Re: Draft FIPS Module v1.2 User Guide
Well, it's still not as finished as I'd like but since I'll be out of town and offline until next week I'm releasing the OpenSSL FIPS Object Module v1.2 User Guide document: http://www.openssl.org/docs/fips/UserGuide-1.2-RC1.pdf. It's still labeled as a draft as I anticipate revisions over the next few weeks. Feedback on errors/omissions/improvements will be greatly appreciated. Section 4.2.1 is incorrect, I believe. The security policy states to use ./config fipscanisterbuild but the user guide 1.2 rc states the old method of ./config fips ... Section 4.2.3 should probably also mention --with-fipslibdir so you can specify the location of the fipscanister ... Section 5.3.1, I'd probably mention that you can pass 'fipsld' as the CC env for configure scripts as well, since many projects use autoconf/automake. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Draft FIPS Module v1.2 User Guide
I'm not sure that CC is the appropriate place for fipsld. Maybe LD, but CC has other uses. -Kyle H On Sat, Nov 29, 2008 at 5:41 PM, Brad House [EMAIL PROTECTED] wrote: Well, it's still not as finished as I'd like but since I'll be out of town and offline until next week I'm releasing the OpenSSL FIPS Object Module v1.2 User Guide document: http://www.openssl.org/docs/fips/UserGuide-1.2-RC1.pdf. It's still labeled as a draft as I anticipate revisions over the next few weeks. Feedback on errors/omissions/improvements will be greatly appreciated. Section 4.2.1 is incorrect, I believe. The security policy states to use ./config fipscanisterbuild but the user guide 1.2 rc states the old method of ./config fips ... Section 4.2.3 should probably also mention --with-fipslibdir so you can specify the location of the fipscanister ... Section 5.3.1, I'd probably mention that you can pass 'fipsld' as the CC env for configure scripts as well, since many projects use autoconf/automake. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Draft FIPS Module v1.2 User Guide
Section 5.3.1, I'd probably mention that you can pass 'fipsld' as the CC env for configure scripts as well, since many projects use autoconf/automake. I'm not sure that CC is the appropriate place for fipsld. Maybe LD, but CC has other uses. Well, that's an arguable point (not that I'm looking for an argument/ flame war) considering most linking processes are processed through the compiler, which then calls ld, rather than calling ld directly. Also, the 'fipsld' script does infact compile fips_premain.c, so it's not simply linking, if you want to get technical about it. The 'fipsld' script is designed to pass-thru non-linking operations, and will only 'touch' a linking request if it is referencing libcrypto. It appears to have been designed as a CC wrapper, and the current UserGuide does explain what it does fairly well. I see no need in rewriting the section of the doc, or altering the way fipsld works, I'm only suggesting adding a small reference in the doc for projects which use autoconf/automake. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Draft FIPS Module v1.2 User Guide
Steve Marquess wrote: Well, it's still not as finished as I'd like but since I'll be out of town and offline until next week I'm releasing the OpenSSL FIPS Object Module v1.2 User Guide document: http://www.openssl.org/docs/fips/UserGuide-1.2-RC1.pdf. It's still labeled as a draft as I anticipate revisions over the next few weeks. Feedback on errors/omissions/improvements will be greatly appreciated. -Steve M. The Windows section looks like it needs a close review. The list of changes for this revision states that nasm is no longer supported and yet the instructions still refer to configuring and building with nasm. Jeffrey Altman smime.p7s Description: S/MIME Cryptographic Signature
Re: Draft FIPS Module v1.2 User Guide
Jeffrey Altman wrote: Steve Marquess wrote: Well, it's still not as finished as I'd like but since I'll be out of town and offline until next week I'm releasing the OpenSSL FIPS Object Module v1.2 User Guide document: http://www.openssl.org/docs/fips/UserGuide-1.2-RC1.pdf. It's still labeled as a draft as I anticipate revisions over the next few weeks. Feedback on errors/omissions/improvements will be greatly appreciated. -Steve M. The Windows section looks like it needs a close review. The list of changes for this revision states that nasm is no longer supported and yet the instructions still refer to configuring and building with nasm. Actually, I missed that one, yeah, MASM and NASM need to be reversed in section 2.3, since it is NASM that is used, and MASM that is not... Good catch Jeffrey. -Brad __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
Draft FIPS Module v1.2 User Guide
Well, it's still not as finished as I'd like but since I'll be out of town and offline until next week I'm releasing the OpenSSL FIPS Object Module v1.2 User Guide document: http://www.openssl.org/docs/fips/UserGuide-1.2-RC1.pdf. It's still labeled as a draft as I anticipate revisions over the next few weeks. Feedback on errors/omissions/improvements will be greatly appreciated. -Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]