[openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)
Steve Marquess
marquess at openssl.com
Fri Jun 24 10:44:57 UTC 2016
On 06/24/2016 03:10 AM, Sahil Gandhi wrote:
> Hi Jakob,
>
> Could you please elaborate it? I am not getting it.
> I might missing something but I did not get it.
>
> Many Thanks Jakob for replying.
>
> -Sahil
>
> On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm <jb-openssl at wisemo.com
> <mailto:jb-openssl at wisemo.com>> wrote:
>
> On 24/06/2016 07:59, Sahil Gandhi wrote:
>
> Hi All,
>
> I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same
> happens with Solaris 10*_/). Then I built Openssl-1.0.1p using
> respective fips object module (i.e. Openssl-fips-2.0.10.tar).
>
> Once I have built Openssl-1.0.1p, libcrypto.a and libssl.a has
> been created.
> I need to join these 2 libraries and make it one.
>
> I am doing it using "ar" command as follows:
>
> ar -x libssl.a
> ar -x libcrypto.a
>
> Then combine all .o files to make third library:
> ar -r libnew.a *.o
>
> But when i use this libnew.a in my sample(contain
> FIPS_mode_set(1)), it compiles successfully but when execute the
> executable it throws error* finger print does not match:fips.c:232*
>
> Plz help.
> I need to combine both libaries and make it one.
>
> Any help/suggestion?
>
>
> You forgot the special link step for FIPS enabled applications,
> perhaps also some of the other required steps from the FIPS
> module users guide.
>
See https://openssl.org/docs/fips/UserGuide-2.0.pdf.
The FIPS module requires special build-time voodoo to satisfy the
peculiar requirements of the FIPS 140-2 validation.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-users
mailing list