On Thu, Mar 26, 2009, ABDUL BASIT wrote: > Hi Folks, > > I am using the patch provided by > http://people.freebsd.org/~kan/openssl-gcc42.diff to prevent > gcc 4.2.3 issuing warnings on openssl fips 1.2 build such as :- > > -- > p5_pbev2.c: In function 'PKCS5_pbe2_set': > p5_pbev2.c:167: warning: function called through a non-compatible type > p5_pbev2.c:167: note: if this code is reached, the program will abort > -- > > In Section 4.1.3 of UserGuide it says "A separate source file integrity > check is required to meet the requirements of FIPS 140-2" > so would this mean that I could not use gcc 4.2.x / FIPS combination? >
If you modify the source in any way you violate the security policy and the result in not validated. However files such as the above are not used to build the validated module fipscanister.o so this doesn't matter in practice. So build the 1.2 tarball and don't worry about those warnings. When you link the validated module with OpenSSL 0.9.8k it includes fixes for the above issues. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
