On 7/18/10 10:00 AM, Stephen Henson via RT wrote:
[[email protected] - Tue Jul 06 23:40:15 2010]:
On 6/29/09 3:26 PM, Stephen Henson via RT wrote:
Also, in a cross-compiling environment, "CC" tends to default to the
target machine.
If you're building intermediate binaries to be run as part of the
build
itself, these need to be indicated separately.
A common practice is:
HOSTCC?=$(CC)
...
fips_standalone_sha1$(EXE_EXT): sha/fips_standalone_sha1.c
$(HOSTCC) $(CFLAGS) -DFIPSCANISTER_O -o $@ sha/fips_standalone_sha1.c
$(FIPSLIBDIR)fipscanister.o
The FIPS builds currently don't support cross compilation so this be of
much use in practice: they have to run a generate binary in order to
extract the signature during the linking process.
I'm sorry, I guess I'm not understanding what you're saying here.
If this step is run as part of the build process, then the binaries need
to be for the build host (and not the target host).
If on the other hand you're saying that this step isn't mandatory, then
can we add an additional target (like "make build-no-fips") that skips
this step altogether?
I'm not sure what you're trying to do here.
If you want to cross compile without FIPS 140-2 support then you should
never reach that point.
If you want FIPS 140-2 support then you can cross compile now using the
information in the revised security policy and the appropriate patch.
Steve.
What I'm trying to do is simple: in the case of cross-compilation, you have two
types of binaries.
You have target binaries that will get installed on the target system which
you're building for, and you have one-off intermediate binaries that are
compiled and executed in the course of the build.
The problem here is that the intermediate binaries like ./fips_standalone_sha1
are being built with the target compiler, not the host compiler.
I had submitted a patch a year and a half ago to fix this issue, but for
whatever reason it's been languishing.
Which "appropriate patch" are you talking about?
And what's been the objection to applying the patch I furnished?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
