Dr. Matthias St. Pierre in gmane.comp.encryption.openssl.devel (Fri, 14 Aug 2015 08:12:58 +0200): >You say that FIPS 140-2 was broken by the introduction of applink.c . > >However the applink.c module was introduced way back in 2004 and nevertheless >OpenSSL 1.0.1 and the FIPS 2.0.9 module built happily together on Windows ever >since. >(and you can see in the build logs that '-DOPENSSL_USE_APPLINK' appears a lot)
I guess there was a change from optional (in VC9/VC11) to required in VC14, but only for the 1.0.2 branch. The PHP devs were the first to notice and included applink.c in the VS2015/VC14 builds of PHP7. Apachelounge followed by including applink.c in the VS2015/VC14 builds of Apache 2.4.16. Then I tried to compile OpenSSL 1.0.2c + FIPS 2.0.9 with VC14 and ran into the error. >Even OpenSSL 1.0.2 and FIPS 2.0.9 build together perfectly on our Windows >machines >with VS2012. Only after migrating to VS2015 we started to have this problem. True. But the Windows world is moving to VS2015/VC14, so OpenSSL has to follow. I have a faint recollection that OpenSSL 1.0.2a still had FIPS support. If that is the case, maybe you can track down where it went wrong. Jan PS. We are not obliged to use a FIPS compliant OpenSSL, so I did not investigate further. And, besides that, we are still running OpenSSL 1.0.1. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
