[openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)

Sahil Gandhi sahilgandhi87 at gmail.com
Fri Jun 24 13:24:18 UTC 2016 

Hi Steve,

Could you please help me out?
I tried to re-read that part of user-guide but no success.
I know how to generate fingerprint but once i create new static library out
of libcrypto.a and libssl.a.
And I do generate the finger print of that new library but don't know how
to proceed further with that.

because if i use that new library(to create executable) as it is, it throws
fingerprint mismatch error.
My sample source file has FIPS_mode_set(1) call only.

Thanks
Sahil

On Fri, Jun 24, 2016 at 4:14 PM, Steve Marquess <marquess at openssl.com>
wrote:

> On 06/24/2016 03:10 AM, Sahil Gandhi wrote:
> > Hi Jakob,
> >
> > Could you please elaborate it? I am not getting it.
> > I might missing something but I did not get it.
> >
> > Many Thanks Jakob for replying.
> >
> > -Sahil
> >
> > On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm <jb-openssl at wisemo.com
> > <mailto:jb-openssl at wisemo.com>> wrote:
> >
> >     On 24/06/2016 07:59, Sahil Gandhi wrote:
> >
> >         Hi All,
> >
> >         I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same
> >         happens with Solaris 10*_/). Then I built Openssl-1.0.1p using
> >         respective fips object module (i.e. Openssl-fips-2.0.10.tar).
> >
> >         Once I have built Openssl-1.0.1p, libcrypto.a and libssl.a has
> >         been created.
> >         I need to join these 2 libraries and make it one.
> >
> >         I am doing it using "ar" command as follows:
> >
> >         ar -x libssl.a
> >         ar -x libcrypto.a
> >
> >         Then combine all .o files to make third library:
> >         ar -r libnew.a *.o
> >
> >         But when i use this libnew.a in my sample(contain
> >         FIPS_mode_set(1)), it compiles successfully but when execute the
> >         executable it throws error* finger print does not
> match:fips.c:232*
> >
> >          Plz help.
> >          I need to combine both libaries and make it one.
> >
> >         Any help/suggestion?
> >
> >
> >     You forgot the special link step for FIPS enabled applications,
> >     perhaps also some of the other required steps from the FIPS
> >     module users guide.
> >
>
> See https://openssl.org/docs/fips/UserGuide-2.0.pdf.
>
> The FIPS module requires special build-time voodoo to satisfy the
> peculiar requirements of the FIPS 140-2 validation.
>
> -Steve M.
>
> --
> Steve Marquess
> OpenSSL Validation Services, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD  21710
> USA
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marquess at openssl.com
> gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>



-- 
Sahil Gandhi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160624/ac7d7da3/attachment.html>

More information about the openssl-users mailing list