Now I don't think its possible. I am statically linking application with
object module and library and if you have observed fipsld, first time its
compiling and linking the application without any preprocessor symbol. At
that time fips_premain.c observes that no HMAC defined and generates the 40
char HMAC that serves as output for the application (for the first time
compilation only.) In fipsld, this output is assigned to SIG variable and
for later stage compilation , SIG is assigned to preprocessor symblo
HMAC_SHA1_SIG. And now premain.c behaves in different way since HMAC defined
now. So ultimately there is nothing to change in fipsld to get 40 chars HMAC
and I have to depend on gcc for fips_premain.c compilation. Well thanks
Stephen for your interest and guidance and if you to make some correction
please convey.
On Wed, Mar 9, 2011 at 8:51 PM, Dr. Stephen Henson <st...@openssl.org>wrote:
> On Wed, Mar 09, 2011, raghib nasri wrote:
>
> > Thanks Stephen
> > I have modified fipsld to compile only fips_premain.c with gcc and my
> rest
> > of the application is still using g++ for compilation and linking. But I
> am
> > not able to sort out exactly how to modify the part that will result in
> > embedding signature of exact 40 characters, in case I want to use only
> g++.
> >
>
> Well this in untested...
>
> The fipsld script embeds the signature in fips_premain.c by setting the
> preprocessor symbol HMAC_SHA1_SIG. The normal format we have is
> "<40 hex digits>" which ends up with 40 characters and the extra null.
>
> If you modify that to an alternative format such as...
>
> {'a','0','c',...}
>
> with exactly 40 characters it should work.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
