[openssl-users] error message oddity
Jakob Bohm
jb-openssl at wisemo.com
Mon Nov 26 16:13:35 UTC 2018
On 25/11/2018 22:30, Viktor Dukhovni wrote:
>> On Nov 25, 2018, at 4:23 PM, Jeremy Harris <jgh at wizmail.org> wrote:
>>
>> That isn't the package name, it is text defined in openssl/opensslv.h
> That happens when "OPENSSL_FIPS" is defined:
>
> # define OPENSSL_VERSION_NUMBER 0x101000b0L
> # ifdef OPENSSL_FIPS
> # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0k-fips-dev xx XXX xxxx"
> # else
> # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.0k-dev xx XXX xxxx"
> # endif
>
> Given no FIPS for 1.1.x, perhaps that "#ifdef" should be "#if 0". With
> 1.1.x the "Configure" arguments should not mention "fips".
>
A better solution would be to have a separate part of the 1.1.0/1.1.1
headers error out hard (with #error) if attempting to build with
OPENSSL_FIPS defined.
This would preserve all the FIPS-related stuff (such as the above
version naming code) for when a FIPS module for 1.1.x is provided,
while leaving the blocking of accidental miscompilation in a clear
location having no other effects.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list