Re: FIPS statically linked canister

Steve Marquess Tue, 12 Apr 2011 09:45:29 -0700

John Foley wrote:

 Section 4.2.1 of the FIPS User Guide states...


 Per the conditions of the FIPS 1402 validation only two
 configuration commands may be used: ./config fipscanisterbuild or
 ./config fipscanisterbuild noasm


Correct.

 My question is using the -static option to build the library a valid
 option for FIPS mode?


No, it isn't.

 If not, why does section 4.2.2 state the canister can be statically
 linked?

Because fipscanister.o can be statically linked, on all of the testedplatforms. You can also optionally link it into a shared library, as isdone automagically by the "FIPS capable" OpenSSL distributions.


-Steve M.

--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877-673-6775
marqu...@opensslfoundation.com

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Re: FIPS statically linked canister

Reply via email to