On Fri, Feb 17, 2012, Kevin Fowler wrote: > Thanks Harvey, > This seems to have worked as far as getting the .rodata section used. This > is what I see now: > > 001b5740 g O .rodata 00000010 FIPS_rodata_start > 001b5750 l O .rodata 00000011 FIPS_hmac_key > 001b57bc g O .rodata 00000036 FIPS_bn_version > 001c1e08 g O .rodata 00000010 FIPS_rodata_end > 001fb1cc g O .data 00000014 FIPS_signature > > My problem now is that when I build an executable (I'm using the simple > hmac.c example in the user guide, with the Makefile modified to use a > shared library) that uses the shared libcrypto.so, and run it on my target, > it just spits out a hash value, no matter what options I give it. For > example: > > # ./hmac > 334286d0c4ca79f97921fa782c7269e972e0a420 > > Before I used the suggested "-f" options, this app at least worked for > non-fips and gave me an error when enabling fips mode. Now I don't > understand what it is doing, but I think it is trying to tell me something!! > > I've tried messing around with different INCORE_ADJUST values, but that > does not seem to make any difference. I don't really understand how incore2 > is supposed to work: it calculates a lot of stuff and dumps out values but > never appears to modify the executable or library. > > I've also tried static linking of libcrypto.a into the executable - same > result. >
You need to use the "fipsld" script to link the target. It obtains the signature and embeds it. You need to set FIPS_SIG environment variable to point to the incore script. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
