>> I was successful at compiling the FIPS 2.0.8 module for Windows CE exactly >> as provided without any modifications. >> Additionally, I built fips_algvs.exe to successfully validate the canister >> on the target system. >> >> After tweaking some #ifdef directives in the openSSL 1.0.1L, I was able to >> get it to successfully build for WinCE. >> >> The build appears to complete successfully. However, at run-time, entering >> FIPS mode fails with an error messages: >> FIPS_check_incore_fingerprint:fingerprint does not match >> >> I have reviewed the build instructions carefully and believe all the build >> instructions have been adhered to. What needs to be changed for the >> signature to be properly embedded? > > Well, this is not exactly fair question. I mean how can one tell > something without knowing something more specific than "some tweaking" > and "appears successful" :-) Well, tweaking probably is as important as > how you link your application,
It should read "tweaking probably is *not* as important as how you link your application." But this is exclusively in respect to fingerprint verification. I mean tweaking in wrong place can have fatal overall effect, but it's not inappropriate to dissect the problem and solve it in steps. Therefore focus on fingerprint. > or rather how is the procedure different > from fips_algvs.exe. Can you confirm that msincore was actually > executed? What happens if you run it manually? Does application have > relocations? See with dumpbin /relocations. What's preferred load > address? See with dumpbin /headers. Is application loaded on preferred > address? This you should be able to see with debugger by comparing e.g. > main's address in debugger with one collected with dumpbin /symbols... _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
