Re: Openssl Fips Shared Library

Fri, 19 Sep 2008 07:54:16 -0700 

How to link "fipsld" linking to set the in-core hash.

can u please tell me how to link fipsld to the fips module.

when i am using fipsld it is showing no -o specified

$ sh fipsld
no -o specified

can u please tell me wat does -o indicate here and please give the list of
other options and there purpose

Thank in Advance

Joshi Chandran

On Thu, Sep 18, 2008 at 10:44 PM, Steve Marquess <[EMAIL PROTECTED]
> wrote:

> Carlo Milono wrote:
>
>> How curious that this topic would come up today as I had a discussion on
>> it just two days earlier.  The OpenSSL FIPS 140-2 Security Policy Version
>> 1.1.2 states:
>> "The FIPS Object Module is not a static library. It may be incorporated
>> into shared library files or runtime executable application files, but
>> in any event can only be incorporated intact and in its entirety."
>>
>> This was leading me to believe that we could use this in a shared
>> library mode; perhaps we need to understand the boundaries of what may
>> be included in a shared library?
>>
>> How can we interpret the above quote?
>>
>
> The FIPS Object Module is just that, an object module (fipscanister.o).
>  For v1.1.x it may or may not consist of position independent code,
> depending on the platform.  If it does consist of position independent code
> then you can incorporate it into a shared library just like any other object
> module, subject of course to the "fipsld" linking to set the in-core hash.
>
> If it isn't position independent, then you're out of luck as the Security
> Policy rules don't allow you to modify the build-time parameters.
>
> For v1.2 the FIPS Object Module is always generated as position independent
> code.  The corresponding "FIPS capable" OpenSSL distributions ("fips"
> option) will automatically include it in the libcrypto shared library.
>
> -Steve M.
>
> --
> Steve Marquess
> Open Source Software Institute
> [EMAIL PROTECTED]
>
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           [EMAIL PROTECTED]
>



-- 
Regards
Joshi Chandran

Reply via email to