Hi Steve Marquess,

What's the equivalent file for* fipscanister.o on windows..?


--- On Tue, 11/4/08, Steve Marquess wrote:
From: Steve Marquess
Subject: Re: FIPS and new releases of openssl
To: openssl-users@openssl.org
Date: Tuesday, November 4, 2008, 9:46 AM

David Schwartz wrote:
>> ...

> Build the FIPS module, then fix the higher-level code, then build the rest
> of OpenSSL. So long as don't modify the source before building the

> module, you are fine. You can fix the code that doesn't go in the FIPS
> canister without violating FIPS, then link your fixed code with the
> canister.

Correct -- just don't modify *any* code in the special
openssl-fips-1.1.2.tar.gz tarball, whether that code has any effect on the
resulting fipscanister.o object module or not. You can't even modify the
README file. Once fipscanister.o (and handful of ancillary files) are generated
you should throw away everything else from that build. The fipscanister.o can
subsequently be used with a FIPS compatible (i.e., recent) OpenSSL built the
usual way from one of the usual tarballs. You do not want to use any of the
other object code from the special FIPS tarball.

-Steve M.

-- Steve Marquess
Open Source Software Institute

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org