Hi Ken, Sorry for the late reply. I really appreciate your suggestion but I some how need to have static library not the dynamic one. Thanks & Regards, -Sahil On Mon, Jun 27, 2016 at 2:43 PM, Ken Chow <kenchow.cn at gmail.com> wrote: > I think you should refer the way of building Android application > https://wiki.openssl.org/index.php/Android . > > Trying to warp libcryto.so to your dynamic library by the specified FIPS > compiler, once you successfully generated your dynamic library, then no > need to specify FIPS compiler for compiling your execute program any more, > and it worked for me, whatever under linux(gcc) or android(NDK). > > > <http://about.me/kenchowcn> > > > Ken Chow > about.me/kenchowcn > [image: Ken Chow on about.me] > <http://about.me/kenchowcn> > > 2016-06-27 16:37 GMT+08:00 Sahil Gandhi <sahilgandhi87 at gmail.com>: > >> Hi Steve, >> >> Could you please elaborate in detail? >> >> Many Thanks, >> Sahil >> >> On Mon, Jun 27, 2016 at 12:49 PM, Sahil Gandhi <sahilgandhi87 at gmail.com> >> wrote: >> >>> Hi Jakob, >>> >>> Thanks a lot for your time and detailed explanation. >>> >>> Regards, >>> Sahil >>> >>> On Fri, Jun 24, 2016 at 7:13 PM, Jakob Bohm <jb-openssl at wisemo.com> >>> wrote: >>> >>>> On 24/06/2016 15:24, Sahil Gandhi wrote: >>>> >>>>> Hi Steve, >>>>> >>>>> Could you please help me out? >>>>> I tried to re-read that part of user-guide but no success. >>>>> I know how to generate fingerprint but once i create new static >>>>> library out of libcrypto.a and libssl.a. >>>>> And I do generate the finger print of that new library but don't know >>>>> how to proceed further with that. >>>>> >>>>> because if i use that new library(to create executable) as it is, it >>>>> throws fingerprint mismatch error. >>>>> My sample source file has FIPS_mode_set(1) call only. >>>>> >>>>> Because fipscannister.o is not compiled as 100% position independent >>>> code (and cannot legally be done so due to the bureaucratic rules of >>>> the FIPS validation), every new program linked to the FIPS enabled >>>> libcrypto.a will end up with a different fingerprint for the >>>> fipscannister. >>>> >>>> And if load address randomization is enabled in the operating system, >>>> each new run of the program will end up with a different fingerprint >>>> and thus not work. >>>> >>>> The situation is slightly better for the libcrypto.so DLL, because >>>> if load address randomization is turned off and it is ensured that >>>> libcrypto.so will load at a particular address every time, there >>>> will only be one fingerprint for each compiled libcrypto.so DLL. >>>> >>>> On Fri, Jun 24, 2016 at 4:14 PM, Steve Marquess <marquess at openssl.com >>>>> <mailto:marquess at openssl.com>> wrote: >>>>> >>>>> On 06/24/2016 03:10 AM, Sahil Gandhi wrote: >>>>> > Hi Jakob, >>>>> > >>>>> > Could you please elaborate it? I am not getting it. >>>>> > I might missing something but I did not get it. >>>>> > >>>>> > Many Thanks Jakob for replying. >>>>> > >>>>> > -Sahil >>>>> > >>>>> > On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm >>>>> <jb-openssl at wisemo.com <mailto:jb-openssl at wisemo.com> >>>>> > <mailto:jb-openssl at wisemo.com <mailto:jb-openssl at wisemo.com>>> >>>>> wrote: >>>>> > >>>>> > On 24/06/2016 07:59, Sahil Gandhi wrote: >>>>> > >>>>> > Hi All, >>>>> > >>>>> > I have built Openssl-fips-2.0.10.tar on* RHEL Linux* >>>>> (/_*Same >>>>> > happens with Solaris 10*_/). Then I built Openssl-1.0.1p >>>>> using >>>>> > respective fips object module (i.e. >>>>> Openssl-fips-2.0.10.tar). >>>>> > >>>>> > Once I have built Openssl-1.0.1p, libcrypto.a and >>>>> libssl.a has >>>>> > been created. >>>>> > I need to join these 2 libraries and make it one. >>>>> > >>>>> > I am doing it using "ar" command as follows: >>>>> > >>>>> > ar -x libssl.a >>>>> > ar -x libcrypto.a >>>>> > >>>>> > Then combine all .o files to make third library: >>>>> > ar -r libnew.a *.o >>>>> > >>>>> > But when i use this libnew.a in my sample(contain >>>>> > FIPS_mode_set(1)), it compiles successfully but when >>>>> execute the >>>>> > executable it throws error* finger print does not >>>>> match:fips.c:232* >>>>> > >>>>> > Plz help. >>>>> > I need to combine both libaries and make it one. >>>>> > >>>>> > Any help/suggestion? >>>>> > >>>>> > >>>>> > You forgot the special link step for FIPS enabled >>>>> applications, >>>>> > perhaps also some of the other required steps from the FIPS >>>>> > module users guide. >>>>> > >>>>> >>>>> See https://openssl.org/docs/fips/UserGuide-2.0.pdf. >>>>> >>>>> The FIPS module requires special build-time voodoo to satisfy the >>>>> peculiar requirements of the FIPS 140-2 validation. >>>>> >>>>> >>>> Enjoy >>>> >>>> Jakob >>>> -- >>>> Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com >>>> Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 >>>> This public discussion message is non-binding and may contain errors. >>>> WiseMo - Remote Service Management for PCs, Phones and Embedded >>>> >>>> -- >>>> openssl-users mailing list >>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >>>> >>> >>> >>> >>> -- >>> Sahil >>> >>> >> >> >> -- >> Sahil Gandhi >> Project Engineer >> R&D CDAC, Pune >> >> -- >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> >> > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -- Sahil Gandhi -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160629/bfd22325/attachment-0001.html>
