Hi All,
I'm using openssl-fips-2.0.4 and openssl-1.0.1e. I'm working in an
Android environment with cross compilation. Both the FIPS Object
Module and FIPS Capable library built and installed without much
effort.
I'm trying to build a simple command line application which statically
links to the OpenSSL library (libcrypto.a). The application builds
fine from the command line, and calls FIPS_mode() and FIPS_mode_set()
(with some printf's) to exercise the OpenSSL library:
$ arm-linux-androideabi-gcc -Os -g2 --sysroot="$ANDROID_SYSROOT"
-I/usr/local/ssl/android-14/include fips-test.c -o fips-test.exe
/usr/local/ssl/android-14/lib/libcrypto.a
Unfortunately, using legacy Incore (i.e., $FIPS_SIG -exe <my app>)
results in nothing. An MD5 sum before and after shows the fingerprint
was not written. The non-write can be traced back to incore, around
line 440:
$fingerprint = FIPS_incore_fingerprint();
if ($legacy_mode) {
print unpack("H*",$fingerprint);
} else {
seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!";
print FD unpack("H*",$fingerprint) or die "$!";
}
Trying to use the non-legacy support (by omitting -exe or -dso)
results in a Die on the lookup at line 385:
$FINGERPRINT_ascii_value
= $exe->Lookup("FINGERPRINT_ascii_value") or die;
But I have the other required symbols (FIPS_text_endX and FIPS_text_startX):
$ arm-linux-androideabi-nm fips-test.exe | grep FIPS_text
00048844 T FIPS_text_end
0004883c t FIPS_text_endX
000095e8 T FIPS_text_start
000095e0 t FIPS_text_startX
How does one invoke the new support to ensure that incore writes the
fingerprint? What is the procedure to bring in the missing symbols (or
allocate storage for them)?
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
