Hi Joshi: On September 18, 2008 11:01:28 am joshi chandra wrote: > Hi > > I was trying to build shared library of fips and i am facing some problem > with that .This is the step i have done > > 1. I have created the fips object module (used openssl fips 1.1.2) > > 2. Used openssl 0.9.7m to create fips capable module and when i use shared > option in ./configure ,all the fips related fucntion failed (like > fips_test_suite failed) ,if i am not using shared option,that time it > successed. > > This is the error which i am getting when using shared option in > ./Configure in openssl 0.9.7m > ./fips_test_suite > FIPS-mode test application > > 1. Non-Approved cryptographic operation test... > a. Included algorithm (D-H)...successful > 1638508:error:2A07806E:lib(42):func(120):reason(110):fips.c:212: > 2. Automatic power-up self test...FAILED! > > but it works fine when shared is not used > > This means the shared library is not supported by this version. > > Can u please help what is wrong here > From my understanding, to get a FIPS validated module, you must follow the OpenSSL FIPS Security Policy letter for letter. That means that if you change a single option on the ./configure line, it is no longer the "FIPS validated" version that you are building. Consequently, I suggest you read the security policy, and see if what you are trying to do is a validated configuration.
Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
