Richard Levitte wrote:
>doctor> Why does no FIPS still include FIPS??
>
>It doesn't, all it does is throw the FIPS files through the compiler.
>However, the FIPS source should be wrapped with #ifdef OPENSSL_FIPS
>.. #endif. fips_rand.c wasn't, for some reason, and I corrected that
>earlier today. I haven't checked the other files yet, but since they
>get through my Linux build, I'm trustful :-).
>
>The reasons we do things this way are many, and usually technical.
>Personally, I like that all files get through the compiler as much as
>possible, to make sure nothing is forgotten...
We are very close (a few days at most) from the point where the 26
special source files in the ./fips/ tree can no longer be modified
(or else the FIPS validation won't apply). These files are identified
by the SHA-1 HMAC signatures in the fingerprint.sha1 files; these
signatures will be immortalized in the validation from NIST.
So if there are any last minutes fixes needed please do them now!
Steve Marquess
DMLSS Technical Manager
JMLFDC, 623 Porter Street, Ft. Detrick, MD 21702
DSN 343-3933, COM 301-619-3933, FAX 301-619-7831
[EMAIL PROTECTED]
