Hi All, When linking to the FIPS Capable shared object, the program fails its fingerprint check:
$ arm-linux-androideabi-gcc --sysroot="$ANDROID_SYSROOT" -I/usr/local/ssl/android-14/include fips_hmac.c -o fips_hmac.exe /usr/local/ssl/android-14/lib/libcrypto.so.1.0.0 $ adb push /usr/local/ssl/android-14/lib/libcrypto.so.1.0.0 /data/local/tmp/ 827 KB/s (2154388 bytes in 2.541s) $ adb push fips_hmac.exe /data/local/tmp/ 64 KB/s (6884 bytes in 0.103s) $ adb shell shell@android: $ cd /data/local/tmp 255|shell@android: $ LD_LIBRARY_PATH=./; ./fips_hmac.exe -v * Attempting FIPS mode... 1076692172:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232: 2|shell@android:/data/local/tmp $ Any ideas why the signature would be in the BSS (initialized to 0): $ arm-linux-androideabi-objdump -T libcrypto.so.1.0.0 | grep -i FIPS_signature 001a9668 g DO .bss 00000014 FIPS_signature Should I be running fipsld somewhere (I thought that was done for the shared object during make). Below are the steps used to build the FIPS Object Module and FIPS Capable. Jeff **** FIPS Object Module ***** . ./setenv-android.sh cd openssl-fips-2.0.4/ ./config make sudo make install sudo mv /usr/local/ssl/fips-2.0/ /usr/local/ssl/$ANDROID_API sudo cp $FIPS_SIG /usr/local/ssl/$ANDROID_API/bin ***** FIPS Capable ***** . ./setenv-android.sh cd openssl-1.0.1e/ ./config fips shared -no-sslv2 -no-sslv3 -no-comp -no-hw -no-engines --openssldir=/usr/local/ssl/$ANDROID_API --with-fipsdir=/usr/local/ssl/$ANDROID_API --with-fipslibdir=/usr/local/ssl/$ANDROID_API/lib/ make depend make all sudo -E make install CC=$ANDROID_TOOLCHAIN/arm-linux-androideabi-gcc RANLIB=$ANDROID_TOOLCHAIN/arm-linux-androideabi-ranlib ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
