On 25/11/2018 22:30, Viktor Dukhovni wrote:
On Nov 25, 2018, at 4:23 PM, Jeremy Harris <jgh@xxxxxxxxxxx> wrote:
That isn't the package name, it is text defined in openssl/opensslv.h
That happens when "OPENSSL_FIPS" is defined:
# define OPENSSL_VERSION_NUMBER 0x101000b0L
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0k-fips-dev xx XXX xxxx"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0k-dev xx XXX xxxx"
# endif
Given no FIPS for 1.1.x, perhaps that "#ifdef" should be "#if 0". With
1.1.x the "Configure" arguments should not mention "fips".
A better solution would be to have a separate part of the 1.1.0/1.1.1
headers error out hard (with #error) if attempting to build with
OPENSSL_FIPS defined.
This would preserve all the FIPS-related stuff (such as the above
version naming code) for when a FIPS module for 1.1.x is provided,
while leaving the blocking of accidental miscompilation in a clear
location having no other effects.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
