> Building openssl-fips-2.0.6 for linux-x86_64, using gcc 4.8.2 and I am > seeing these same warnings on three files: > cbc128.c > ccm128.c > gcm128.c > > This is first time I've built the FIPS module for this target. For other > targets I've built (using much older gcc cross-compilers, admittedly), I > have not seen such warnings. > > I'm not clear which patch Andy is referring to that fixed them for openssl > itself in 2012,
'git log crypto/modes/cbc128.c', 'git log crypto/modes/gcm128.c' tell the story. Alternatively you can browse trees at git.openssl.org and look at histories for files in question. > or if those fixes were applied to the openssl-fips (I would > think so..). No. Once validated, FIPS module does not change. Relevant question in this case is whether or not can you ignore the warnings. Or more specifically if it's *safe* to ignore. Well, nobody can give you guarantees (it's simply prohibitive to verify machine code), but I'd say that as long as tests pass... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
