> I am attempting to build a FIPS-capable Openssl for an XScale processor > (ARMV4I) running under Windows CE 5.0 (using openssl-1.0.1c and > openssl-fips-2.0.1) > > > > The following is an excerpt of the build messages: > > perl C:\nan\gem\iStar\Encryption\openssl_fips\util\msincore -dso > out32dll_ARMV4I\libeay32.dll
Two points. 1. You don't have to use two-step link on Windows, 'msincore file' after usual link is sufficient. 2. For verification to work binary module, be it .exe or .dll, may not have relocations *or* loaded at predefined address. As you have virtually no control over address where dll is loaded in CE(*), fingerprint verification in dll is doomed to fail. So the only possibility is to statically link fips module into .exe(*), in other words forget about dll(**). (*) Not to mention that CE dlls chip away memory from all processes, it's nightmare, so if you only have one application that needs to operate in validated mode statically linked module is by all means better. (**) Well, it's not confirmed theory, but it might/should be possible to fingerprint so called ROM-based dll. In this case you'd build whole nk.bin with libeay.dll in it and fingerprint it there. It would require dedicated incore tool. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
