Ok! Could you explain the purpose of fips_premain_dso.exe. Will it work on all executables and dll to produce the in-core hash.
Pankaj Dr. Stephen Henson wrote: > > On Thu, Aug 27, 2009, pankaj227 wrote: > >> >> I am using FIPS object module 1.2 and openssl 0.9.8j on windows. I built >> fips >> capable openssl static libraries using these two distributions according >> to >> security policy. >> >> Call to FIPS_mode_set(1) is failing if I link my application with this >> static library. Upon further debugging I found that the FIPS capable >> openssl >> static library is skipping the fipslink step which attaches >> fipscanister.lib >> and fips_premain.c to generate final output. >> >> When the use the dynamic libraries of FIPS capable OpenSSL, no problem is >> seen. >> >> Is there any way to build static librares with fipscanister.lib, so that >> FIPS_mode_set(1) passes? >> > > If you build an application with static libraries you need to modify the > link > procedure to embed the HMAC for the integrity test. The built in > application > link procedure uses the fipslink.pl script for this purpose. > > Dynamic link libraries are the "application" in this sense and can have > the > HMAC included when they are linked. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://www.nabble.com/FIPS_mode_set-failure-in-FIPS-Capable-OpenSSL-static-library-tp25168367p25188924.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
