On Wed, Jun 11, 2014, Bala Duvvuri wrote: > Hi All, > > During linking my application with the OpenSSL FIPs, fipsld is invoked to > embed the digest and during runtime it is calculated and verified during > FIPS_mode_set. > > Can you help me to understand if digest is calculated only for fipscanister > module or the entire application code? > > My observation is say my test application file is test.c , if I make any > change to test.c, I get a different digest even though fipscanister is same. >
The digest (actually HMAC) covers the in core version of fipscanister.o: i.e. the code that gets actually loaded from the executable. As a result the linker may change some addresses as it links with fipscanister.o and so changing the application code may change that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
