My libcrypto.a is a shared library and also fipscansiter.o has been incorporated in a shared library libcrypto.a .So to get the fipscanister.o at compile time , it need to link with libcrypto.a at the compile time in order to check hmac-sha1 integrity test of fipscanister.o embedded in the libcrypto.a with the previously stored fipscansiter.sha value . Please correct me if i am wrong
Thanks Rajan On Fri, May 29, 2009 at 4:46 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Fri, May 29, 2009, tensy joseph wrote: > > > Still now i was believing that to all the application should link to > > libcrypto library at the compilation so that it can check the > fipscanister.o > > hash value in the library with the prevouisly stored fips . > > > > As the user guide says > > > > > > 1. The HMAC-SHA-1 digest of the FIPS Object Module file must be > calculated > > and verified against the installed digest to ensure the integrity of the > > FIPS Object Module. > > > > *for doing this , library libcrypto.a should be linked at the compile > time. > > With out linking application with libcrypto.a will that make them fips > > capable application . Please correct me if i am wrong* > > > > 2. A HMAC-SHA1 digest of the FIPS Object Module code and read-only data > must > > be generatedand embedded in the application executable object for use by > the > > FIPS_mode_set() function at runtime initialization. > > > > In our application , we normally do not link with libcrypto.a at compile > > time . We do the dynamic loading . Whether is it possible to link > > dynamically and have fips capabability in the application .From my > > understanding , it is not possible ? Please correct me if i am wrong > > > > That is true but the "application" can be the libcrypto shared library > which > has already checked the hash at link time. > > For the 1.1.2 module shared library builds weren't possibly on most > platforms, > with the 1.2 module they are with a few exceptions. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
