> As always, if you don't care about FIPS 140 then count yourself lucky and > move on. > > Work on the new FIPS module has so far taken a backseat to higher priority > topics like the 1.1 release and security vulnerabilities, but we should start to > make some progress soon. I've put together a rough wiki page outlining > some goals for the new FIPS module: > > https://wiki.openssl.org/index.php/FIPS_module_3.0 > > Within the very tight constraints of schedule, resources, and what is > permitted by FIPS 140, we want this FIPS module to be as widely useful as > possible. > > If we've omitted anything of vital importance please speak up. The fixed base address requirement causes problems for large Windows x86 applications and there isn't a great work around. It isn't clear to me if item 2 " Support compilation in various forms" will address this or not. An option to compile the fips module as a dll instead of a static lib would be nice or at least allow the fips capable module to be rebased. Zeke Evans Senior Software Engineer Micro Focus
