Ben Hoover wrote:
Is it possible to build FIPS capable openssl as a shared library with FIPS 1.1.2?
In a word, no.
It specifically mentions in the fips object module userguide that the -shared option is not allowed. However, it does not say that when building openssl itself with FIPS support that the -shared option is not allowed. I was getting linker errors when using the -shared option but it linked fine without that option. From reading other posts it seems the -shared option is the only one that is not allowed when building a FIPS capable openssl.
The problem with building a FIPS capable OpenSSL for the v1.1.2 fipscanister.o is that the latter may not (depending on the platform) consist of position independent code, and you can't legitimately change the build process/code to make it so.
That issue is solved for v1.2, which unfortunately is not yet validated. It will be soon, though. Hopefully...
-Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
