[openssl-dev] [openssl.org #4115] [PATCH] Remove remaining FIPS code
Alessandro Ghedini
alessandro at ghedini.me
Wed Nov 11 11:16:56 UTC 2015
On Sat, Oct 31, 2015 at 08:34:33am -0400, Steve Marquess wrote:
> On 10/31/2015 08:26 AM, Alessandro Ghedini via RT wrote:
> > Hi,
> >
> > I don't know what your intentions are with FIPS support in master, ...
>
> We would like to continue to provide a FIPS validated module for the 1.1
> (and subsequent) releases. Unfortunately the current module ("OpenSSL
> FIPS Object Module 2.0") designed for compatibility with the 1.0
> releases won't be compatible with 1.1. That means we need to obtain a
> new validation for a new module, an endeavor fraught with many
> difficulties (none of them technical).
>
> I do expect the stars will align for that eventually, as they have for
> the five previous open source based validations. In the interim, since
> the FIPS module is shaped almost entirely by policy and metaphysical
> considerations, we should not include any incomplete FIPS specific code
> in 1.1 -- code that even if complete in some speculative sense would
> also be unusable absent a matching FIPS 140-2 validation.
So, does the above mean that my patch is not going to be merged?
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151111/b8f2ecd8/attachment-0001.sig>
More information about the openssl-dev
mailing list