On 7/19/10 9:25 AM, Philip Prindeville via RT wrote: > On 7/18/10 12:27 PM, Stephen Henson via RT wrote: >>> [philipp_s...@redfish-solutions.com - Sun Jul 18 19:02:04 2010]: >>> >>> The problem here is that the intermediate binaries like >>> ./fips_standalone_sha1 are being built with the target compiler, not >>> the host compiler. >>> >>> I had submitted a patch a year and a half ago to fix this issue, but >>> for whatever reason it's been languishing. >>> >> That was addressed some time ago as part of the cross compilation >> support for FIPS builds. Let me know of any problems. > When did this patch get applied? I see it's in 0.9.8n > >>> Which "appropriate patch" are you talking about? >>> >> Historically the problem with FIPS builds was that you needed to execute >> target binaries in order to embed the appropriate signature (the fipsld >> script did that). That was fine if the host and target were compatible >> but choked if they weren't. >> >> We couldn't change that without modifying the validated module source >> and that is not allowed without permission. >> >> An update to the validation (a change letter) now means cross >> compilation is supported for FIPS builds. The "appropriate patch" is >> something that adds cross compilation functionality to the validated >> module. It is at: >> >> http://www.openssl.org/source/openssl-fips-1.2.crossbuild.diff.gz >> >> Steve. > Did a bump to 0.9.8n and ran into a separate issue: we need to explicitly > pass various flags to CC and LD, but there's no easy way to do that. So > added the following patch.
Anything? Up/down vote? Is it acceptable, or if not, what do I need to do to make it acceptable? Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
