On Wed, Jul 14, 2010, Anil Tambe wrote: > >> Is "fips" no longer a valid flag to incorporate the FIPS library in > 1.0.0a? > Yes , FIPS support is removed in 1.0.X series , please also read the below.
Well it wasn't actually "removed" as never ported. Here is roughly how things went: The funding for the 1.2 validation was just to fix the issues with the 0.9.7 release, not the considerably greater task of porting to a more recent version. I felt that 0.9.7 was too old and a more recent version should support FIPS anyway. The then 0.9.9 (what is now 1.0.0) was some years from release and such a delay was unacceptable. So the best compromise was 0.9.8. So the 1.2 validation targeted 0.9.8. Unfortunately the API differences between 0.9.8 and 1.0.0 mean you cannot use the 1.2 module with 1.0.0. It was hoped at the time that new sponsors would fund a validation for 1.0.0 and later but that has so far not happened. What is really needed is a big overhaul of the whole architecture instead of just tweaking it to support new versions, but that's a major undertaking. It's a cause of if it gets funded I'll do it. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
