Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/24/2016 03:10 AM, Sahil Gandhi wrote:
> Hi Jakob,
> 
> Could you please elaborate it? I am not getting it.
> I might missing something but I did not get it.
> 
> Many Thanks Jakob for replying.
> 
> -Sahil
> 
> On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm <jb-openssl at wisemo.com
> <mailto:jb-openssl at wisemo.com>> wrote:
> 
>     On 24/06/2016 07:59, Sahil Gandhi wrote:
> 
>         Hi All,
> 
>         I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same
>         happens with Solaris 10*_/). Then I built Openssl-1.0.1p using
>         respective fips object module (i.e. Openssl-fips-2.0.10.tar).
> 
>         Once I have built Openssl-1.0.1p, libcrypto.a and libssl.a has
>         been created.
>         I need to join these 2 libraries and make it one.
> 
>         I am doing it using "ar" command as follows:
> 
>         ar -x libssl.a
>         ar -x libcrypto.a
> 
>         Then combine all .o files to make third library:
>         ar -r libnew.a *.o
> 
>         But when i use this libnew.a in my sample(contain
>         FIPS_mode_set(1)), it compiles successfully but when execute the
>         executable it throws error* finger print does not match:fips.c:232*
> 
>          Plz help.
>          I need to combine both libaries and make it one.
> 
>         Any help/suggestion?
> 
> 
>     You forgot the special link step for FIPS enabled applications,
>     perhaps also some of the other required steps from the FIPS
>     module users guide.
> 

See https://openssl.org/docs/fips/UserGuide-2.0.pdf.

The FIPS module requires special build-time voodoo to satisfy the
peculiar requirements of the FIPS 140-2 validation.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux