Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[ace-users] ACE SSL with FIPS 140-2 Capable OpenSSL Library

7 views
Skip to first unread message

Daugherty

unread,
Oct 30, 2009, 4:47:51 PM10/30/09
to ace-users
ACE VERSION: 5.6.5

HOST MACHINE and OPERATING SYSTEM:

Linux 2.6

AREA/CLASS/EXAMPLE AFFECTED:

Build ACE SSL

DOES THE PROBLEM AFFECT:

LINKING and EXECUTION

SYNOPSIS:

How to incorporate FIPS-capable OpenSSL library with ACE SSL.

DESCRIPTION:

U.S. Federal agencies are getting adamant that applications using SSL must use FIPS-certified crypto modules linked in with the certified fipsld linker. The fipsld linker uses ld except when linking in the fipscanister.o module. Details of this whole process are located at http://www.openssl.org/docs/fips/UserGuide-1.2.pdf.

The traditional ACE makefile generator creates makefiles that specify ld as the linker.

UserGuide-1.2.pdf recommends specifying environment variables as follows to swap out the default CC: CC=fipsld FIPSLD_CC=gcc. Unfortunately, the ACE SSL library linker still uses ld and not fipsld.

Has anybody tried to link the ACE SSL library with a FIPS-capable OpenSSL library? If so, would you mind sharing your experience with this?

REPEAT BY:

SAMPLE FIX/WORKAROUND:

Daugherty

unread,
Oct 30, 2009, 4:55:20 PM10/30/09
to ace-users
Just to follow up, I just saw a recent posting about redefining CXX and that seems to call fipsld. I am still interested to hear if anybody has experience integrating FIPS-capable OpenSSL with ACE.

ACE VERSION: 5.6.5

Linux 2.6

AREA/CLASS/EXAMPLE AFFECTED:

Build ACE SSL

DESCRIPTION:

REPEAT BY:

SAMPLE FIX/WORKAROUND:
_______________________________________________
ace-users mailing list
ace-...@list.isis.vanderbilt.edu
http://list.isis.vanderbilt.edu/mailman/listinfo/ace-users

0 new messages