<div dir="ltr">Hi Ken,<div><br></div><div>Sorry for the late reply. I really appreciate your suggestion but I some how need to have static library not the dynamic one.</div><div><br></div><div>Thanks & Regards,</div><div>-Sahil</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jun 27, 2016 at 2:43 PM, Ken Chow <span dir="ltr"><<a href="mailto:kenchow.cn@gmail.com" target="_blank">kenchow.cn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div style="font-family:'courier new',monospace;font-size:small;color:rgb(68,68,68)">I think you should refer the way of building Android application <a href="https://wiki.openssl.org/index.php/Android" target="_blank">https://wiki.openssl.org/index.php/Android</a> .</div><div style="font-family:'courier new',monospace;font-size:small;color:rgb(68,68,68)"><br></div><div style="font-family:'courier new',monospace;font-size:small;color:rgb(68,68,68)">Trying to warp libcryto.so to your dynamic library by the specified FIPS compiler, once you successfully generated your dynamic library, then no need to specify FIPS compiler for compiling your execute program any more, and it worked for me, whatever under linux(gcc) or android(NDK).</div><span class="HOEnZb"><font color="#888888"><div style="font-family:'courier new',monospace;font-size:small;color:rgb(68,68,68)"><br></div></font></span></div><div class="gmail_extra"><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><a href="http://about.me/kenchowcn" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:14px;font-family:proxima-nova-1,proxima-nova-2,Tahoma,Helvetica,Verdana,sans-serif;vertical-align:baseline;color:rgb(58,169,233);text-decoration:none;line-height:18.200000762939453px" target="_blank"></a><a href="http://about.me/kenchowcn" style="margin:0px;padding:0px;border:0px;outline:0px;vertical-align:baseline;color:rgb(58,169,233);text-decoration:none" target="_blank"><table border="0" cellpadding="0" cellspacing="0" style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;border-spacing:0px"><tbody style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td style="padding:0px;border:0px;outline:0px;font-style:inherit;font-size:0px;font-family:inherit;vertical-align:baseline;height:30px"> </td></tr><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td align="left" valign="top" style="padding:0px;border:0px;outline:0px;font-style:inherit;font-family:inherit;vertical-align:top;line-height:1"><div style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:bold;font-style:inherit;font-size:18px;font-family:proxima-nova-1,Proxima-Nova,Helvetica,Arial,sans-serif;vertical-align:baseline;line-height:1;color:rgb(51,51,51)">Ken Chow</div><div style="margin:3px 0px 0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-size:12px;font-family:proxima-nova-1,Proxima-Nova,Helvetica,Arial,sans-serif;vertical-align:baseline;color:rgb(43,130,173)">about.me/kenchowcn</div></td></tr><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td align="left" valign="top" style="padding:8px 0px 0px;border:0px;outline:0px;font-style:inherit;font-family:inherit;vertical-align:top;line-height:1"><div style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;text-align:right;min-height:4px;background-color:rgb(197,208,224)"><img src="http://d13pix9kaak6wt.cloudfront.net/signature/colorbar.png" alt="Ken Chow on about.me" width="88" height="4" style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline;float:right;display:block"></div></td></tr><tr style="margin:0px;padding:0px;border:0px;outline:0px;font-weight:inherit;font-style:inherit;font-family:inherit;vertical-align:baseline"><td style="padding:0px;border:0px;outline:0px;font-style:inherit;font-size:0px;font-family:inherit;vertical-align:baseline;height:20px"> </td></tr></tbody></table></a></div></div></div></font></span><div><div class="h5">
<br><div class="gmail_quote">2016-06-27 16:37 GMT+08:00 Sahil Gandhi <span dir="ltr"><<a href="mailto:sahilgandhi87@gmail.com" target="_blank">sahilgandhi87@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Steve,<div><br></div><div>Could you please elaborate in detail?</div><div><br></div><div>Many Thanks,</div><div>Sahil</div></div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Mon, Jun 27, 2016 at 12:49 PM, Sahil Gandhi <span dir="ltr"><<a href="mailto:sahilgandhi87@gmail.com" target="_blank">sahilgandhi87@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Jakob,<div><br></div><div>Thanks a lot for your time and detailed explanation.</div><div><br></div><div>Regards,</div><div>Sahil</div><div class="gmail_extra"><div><div><br><div class="gmail_quote">On Fri, Jun 24, 2016 at 7:13 PM, Jakob Bohm <span dir="ltr"><<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 24/06/2016 15:24, Sahil Gandhi wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Steve,<br>
<br>
Could you please help me out?<br>
I tried to re-read that part of user-guide but no success.<br>
