On 09/22/2015 07:26 PM, John Foley (foleyj) wrote: > Pull request 368 has KDF support for FIPS: > https://github.com/openssl/openssl/pull/368 > > > I've already updated libsrtp to use this API for FIPS compliance. We > would like to contribute to other downstream projects as well. But it > would help if OpenSSL accepted this pull request. > John, the problem is that we have no FIPS validation in which that can be used. We're not allowed to make such changes to existing validated modules, and have no immediate prospects of doing any new validation. IMHO there isn't much point in accepting and committing speculative code, i.e. code that we can't actually use in OpenSSL. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at opensslfoundation.com marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
