Re: Windows build of FIPS 1.1.1 is not thread-safe

Fri, 10 Aug 2007 14:07:48 -0700 


Brad House wrote:

No, but it appears windows has fallen through the cracks, and there
is nothing about what compiler is to be used. If it is to be certified

again, can Windows (with you choice of compilers) be one of the test 
platform?


The whole point to the validation was that it is a source-level validation

which is totally independent of the OS. 


You would it to be totaly independent but its not, OPENSSL_SYSNAME_MINGW32
vs the OPENSSL_SYSNAME_MINGW32, the code compiles differently on
different OSs.


Why should they try to actually validate on Windows? 


Because Windows is so different, and so much more widely used then any other OS.


It would be meaningless to do so, and ultimately end up costing more money.


Not clear. The original poster had a problem on Windows, and it must mean
something for him to get this fixed.



So far no one has been able to have a technical discussion on the issue
which was reported, instead everyone is focusing on totally irrelevant
issues.  I'm not sure why, but it doesn't seem particularly productive.


First technical question could be: If a change is made to the code to
test for OPENSC_SYSNAME_MINGW32 will this fix his multi thread problem?

So part of the technical discussion needs to address if code must be
changed and thus the code must be re-certified. Or can there be some
other way around the fix.

If he is required to be FIPS compliant, then it is not irrelevant.

The restrictions to remain compliant was that you can not change the
code, and only use the commands
./config fips
make
make install

But if one was to set the CPPFLAGS or add a wrapper around gcc to add
-DOPENSSL_SYSNAME_WIN32 would this be circumventing the FIPS requirements?




-Brad
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]




--

 Douglas E. Engert  <[EMAIL PROTECTED]>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to