On Fri, Dec 17, 2010 at 7:31 AM, Stephen Henson via RT <[email protected]> wrote: >> [[email protected] - Fri Dec 17 11:56:52 2010]: >> >> When the OpenSSL source code is re-validated, please consider allow >> folks to remove the algorithms. There are a few reasons to allow the >> removal of unused algorithms: >> > > There is no real need to do this. The validated tarball is there only to > produce the validated module fipscanister.o, that contains only FIPS > validated algorithms and of those you listed above only contains 2DES > and 3DES.
I also noticed some debug gear showed up in what appears to be a release build. To save the team the trouble, the 'capital t' (T) means the symbol is present in the text section, and the symbol is exported (opposed to a 'lower t', which indicates a private text section symbol). newton:fips jeffrey$ nm -g -U fipscanister.o | grep -i debug 0000000000013ce0 T _CRYPTO_get_mem_debug_functions 0000000000039440 s _CRYPTO_get_mem_debug_functions.eh 0000000000013f80 T _CRYPTO_get_mem_debug_options 0000000000039520 s _CRYPTO_get_mem_debug_options.eh 0000000000013b40 T _CRYPTO_set_mem_debug_functions 0000000000039380 s _CRYPTO_set_mem_debug_functions.eh 0000000000013f50 T _CRYPTO_set_mem_debug_options 0000000000039500 s _CRYPTO_set_mem_debug_options.eh 000000000003d0a4 d _allow_customize_debug 000000000003dd18 b _free_debug_func 000000000003dd08 b _get_debug_options_func 000000000003dd28 b _malloc_debug_func 000000000003dd20 b _realloc_debug_func 000000000003dd10 b _set_debug_options_func ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
