FIPS Static Link to Dynamic Library - Openssl

This is a discussion on FIPS Static Link to Dynamic Library - Openssl ; Yes, I know it sounds crazy. Our product has historically linked everything statically into one giant executable and also one medium size shared library for customer linking. What I need to do is statically link in the FIPS capable libraries ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: FIPS Static Link to Dynamic Library

  1. FIPS Static Link to Dynamic Library

    Yes, I know it sounds crazy. Our product has historically linked everything
    statically into one giant executable and also one medium size shared library
    for customer linking. What I need to do is statically link in the FIPS
    capable libraries into a dynamic library, in this case on a .so (on windows
    we use shared libraries all over, only on unix are we all static, don't ask,
    it was done long before I was involved).

    Looking at fipsld there is a case where it detects that it is building the
    OpenSSL shared libraries. I tried using that as a starting point but was
    quickly confused when I noticed that it starts off removing fipscanister.o
    from libcrypto.a. I though I would give it a shot without doing that, but
    fips_premain_dso complains that the hashes don't match.

    Is what I need to do possible in the confines of the security policy?

    Do I need to follow the steps that the OpenSSL shared libs do in fipsld?

    Thanks in advance,
    Jake



    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org

  2. Re: FIPS Static Link to Dynamic Library

    Hi Jake,

    I am running with the same problem.we have multiple module as archive which are link statically to the final shared library.three of those modules using openssl .we are moving for FIPS certified openssl, i am able to link it with archive and its working fine but in case of final .so generation its hanging at linking step.

    I am using GNU compiler and linker in normal case and fipsld in case of fips linking.

    can anybody give me direction on this ??

    Satyadev

+ Reply to Thread