when i have used shared option in the ./Configure , i was able to compile the
openssl 0.9.7m successfully
but when i tested the fips function in the test folder ,that time it was
producing the error message and when i removed shared option by no-shared
option in the ./Configure command in the openssl 0.9.7m,
all the fips function in the test folder was successfully executed , is this
beacuse of the linking problem
The error message was
./fips_test_suite
>> FIPS-mode test application
>>
>> 1. Non-Approved cryptographic operation test...
>> a. Included algorithm (D-H)...successful
>> 1638508:error:2A07806E:lib(42):func(120):reason(110):fips.c:212:
>> 2. Automatic power-up self test...FAILED!
Can you please tell me is the shared library is possible for openssl 0.9.7m
which is using the openssl fips 1.1.2 module
can u please explain this statement 'If it does consist of position
independent
code then you can incorporate it into a shared library just like any
other object module, subject of course to the "fipsld" linking to set
the in-core hash.'
How to link fipsld to in-core hash
Thanks in Advance
Joshi Chandran
Steve Marquess wrote:
>
> Carlo Milono wrote:
>> How curious that this topic would come up today as I had a discussion on
>> it just two days earlier.
>> The OpenSSL FIPS 140-2 Security Policy Version 1.1.2 states:
>>
>> "The FIPS Object Module is not a static library. It may be incorporated
>> into shared library files or runtime executable application files, but
>> in any event can only be incorporated intact and in its entirety."
>>
>> This was leading me to believe that we could use this in a shared
>> library mode; perhaps we need to understand the boundaries of what may
>> be included in a shared library?
>>
>> How can we interpret the above quote?
>
> The FIPS Object Module is just that, an object module (fipscanister.o).
> For v1.1.x it may or may not consist of position independent code,
> depending on the platform. If it does consist of position independent
> code then you can incorporate it into a shared library just like any
> other object module, subject of course to the "fipsld" linking to set
> the in-core hash.
>
> If it isn't position independent, then you're out of luck as the
> Security Policy rules don't allow you to modify the build-time parameters.
>
> For v1.2 the FIPS Object Module is always generated as position
> independent code. The corresponding "FIPS capable" OpenSSL
> distributions ("fips" option) will automatically include it in the
> libcrypto shared library.
>
> -Steve M.
>
> --
> Steve Marquess
> Open Source Software Institute
> [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
>
--
View this message in context:
http://www.nabble.com/Openssl-Fips-Shared-Library-tp19552549p19558250.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
