On 6/28/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Wed, Jun 28, 2006, Hagai Yaffe wrote:
> Is it possible that there will not be an OpenSSL FIPS validated version
> for Windows?
>
The MingW+MSYS build works fine on Windows so in that sense there will be a
"version for Windows". However applications would have to be developed using
MingW.
The problems arise when the MingW build is combined with VC++ in order to get
a library which can be used with VC++ or every alternative scenario I've tried
such as using the whole libcrypto.a from MingW.
This makes me wonder if the same problem is going to exist with the
Intel C++ compiler, too.
I'll create an environment based on the 1.0 code and see if changing
mingw's ideas of the API headers to use the Platform SDK's instead
actually works.
At least one issue is that the MingW is built using one set of headers and
any structures it uses implemented in the VC++ library might be incompatible.
There are other peculiar bits of behaviour such as MingW object files crashing
when accessing their own global variables.
Are they not being put in the _DATA segment properly? Exactly what
version of mingw are you building with?
(Also, it occurs to me that someone could just as easily create
basically a FIPS-validated Windows add-on library...)
It may be possible to adapt the new distribution to VC++ but I doubt it at
this stage. When I can upload it (not I don't know when yet!) others will be
able to have a go a diagnosing some of the weirder issues.
Who all is authorized to work on the FIPS codebase at the moment?
The best bet is a follow up vallidation where VC++ is used throughout instead
of trying to adapt a Unix based build system.
...so what if ${CC} set in the environment at ./Config fips time turns
out to be VC++'s compiler? Does Config respect that?
Also: a quick question, exactly what functions are going behind the
security boundary now? (General categoricals work.)
Thanks for your (very limited) time, Steve.
-Kyle H
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
