Thanks for the pointer - I should have found that myself! I was thinking 2012 pre-dated the 2.0 FIPS module validation so the change might have been picked up, but 2.0 started in 2011 so I understand your point.
Kevin On Tue, Nov 4, 2014 at 3:22 AM, Andy Polyakov via RT <r...@openssl.org> wrote: > > Building openssl-fips-2.0.6 for linux-x86_64, using gcc 4.8.2 and I am > > seeing these same warnings on three files: > > cbc128.c > > ccm128.c > > gcm128.c > > > > This is first time I've built the FIPS module for this target. For other > > targets I've built (using much older gcc cross-compilers, admittedly), I > > have not seen such warnings. > > > > I'm not clear which patch Andy is referring to that fixed them for > openssl > > itself in 2012, > > 'git log crypto/modes/cbc128.c', 'git log crypto/modes/gcm128.c' tell > the story. Alternatively you can browse trees at git.openssl.org and > look at histories for files in question. > > > or if those fixes were applied to the openssl-fips (I would > > think so..). > > No. Once validated, FIPS module does not change. Relevant question in > this case is whether or not can you ignore the warnings. Or more > specifically if it's *safe* to ignore. Well, nobody can give you > guarantees (it's simply prohibitive to verify machine code), but I'd say > that as long as tests pass... > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >
