> OK, I'm still a bit confused on the version labeling. Is it safe to > assume the next stable label pulled off HEAD (e.g. 1.0.2) will include > support for "make -f Makefile.fips dist". Or to put the question > another way, what stable label should be used to generate the FIPS > Object Model 2.0 source code?
For someone who wants to do FIPS validated cryptography there are two pieces to the puzzle. First you need the validated module, the OpenSSL FIPS Object Module 1.2.3 which is currently available, or the upcoming OpenSSL FIPS Object Module 2.0 which is still under development. Second you need a matching "FIPS capable" OpenSSL distribution. That would be 0.9.8r for the 1.2.3 module. It will eventually be 1.0.1 for the upcoming 2.0 module. If you want to write usable applications with the 2.0 module you'll have to wait awhile as neither the module nor the "FIPS capable" OpenSSL are ready yet. The 2.0 module is complete enough to test for platform compatibility, and we encourage all interested parties to try building it on their platforms of interest, but we're months away from having the critical mass of code that would support use by applications. Then it will be months more before the formal validation is awarded. We're hoping to reach that final goal by the end of this year. There is an option available to vendors wishing to prepare and ship products based on the upcoming validated module before that final validation is achieved. They can sign up for a separate "private label" validation to put their products on the CMPV "pre-validation" list which satisfies procurement requirements for much of the DoD and federal government market. OSF can perform those validations on a fixed fee basis; that revenue goes to support the open source based validation and the continued maintenance and development of OpenSSL. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org