I know how to generate fingerprint but once i create new static library out of libcrypto.a and libssl.a.<br>
And I do generate the finger print of that new library but don't know how to proceed further with that.<br>
<br>
because if i use that new library(to create executable) as it is, it throws fingerprint mismatch error.<br>
My sample source file has FIPS_mode_set(1) call only.<br>
<br>
</blockquote></span>
Because fipscannister.o is not compiled as 100% position independent<br>
code (and cannot legally be done so due to the bureaucratic rules of<br>
the FIPS validation), every new program linked to the FIPS enabled<br>
libcrypto.a will end up with a different fingerprint for the<br>
fipscannister.<br>
<br>
And if load address randomization is enabled in the operating system,<br>
each new run of the program will end up with a different fingerprint<br>
and thus not work.<br>
<br>
The situation is slightly better for the libcrypto.so DLL, because<br>
if load address randomization is turned off and it is ensured that<br>
libcrypto.so will load at a particular address every time, there<br>
will only be one fingerprint for each compiled libcrypto.so DLL.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
On Fri, Jun 24, 2016 at 4:14 PM, Steve Marquess <<a href="mailto:marquess@openssl.com" target="_blank">marquess@openssl.com</a> <mailto:<a href="mailto:marquess@openssl.com" target="_blank">marquess@openssl.com</a>>> wrote:<br>
<br>
On 06/24/2016 03:10 AM, Sahil Gandhi wrote:<br>
> Hi Jakob,<br>
><br>
> Could you please elaborate it? I am not getting it.<br>
> I might missing something but I did not get it.<br>
><br>
> Many Thanks Jakob for replying.<br>
><br>
> -Sahil<br>
><br>
> On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm<br>
<<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a> <mailto:<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>><br></span><div><div>
> <mailto:<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a> <mailto:<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>>>> wrote:<br>
><br>
> On 24/06/2016 07:59, Sahil Gandhi wrote:<br>
><br>
> Hi All,<br>
><br>
> I have built Openssl-fips-2.0.10.tar on* RHEL Linux*<br>
(/_*Same<br>
> happens with Solaris 10*_/). Then I built Openssl-1.0.1p<br>
using<br>
> respective fips object module (i.e.<br>
Openssl-fips-2.0.10.tar).<br>
><br>
> Once I have built Openssl-1.0.1p, libcrypto.a and<br>
libssl.a has<br>
> been created.<br>
> I need to join these 2 libraries and make it one.<br>
><br>
> I am doing it using "ar" command as follows:<br>
><br>
> ar -x libssl.a<br>
> ar -x libcrypto.a<br>
><br>
> Then combine all .o files to make third library:<br>
> ar -r libnew.a *.o<br>
><br>
> But when i use this libnew.a in my sample(contain<br>
> FIPS_mode_set(1)), it compiles successfully but when<br>
execute the<br>
> executable it throws error* finger print does not<br>
match:fips.c:232*<br>
><br>
> Plz help.<br>
> I need to combine both libaries and make it one.<br>
><br>
> Any help/suggestion?<br>
><br>
><br>
> You forgot the special link step for FIPS enabled applications,<br>
> perhaps also some of the other required steps from the FIPS<br>
> module users guide.<br>
><br>
<br>
See <a href="https://openssl.org/docs/fips/UserGuide-2.0.pdf" rel="noreferrer" target="_blank">https://openssl.org/docs/fips/UserGuide-2.0.pdf</a>.<br>
<br>
The FIPS module requires special build-time voodoo to satisfy the<br>
peculiar requirements of the FIPS 140-2 validation.<br>
<br>
</div></div></blockquote><span>
<br>
Enjoy<br>
<br>
Jakob<br>
-- <br>
Jakob Bohm, CIO, Partner, WiseMo A/S. <a href="https://www.wisemo.com" rel="noreferrer" target="_blank">https://www.wisemo.com</a><br>
Transformervej 29, 2860 Søborg, Denmark. Direct <a href="tel:%2B45%2031%2013%2016%2010" value="+4531131610" target="_blank">+45 31 13 16 10</a><br>
This public discussion message is non-binding and may contain errors.<br>
WiseMo - Remote Service Management for PCs, Phones and Embedded<br>
<br></span><div><div>
-- <br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div data-smartmail="gmail_signature"><span style="color:rgb(102,102,102)">Sahil</span><br><br><input type="hidden"><input type="hidden"><div></div></div>
</font></span></div></div>
</blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div data-smartmail="gmail_signature"><span style="color:rgb(102,102,102)">Sahil Gandhi</span><br><span style="color:rgb(102,102,102)">Project Engineer</span><br style="color:rgb(102,102,102)"><span style="color:rgb(102,102,102)">R&D CDAC, Pune</span><br><input type="hidden"><input type="hidden"><div></div></div>
</font></span></div>
<br>--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br></div></div></div>
<br>--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><span style="color:rgb(102,102,102)">Sahil Gandhi</span><br><input type="hidden"><input type="hidden"><div></div></div>
</div></div>