On 19/04/2016 16:31, Steve Marquess wrote:
On 04/19/2016 09:16 AM, Jakob Bohm wrote:
On 19/04/2016 13:44, Leaky wrote:
Thanks, but I am still scratching my head as to if that is even
possible on
Windows, which would mean you can't actually compile the FIPS canister on
Windows and meet the security policy.
There are Windows ports of gzip, gunzip and tar. For example in the CYGWIN
distribution (from https://cygwin.com) or MingW32 (those 2 are free), there
are also commercial versions such as MKS.
If you use the CYGWIN variant, but run under the Windows CMD shell, you
will
have to crate a .CMD equivalent of the gunzip shell script. Instead of the
long winded code to output messages about what gunzip is, the following one
line file should do the trick (there is no lf or crlf at the end of the
line!), save this as gunzip.cmd somewhere on your PATH.
@x:\SOMEPATH\CYGWIN\bin\gzip.exe -d %*
(x:\DOMEPATH\CYGWIN is obviously whereever you installed CYGWIN)
Similarly create tar.cmd
Good catch, Jakob. I missed the Windows part.
I missed it too, Leaky caught it
As documented in Appendix A of the Security Policy, for Windows the
required canonical build commands are:
ms\do_fips no-asm
or
ms\do_fips
instead of the "./config ...; make" used for *nix style platforms. The
gunzip -c openssl-fips-2.0.N.tar.gz | tar xf -
cd openssl-fips-2.0.N
is still required, which as you noted can be done with a third party
"gunzip", e.g. from Cygwin.
Note that from a software engineering viewpoint it doesn't make much
sense to require that a "gunzip" command be installed and used when
another equivalent method of expanding the tarball is available, but the
CMVP required the specification of fixed build commands from the very
first validation.
No requirement that a specific version of "gunzip" be used, so the use
of a script would appear to be permitted.
Note that the official GNU gunzip is (as mentioned) a shell script.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
