Thank you so much for the clarification. For building my windows application, I used the fipslink.pl during the link phase to embed the checksum. But later I figured that the utility msincore can also read through the coff executable to embed the checksum. I obviously wanted to confirm that using msincore is safe and it doesn't violate any fips process requirements building an application.
Also for ios I see that there is a utility called incore_macho. Will that work for mac osx application? The name tells me that it should work with mach-o executable but it is only mentioned in the ios section in the user guide. Thanks again for your help. Raghav On Fri, Feb 28, 2014 at 4:23 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Thu, Feb 27, 2014, Raghav Varadan wrote: > > > Hi All, > > > > I'm trying to build an application that used fips capable openssl which I > > built for Mac osx 32 bit. Now I would like to embed the checksum into the > > application binary. I checked the fips user guide and I don't see any > > specific for OSX. I know for windows there are two ways to embed the > > checksum 1) using fipslink.pl 2) msincore and again for linux we have 1) > > fipsld 2) incore utilites. Similarly what should I be using for MacOSX? > > > > Questions: > > 1) Does fipsld also work for OSX? > > 2) For ios the document mentions about incore_macho utility, can this be > > used for osx 32 applications to embed checksum? > > > > If you're using shared libraries then the checksum is in those and you > don't > insert one in the application binary. If you use static libraries you use > fipsld, it's not just Linux it works with it should be OK on any U*ix like > natively compiled platform. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
