Thank you, Steve for your input. > You say it is "dynamic linked". How are you actually handling that? Are you > linking to libeay32.dll only or fipscanister.lib too?
If I do not manually export FIPS_selftest through crypto.h and libeay.def I have to use the fipscanister.lib too otherwise Visual Studio linker(link) reports unresolved external symbol for FIPS_selftest. This is kind of expected cause the symbol FIPS_selftest is not found by the linker. If I use the the same approach that I did above with the FIPS_selftest_2 function I can call the FIPS_selftest_2 which calls FIPS_selftest and everything works fine. No fibscanister.lib. The same situation applies if I include the FIPS_selftest function in crypto.h and in the libeay.def file. Then there is no problem with the FIPS_selftest function. The question is should it be done? If FIPS_selftest has no practical value it probably doesn't matter. But then there is the problem that it is mandated by the FIPS 140-2. I do not believe that there is a problem with my setup of OpenSSL and the FIPS-module. I can run FIPS_set_mode and everything works fine, all the following crypto operations works as expected. Once again thank you Stephen. I am great admirer of the OpenSSL project. Rickard Binnare 2013/2/20 Dr. Stephen Henson <st...@openssl.org> > On Wed, Feb 20, 2013, Rickard Binnare wrote: > > > > > > So FIPS_mode_set() cannot succeed if FIPS_selftest() fails, for static > > > or dynamic linking. > > No this is not the case on the windows platform. > > Tested on a Windows 7 machine using Visual Studio 2010 with > OpenSSL.1.0.1.c > > and OpenSSL-Fips-2.0. > > The FIPS_mode_set() succeeds but FIPS_selftest() fails. The FIPS_mode_set > > method should not succeed as you have stated above if FIPS_selftest > fails. > > FIPS_selftest > > clearly works when it is called in the call chain starting > > with FIPS_mode_set, but not otherwise. I think this > > has to do with how Windows handles loading and mapping of DLL:s. > > I recommend trying this, if you do not believe me. > > > > Here is a minimalistic test program that displays this anomaly. Dynamic > > linked. It could easily be modified to show > > OpenSSL error msgs. But I try to keep it short. > > > > You say it is "dynamic linked". How are you actually handling that? Are you > linking to libeay32.dll only or fipscanister.lib too? > > I've known cases where FIPS_selftest appears to fail on non-Windows > platforms > because the application was linked against a shared library and > fipscanister: > effectively there were two instances of fipscanister which were confusing > the > hell out of each other. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
