How to find out whether openssl fips1.1.2 generate position independent
code or not
Please help me out
Thanks
Joshi
> IOn Thu, Sep 18, 2008 at 11:18 PM, joshi chandra <
> [EMAIL PROTECTED]> wrote:
>
>>
>> when i have used shared option in the ./Configure , i was able to compile
>> the
>> openssl 0.9.7m successfully
>> but when i tested the fips function in the test folder ,that time it was
>> producing the error message and when i removed shared option by no-shared
>> option in the ./Configure command in the openssl 0.9.7m,
>> all the fips function in the test folder was successfully executed , is
>> this
>> beacuse of the linking problem
>>
>> The error message was
>>
>> ./fips_test_suite
>> >> FIPS-mode test application
>> >>
>> >> 1. Non-Approved cryptographic operation test...
>> >> a. Included algorithm (D-H)...successful
>> >> 1638508:error:2A07806E:lib(42):func(120):reason(110):fips.c:212:
>> >> 2. Automatic power-up self test...FAILED!
>>
>> Can you please tell me is the shared library is possible for openssl
>> 0.9.7m
>> which is using the openssl fips 1.1.2 module
>>
>> can u please explain this statement 'If it does consist of position
>> independent
>> code then you can incorporate it into a shared library just like any
>> other object module, subject of course to the "fipsld" linking to set
>> the in-core hash.'
>>
>> How to link fipsld to in-core hash
>>
>> Thanks in Advance
>> Joshi Chandran
>>
>>
>>
>> Steve Marquess wrote:
>> >
>> > Carlo Milono wrote:
>> >> How curious that this topic would come up today as I had a discussion
>> on
>> >> it just two days earlier.
>> >> The OpenSSL FIPS 140-2 Security Policy Version 1.1.2 states:
>> >>
>> >> "The FIPS Object Module is not a static library. It may be incorporated
>> >> into shared library files or runtime executable application files, but
>> >> in any event can only be incorporated intact and in its entirety."
>> >>
>> >> This was leading me to believe that we could use this in a shared
>> >> library mode; perhaps we need to understand the boundaries of what may
>> >> be included in a shared library?
>> >>
>> >> How can we interpret the above quote?
>> >
>> > The FIPS Object Module is just that, an object module (fipscanister.o).
>> > For v1.1.x it may or may not consist of position independent code,
>> > depending on the platform. If it does consist of position independent
>> > code then you can incorporate it into a shared library just like any
>> > other object module, subject of course to the "fipsld" linking to set
>> > the in-core hash.
>> >
>> > If it isn't position independent, then you're out of luck as the
>> > Security Policy rules don't allow you to modify the build-time
>> parameters.
>> >
>> > For v1.2 the FIPS Object Module is always generated as position
>> > independent code. The corresponding "FIPS capable" OpenSSL
>> > distributions ("fips" option) will automatically include it in the
>> > libcrypto shared library.
>> >
>> > -Steve M.
>> >
>> > --
>> > Steve Marquess
>> > Open Source Software Institute
>> > [EMAIL PROTECTED]
>> >
>> > ______________________________________________________________________
>> > OpenSSL Project http://www.openssl.org
>> > User Support Mailing List openssl-users@openssl.org
>> > Automated List Manager [EMAIL PROTECTED]
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Openssl-Fips-Shared-Library-tp19552549p19558250.html
>> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager [EMAIL PROTECTED]
>>
>
>
>
> --
> Regards
> Joshi Chandran
>
--
Regards
Joshi Chandran
