On Fri, May 29, 2009, tensy joseph wrote: > I have gone through the user guide again , i am little confused now . This > statement makes me confuse > > A HMAC-SHA1 digest of the FIPS Object Module code and read-only data must be > generated and embedded in the application executable object for use by > the FIPS_mode_set() > function at runtime initialization. > > So if i do dlopen of libcrypto libary and load the FIPS_mode_set > dynamically.In this case , it will not embedd the sha digest > in the application executable. In this scenario, i cannot load this symbol > FIPS_mode_set dynamically and it need to be availbable at the compilation > time, will need to link to libcrypto.a at compile time. >
What platform is that? libcrypto.a is normally a static library, libcrypto.so (or various other diverse extensions) is normally the shared library. When you build a FIPS capable version of OpenSSL using a shared library build the "application" is the shared library itself and the digest has already been embedded by the build procedure. So you just have to link (dynamically if you wish) against the shared library in the usual way. If the digest wasn't embedded properly FIPS_mode_set(1) would fail. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
