when i have used shared option in the ./Configure , i was able to compile the openssl 0.9.7m successfully but when i tested the fips function in the test folder ,that time it was producing the error message and when i removed shared option by no-shared option in the ./Configure command in the openssl 0.9.7m, all the fips function in the test folder was successfully executed , is this beacuse of the linking problem
The error message was ./fips_test_suite >> FIPS-mode test application >> >> 1. Non-Approved cryptographic operation test... >> a. Included algorithm (D-H)...successful >> 1638508:error:2A07806E:lib(42):func(120):reason(110):fips.c:212: >> 2. Automatic power-up self test...FAILED! Can you please tell me is the shared library is possible for openssl 0.9.7m which is using the openssl fips 1.1.2 module can u please explain this statement 'If it does consist of position independent code then you can incorporate it into a shared library just like any other object module, subject of course to the "fipsld" linking to set the in-core hash.' How to link fipsld to in-core hash Thanks in Advance Joshi Chandran Steve Marquess wrote: > > Carlo Milono wrote: >> How curious that this topic would come up today as I had a discussion on >> it just two days earlier. >> The OpenSSL FIPS 140-2 Security Policy Version 1.1.2 states: >> >> "The FIPS Object Module is not a static library. It may be incorporated >> into shared library files or runtime executable application files, but >> in any event can only be incorporated intact and in its entirety." >> >> This was leading me to believe that we could use this in a shared >> library mode; perhaps we need to understand the boundaries of what may >> be included in a shared library? >> >> How can we interpret the above quote? > > The FIPS Object Module is just that, an object module (fipscanister.o). > For v1.1.x it may or may not consist of position independent code, > depending on the platform. If it does consist of position independent > code then you can incorporate it into a shared library just like any > other object module, subject of course to the "fipsld" linking to set > the in-core hash. > > If it isn't position independent, then you're out of luck as the > Security Policy rules don't allow you to modify the build-time parameters. > > For v1.2 the FIPS Object Module is always generated as position > independent code. The corresponding "FIPS capable" OpenSSL > distributions ("fips" option) will automatically include it in the > libcrypto shared library. > > -Steve M. > > -- > Steve Marquess > Open Source Software Institute > [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > -- View this message in context: http://www.nabble.com/Openssl-Fips-Shared-Library-tp19552549p19558250.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]