On Thu, Aug 27, 2009, pankaj227 wrote: > > I am using FIPS object module 1.2 and openssl 0.9.8j on windows. I built fips > capable openssl static libraries using these two distributions according to > security policy. > > Call to FIPS_mode_set(1) is failing if I link my application with this > static library. Upon further debugging I found that the FIPS capable openssl > static library is skipping the fipslink step which attaches fipscanister.lib > and fips_premain.c to generate final output. > > When the use the dynamic libraries of FIPS capable OpenSSL, no problem is > seen. > > Is there any way to build static librares with fipscanister.lib, so that > FIPS_mode_set(1) passes? >
If you build an application with static libraries you need to modify the link procedure to embed the HMAC for the integrity test. The built in application link procedure uses the fipslink.pl script for this purpose. Dynamic link libraries are the "application" in this sense and can have the HMAC included when they are linked. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
