On Tue, Apr 11, 2006, Brad House wrote: > Ran into 3 problems, all of which are addressed here: > 2) The inline assembler in fips-1.0/fips_canister.c for > PPC doesn't work with GCC and AIX's assembler properly > (it creates an undefined symbol reference to '.', yeah > that's right a period is the symbol name). Since the > fips_canister.c cannot be modified, I had to define > INSTRUCTION_POINTER_IMPLEMENTED(ret), and I put that in > e_os.h. The actual implementation used is the same exact > implementation which the codepath actually uses on AIX > if you were to use IBMs XLC compiler.
It is not only fips_canister.c which cannot be modified. *NOTHING* in the fips-1.0 tarball can be modified without invalidating the certification. There is a published hash for that tarball in the security policy and it is effectively frozen. The possibility of including minor non-cryptographic changes in a "fast track" followup certification may exist. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
