PGNet wrote:
On Fri, Jan 9, 2009 at 3:29 PM, Kyle Hamilton <aerow...@gmail.com> wrote:
If you read it, you too will see this. :)
Actually, I HAD already read section 4.2.1 of the UserGuide for *v1.2*,
"4.2.1Building the FIPS Object Module from Source
The specification of any other options on the command line, such as
./config fipscanisterbuild shared
is specifically not permitted"
which seemed pretty clear and unequivocal to me.
There was an exception for WIndows,
"4.3.1Building the FIPS Object Module from Source
Next build the FIPS Object Module from source:
ms\do_fips [no-asm]
where the no-asm option may or may not be present depending on the
platform (see ยง3.2.1)"
which, NOT being on Windows I'd ignored.
But, yes, now reading the SecurityPolicy.pdf, "no-asm" is mentioned in
*usage* a numebr of times ... but never specifically "allowed", and
the apparent contradiction is never mentioned, afaict.
Again, my mistake -- no suprise :-/ But sure seems confusing when you
read it ...
I've updated the User Guide to correct this omission and note that
"no-asm" is indeed permissable. Also added some more commentary on
installation to arbitrary destinations.
http://www.openssl.org/docs/fips/UserGuide-1.2.pdf.
Thanks,
-Steve M.
--
Steve Marquess
Open Source Software institute
marqu...@oss-institute.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
