How to find out whether openssl fips1.1.2 generate position independent code or not
Please help me out Thanks Joshi > IOn Thu, Sep 18, 2008 at 11:18 PM, joshi chandra < > [EMAIL PROTECTED]> wrote: > >> >> when i have used shared option in the ./Configure , i was able to compile >> the >> openssl 0.9.7m successfully >> but when i tested the fips function in the test folder ,that time it was >> producing the error message and when i removed shared option by no-shared >> option in the ./Configure command in the openssl 0.9.7m, >> all the fips function in the test folder was successfully executed , is >> this >> beacuse of the linking problem >> >> The error message was >> >> ./fips_test_suite >> >> FIPS-mode test application >> >> >> >> 1. Non-Approved cryptographic operation test... >> >> a. Included algorithm (D-H)...successful >> >> 1638508:error:2A07806E:lib(42):func(120):reason(110):fips.c:212: >> >> 2. Automatic power-up self test...FAILED! >> >> Can you please tell me is the shared library is possible for openssl >> 0.9.7m >> which is using the openssl fips 1.1.2 module >> >> can u please explain this statement 'If it does consist of position >> independent >> code then you can incorporate it into a shared library just like any >> other object module, subject of course to the "fipsld" linking to set >> the in-core hash.' >> >> How to link fipsld to in-core hash >> >> Thanks in Advance >> Joshi Chandran >> >> >> >> Steve Marquess wrote: >> > >> > Carlo Milono wrote: >> >> How curious that this topic would come up today as I had a discussion >> on >> >> it just two days earlier. >> >> The OpenSSL FIPS 140-2 Security Policy Version 1.1.2 states: >> >> >> >> "The FIPS Object Module is not a static library. It may be incorporated >> >> into shared library files or runtime executable application files, but >> >> in any event can only be incorporated intact and in its entirety." >> >> >> >> This was leading me to believe that we could use this in a shared >> >> library mode; perhaps we need to understand the boundaries of what may >> >> be included in a shared library? >> >> >> >> How can we interpret the above quote? >> > >> > The FIPS Object Module is just that, an object module (fipscanister.o). >> > For v1.1.x it may or may not consist of position independent code, >> > depending on the platform. If it does consist of position independent >> > code then you can incorporate it into a shared library just like any >> > other object module, subject of course to the "fipsld" linking to set >> > the in-core hash. >> > >> > If it isn't position independent, then you're out of luck as the >> > Security Policy rules don't allow you to modify the build-time >> parameters. >> > >> > For v1.2 the FIPS Object Module is always generated as position >> > independent code. The corresponding "FIPS capable" OpenSSL >> > distributions ("fips" option) will automatically include it in the >> > libcrypto shared library. >> > >> > -Steve M. >> > >> > -- >> > Steve Marquess >> > Open Source Software Institute >> > [EMAIL PROTECTED] >> > >> > ______________________________________________________________________ >> > OpenSSL Project http://www.openssl.org >> > User Support Mailing List openssl-users@openssl.org >> > Automated List Manager [EMAIL PROTECTED] >> > >> > >> >> -- >> View this message in context: >> http://www.nabble.com/Openssl-Fips-Shared-Library-tp19552549p19558250.html >> Sent from the OpenSSL - User mailing list archive at Nabble.com. >> >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] >> > > > > -- > Regards > Joshi Chandran > -- Regards Joshi Chandran