On 04/19/2016 10:43 AM, Jakob Bohm wrote: > On 19/04/2016 16:31, Steve Marquess wrote: >> On 04/19/2016 09:16 AM, Jakob Bohm wrote: >>> On 19/04/2016 13:44, Leaky wrote: >>>> Thanks, but I am still scratching my head as to if that is even >>>> possible on >>>> Windows, which would mean you can't actually compile the FIPS >>>> canister on >>>> Windows and meet the security policy. >>>>... > >> As documented in Appendix A of the Security Policy, for Windows the >> required canonical build commands are: >> >> ms\do_fips no-asm >> >> or >> >> ms\do_fips >> >> instead of the "./config ...; make" used for *nix style platforms. The >> >> gunzip -c openssl-fips-2.0.N.tar.gz | tar xf - >> cd openssl-fips-2.0.N >> >> is still required, which as you noted can be done with a third party >> "gunzip", e.g. from Cygwin. >> >> Note that from a software engineering viewpoint it doesn't make much >> sense to require that a "gunzip" command be installed and used when >> another equivalent method of expanding the tarball is available, but the >> CMVP required the specification of fixed build commands from the very >> first validation. >> >> No requirement that a specific version of "gunzip" be used, so the use >> of a script would appear to be permitted. > Note that the official GNU gunzip is (as mentioned) a shell script. My point was that even more generally use of various command definitions appears to be allowed. For example, we have sometimes used such scripts and/or "CC=gcc" style aliases for formal platform testing. Cross compilations in particular generally aren't possible without such command redefinitions; for those you're usually replacing multiple native (to the build system) commands with those in the cross-compile toolkit. Use of command redefinitions to affect the behavior of the compiler (as by adding compiler options) is rather more of a dark gray area. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marquess at openssl.com gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
