > > I don't know what your intentions are with FIPS support in master, ... > > We would like to continue to provide a FIPS validated module for the 1.1 > (and

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote: > Hi, > > I don't know what your intentions are with FIPS support in master, ... We would like to continue to provide a FIPS validated module for the 1.1 (and subsequent) releases. Unfortunately the current module ("OpenSSL FIPS Object

[openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

Hi, I don't know what your intentions are with FIPS support in master, but after the removal of most if the fips/ code, several bits and pieces of now broken code have remained in the codebase. IMO it'd be better to just remove it for now. See the following GitHub pull request:

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

Can't recall previous discussions on this, but would it be possible to have a FIPS engine? Cheers Richard Steve Marquess skrev: (31 oktober 2015 13:34:33 CET) >On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote: >> Hi, >> >> I don't know what your intentions are

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

On October 31, 2015 2:09:50 PM GMT+01:00, Steve Marquess wrote: >On 10/31/2015 09:01 AM, Richard Levitte wrote: >> Can't recall previous discussions on this, but would it be possible >to have a FIPS engine? > >Of a sort, yes. I'll let Steve Henson speak to the details,

Re: [openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code

On 10/31/2015 09:01 AM, Richard Levitte wrote: > Can't recall previous discussions on this, but would it be possible to have a > FIPS engine? Of a sort, yes. I'll let Steve Henson speak to the details, but it is his hope (and mine) that FIPS module support for 1.1 and beyond would be modular so