I came up with a very simple set of changes to VC-32.pl, mkdef.pl, and do_ms.bat that makes it possible to add a prefix to the names used to create the libeay and ssleay outputs. But I'm new here and not sure what procedure to follow to share those changes. Please advise.
With my changes in place the build only uses new names if an environment variable is set prior to performing the build. -Ike- John Eichenberger Principal Engineer: Sustaining Engineering: Intermec 425.265.2108 john.eichenber...@intermec.com -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Vuille, Martin (Martin) Sent: Tuesday, November 05, 2013 11:04 AM To: openssl-users@openssl.org Subject: RE: Experimental multi-implementation support for FIPS capable OpenSSL On Tue, Nov 5, 2013, Dr. Stephen Henson wrote: > On Tue, Nov 05, 2013, Vuille, Martin (Martin) wrote: > > > Hi, > > > > I have some questions about this change: > > > > > http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dded7f7e8e9f7 > > 37ef9d7e3c3ef165a78fd7fa1d > > > > I am interested in using this functionality and wondering whether it > > would be feasible and reasonably safe for me to back-port it on top > > of > 1.0.1e? > > > > You can backport it to 1.0.1e but it will never be officially part of > the > 1.0.1 release as it includes new features. The first version of > OpenSSL it will appear in in 1.0.2. > > > What is it about this change that makes it "experimental"? > > > > It hasn't been widely tested and the tecnique of having mutiple > implementations of the same algorithm in EVP hasn't been used in > OpenSSL before. In 1.0.1 the more cautious approach of not having > non-FIPS EVP implementations was taken instead. > Another approach I am considering is to have both a FIPS-capable and non-FIPS capable version of OpenSSL installed on the system (with suitable adjustments to .so file names to avoid conflicts) with the application using the former when FIPS mode is required and the latter otherwise (perhaps by dynamically loading the appropriate one, or by using a different LD_LIBRARY_PATH). Any thoughts on the viability of that approach? MV ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
