[openssl-users] error message oddity

Jakob Bohm jb-openssl at wisemo.com
Mon Nov 26 16:13:35 UTC 2018

On 25/11/2018 22:30, Viktor Dukhovni wrote:
>> On Nov 25, 2018, at 4:23 PM, Jeremy Harris <jgh at wizmail.org> wrote:
>> That isn't the package name, it is text defined in openssl/opensslv.h
> That happens when "OPENSSL_FIPS" is defined:
>    # define OPENSSL_VERSION_NUMBER  0x101000b0L
>    # ifdef OPENSSL_FIPS
>    #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0k-fips-dev  xx XXX xxxx"
>    # else
>    #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.0k-dev  xx XXX xxxx"
>    # endif
> Given no FIPS for 1.1.x, perhaps that "#ifdef" should be "#if 0".  With
> 1.1.x the "Configure" arguments should not mention "fips".
A better solution would be to have a separate part of the 1.1.0/1.1.1
headers error out hard (with #error) if attempting to build with

This would preserve all the FIPS-related stuff (such as the above
version naming code) for when a FIPS module for 1.1.x is provided,
while leaving the blocking of accidental miscompilation in a clear
location having no other effects.


Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list