Can u please tell me what FIPS_set_mode() returns
when i am using it will the FIPS_set_mode(1), returns 1 and
also when using FIPS_set_mode(1), returns 1
So how can i come out of fips mode once it is entered, how can i come out of
fips mode .
can u please explain it will sample program.
Thank in Advance
Joshi
On Sat, Sep 20, 2008 at 12:12 AM, Kyle Hamilton <[EMAIL PROTECTED]> wrote:
> use 'fipsld' the same way you would use your system-provided ld. It
> requires a list of input files and a -o to set the name of the output
> file.
>
> -Kyle H
>
> On Fri, Sep 19, 2008 at 7:53 AM, joshi chandran
> <[EMAIL PROTECTED]> wrote:
> >
> > How to link "fipsld" linking to set the in-core hash.
> >
> > can u please tell me how to link fipsld to the fips module.
> >
> > when i am using fipsld it is showing no -o specified
> >
> > $ sh fipsld
> > no -o specified
> >
> > can u please tell me wat does -o indicate here and please give the list
> of
> > other options and there purpose
> >
> > Thank in Advance
> >
> > Joshi Chandran
> >
> > On Thu, Sep 18, 2008 at 10:44 PM, Steve Marquess
> > <[EMAIL PROTECTED]> wrote:
> >>
> >> Carlo Milono wrote:
> >>>
> >>> How curious that this topic would come up today as I had a discussion
> on
> >>> it just two days earlier. The OpenSSL FIPS 140-2 Security Policy
> Version
> >>> 1.1.2 states:
> >>> "The FIPS Object Module is not a static library. It may be incorporated
> >>> into shared library files or runtime executable application files, but
> >>> in any event can only be incorporated intact and in its entirety."
> >>>
> >>> This was leading me to believe that we could use this in a shared
> >>> library mode; perhaps we need to understand the boundaries of what may
> >>> be included in a shared library?
> >>>
> >>> How can we interpret the above quote?
> >>
> >> The FIPS Object Module is just that, an object module (fipscanister.o).
> >> For v1.1.x it may or may not consist of position independent code,
> >> depending on the platform. If it does consist of position independent
> code
> >> then you can incorporate it into a shared library just like any other
> object
> >> module, subject of course to the "fipsld" linking to set the in-core
> hash.
> >>
> >> If it isn't position independent, then you're out of luck as the
> Security
> >> Policy rules don't allow you to modify the build-time parameters.
> >>
> >> For v1.2 the FIPS Object Module is always generated as position
> >> independent code. The corresponding "FIPS capable" OpenSSL
> distributions
> >> ("fips" option) will automatically include it in the libcrypto shared
> >> library.
> >>
> >> -Steve M.
> >>
> >> --
> >> Steve Marquess
> >> Open Source Software Institute
> >> [EMAIL PROTECTED]
> >>
> >> ______________________________________________________________________
> >> OpenSSL Project http://www.openssl.org
> >> User Support Mailing List openssl-users@openssl.org
> >> Automated List Manager [EMAIL PROTECTED]
> >
> >
> >
> > --
> > Regards
> > Joshi Chandran
> >
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
--
Regards
Joshi Chandran
