Can u please tell me what FIPS_set_mode() returns when i am using it will the FIPS_set_mode(1), returns 1 and also when using FIPS_set_mode(1), returns 1
So how can i come out of fips mode once it is entered, how can i come out of fips mode . can u please explain it will sample program. Thank in Advance Joshi On Sat, Sep 20, 2008 at 12:12 AM, Kyle Hamilton <[EMAIL PROTECTED]> wrote: > use 'fipsld' the same way you would use your system-provided ld. It > requires a list of input files and a -o to set the name of the output > file. > > -Kyle H > > On Fri, Sep 19, 2008 at 7:53 AM, joshi chandran > <[EMAIL PROTECTED]> wrote: > > > > How to link "fipsld" linking to set the in-core hash. > > > > can u please tell me how to link fipsld to the fips module. > > > > when i am using fipsld it is showing no -o specified > > > > $ sh fipsld > > no -o specified > > > > can u please tell me wat does -o indicate here and please give the list > of > > other options and there purpose > > > > Thank in Advance > > > > Joshi Chandran > > > > On Thu, Sep 18, 2008 at 10:44 PM, Steve Marquess > > <[EMAIL PROTECTED]> wrote: > >> > >> Carlo Milono wrote: > >>> > >>> How curious that this topic would come up today as I had a discussion > on > >>> it just two days earlier. The OpenSSL FIPS 140-2 Security Policy > Version > >>> 1.1.2 states: > >>> "The FIPS Object Module is not a static library. It may be incorporated > >>> into shared library files or runtime executable application files, but > >>> in any event can only be incorporated intact and in its entirety." > >>> > >>> This was leading me to believe that we could use this in a shared > >>> library mode; perhaps we need to understand the boundaries of what may > >>> be included in a shared library? > >>> > >>> How can we interpret the above quote? > >> > >> The FIPS Object Module is just that, an object module (fipscanister.o). > >> For v1.1.x it may or may not consist of position independent code, > >> depending on the platform. If it does consist of position independent > code > >> then you can incorporate it into a shared library just like any other > object > >> module, subject of course to the "fipsld" linking to set the in-core > hash. > >> > >> If it isn't position independent, then you're out of luck as the > Security > >> Policy rules don't allow you to modify the build-time parameters. > >> > >> For v1.2 the FIPS Object Module is always generated as position > >> independent code. The corresponding "FIPS capable" OpenSSL > distributions > >> ("fips" option) will automatically include it in the libcrypto shared > >> library. > >> > >> -Steve M. > >> > >> -- > >> Steve Marquess > >> Open Source Software Institute > >> [EMAIL PROTECTED] > >> > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> User Support Mailing List openssl-users@openssl.org > >> Automated List Manager [EMAIL PROTECTED] > > > > > > > > -- > > Regards > > Joshi Chandran > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- Regards Joshi Chandran