Andy, Thank you for the response!
I am a bit confused. The process is using fipslink.pl to perform the linking. I thought that was the correct process to cross compile on x86 Windows XP system for a Windows CE ARM system. BTW, I am just using the provided process to build the FIPS capable OpenSSl using the "perl Configure VC-WIN32 fips --with-fipslibdir=c:\fips\path". I am new to OpenSSl and FIPS. Could you provide any suggestions as to what settings to change so that calculating and embedding the signature will work correctly. Has this been done successfully for Windows CE? -Joe -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andy Polyakov Sent: Thursday, October 18, 2012 6:08 AM To: [email protected] Subject: Re: Need help building FIPS capable Openssl for Windows CE > I am attempting to build a FIPS-capable Openssl for an XScale > processor > (ARMV4I) running under Windows CE 5.0 (using openssl-1.0.1c and > openssl-fips-2.0.1) > > > > The following is an excerpt of the build messages: > > perl C:\nan\gem\iStar\Encryption\openssl_fips\util\msincore -dso > out32dll_ARMV4I\libeay32.dll Two points. 1. You don't have to use two-step link on Windows, 'msincore file' after usual link is sufficient. 2. For verification to work binary module, be it .exe or .dll, may not have relocations *or* loaded at predefined address. As you have virtually no control over address where dll is loaded in CE(*), fingerprint verification in dll is doomed to fail. So the only possibility is to statically link fips module into .exe(*), in other words forget about dll(**). (*) Not to mention that CE dlls chip away memory from all processes, it's nightmare, so if you only have one application that needs to operate in validated mode statically linked module is by all means better. (**) Well, it's not confirmed theory, but it might/should be possible to fingerprint so called ROM-based dll. In this case you'd build whole nk.bin with libeay.dll in it and fingerprint it there. It would require dedicated incore tool. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
