Hi All, I'm using openssl-fips-2.0.4 and openssl-1.0.1e. I'm working in an Android environment with cross compilation. Both the FIPS Object Module and FIPS Capable library built and installed without much effort.
I'm trying to build a simple command line application which statically links to the OpenSSL library (libcrypto.a). The application builds fine from the command line, and calls FIPS_mode() and FIPS_mode_set() (with some printf's) to exercise the OpenSSL library: $ arm-linux-androideabi-gcc -Os -g2 --sysroot="$ANDROID_SYSROOT" -I/usr/local/ssl/android-14/include fips-test.c -o fips-test.exe /usr/local/ssl/android-14/lib/libcrypto.a Unfortunately, using legacy Incore (i.e., $FIPS_SIG -exe <my app>) results in nothing. An MD5 sum before and after shows the fingerprint was not written. The non-write can be traced back to incore, around line 440: $fingerprint = FIPS_incore_fingerprint(); if ($legacy_mode) { print unpack("H*",$fingerprint); } else { seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!"; print FD unpack("H*",$fingerprint) or die "$!"; } Trying to use the non-legacy support (by omitting -exe or -dso) results in a Die on the lookup at line 385: $FINGERPRINT_ascii_value = $exe->Lookup("FINGERPRINT_ascii_value") or die; But I have the other required symbols (FIPS_text_endX and FIPS_text_startX): $ arm-linux-androideabi-nm fips-test.exe | grep FIPS_text 00048844 T FIPS_text_end 0004883c t FIPS_text_endX 000095e8 T FIPS_text_start 000095e0 t FIPS_text_startX How does one invoke the new support to ensure that incore writes the fingerprint? What is the procedure to bring in the missing symbols (or allocate storage for them)? Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org