[openssl-users] Regarding FIPS capable openssl (I want to combine libcrypto.a and libssl.a)
sahilgandhi87 at gmail.com
Fri Jun 24 13:24:18 UTC 2016
Could you please help me out?
I tried to re-read that part of user-guide but no success.
I know how to generate fingerprint but once i create new static library out
of libcrypto.a and libssl.a.
And I do generate the finger print of that new library but don't know how
to proceed further with that.
because if i use that new library(to create executable) as it is, it throws
fingerprint mismatch error.
My sample source file has FIPS_mode_set(1) call only.
On Fri, Jun 24, 2016 at 4:14 PM, Steve Marquess <marquess at openssl.com>
> On 06/24/2016 03:10 AM, Sahil Gandhi wrote:
> > Hi Jakob,
> > Could you please elaborate it? I am not getting it.
> > I might missing something but I did not get it.
> > Many Thanks Jakob for replying.
> > -Sahil
> > On Fri, Jun 24, 2016 at 11:57 AM, Jakob Bohm <jb-openssl at wisemo.com
> > <mailto:jb-openssl at wisemo.com>> wrote:
> > On 24/06/2016 07:59, Sahil Gandhi wrote:
> > Hi All,
> > I have built Openssl-fips-2.0.10.tar on* RHEL Linux* (/_*Same
> > happens with Solaris 10*_/). Then I built Openssl-1.0.1p using
> > respective fips object module (i.e. Openssl-fips-2.0.10.tar).
> > Once I have built Openssl-1.0.1p, libcrypto.a and libssl.a has
> > been created.
> > I need to join these 2 libraries and make it one.
> > I am doing it using "ar" command as follows:
> > ar -x libssl.a
> > ar -x libcrypto.a
> > Then combine all .o files to make third library:
> > ar -r libnew.a *.o
> > But when i use this libnew.a in my sample(contain
> > FIPS_mode_set(1)), it compiles successfully but when execute the
> > executable it throws error* finger print does not
> > Plz help.
> > I need to combine both libaries and make it one.
> > Any help/suggestion?
> > You forgot the special link step for FIPS enabled applications,
> > perhaps also some of the other required steps from the FIPS
> > module users guide.
> See https://openssl.org/docs/fips/UserGuide-2.0.pdf.
> The FIPS module requires special build-time voodoo to satisfy the
> peculiar requirements of the FIPS 140-2 validation.
> -Steve M.
> Steve Marquess
> OpenSSL Validation Services, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD 21710
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marquess at openssl.com
> gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users