> [philipp_s...@redfish-solutions.com - Sun Jul 18 19:02:04 2010]: > > The problem here is that the intermediate binaries like > ./fips_standalone_sha1 are being built with the target compiler, not > the host compiler. > > I had submitted a patch a year and a half ago to fix this issue, but > for whatever reason it's been languishing. >
That was addressed some time ago as part of the cross compilation support for FIPS builds. Let me know of any problems. > Which "appropriate patch" are you talking about? > Historically the problem with FIPS builds was that you needed to execute target binaries in order to embed the appropriate signature (the fipsld script did that). That was fine if the host and target were compatible but choked if they weren't. We couldn't change that without modifying the validated module source and that is not allowed without permission. An update to the validation (a change letter) now means cross compilation is supported for FIPS builds. The "appropriate patch" is something that adds cross compilation functionality to the validated module. It is at: http://www.openssl.org/source/openssl-fips-1.2.crossbuild.diff.gz Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
