Has this been done successfully for Windows CE?
Yes, but not with dll. Even though do_fips.bat from FIPS module
source refers to cedll.mak, validation is performed with statically
linked applications. Probably one shouldn't have referred to
cedll.mak to avoid confusion. I don't know all the details, but I'd
guess it was chosen in order to keep modifications to *absolute*
minimum. But it's of lesser relevance, because once you've got
fipscanister.lib, you can use it in context of your liking. Of
course provided that your liking is within limitations imposed by
fingerprinting. Which in CE context [unfortunately] are "forget
about dll [or maybe go for rom-based]."
The CE 5 build used a ROM-based DLL and some flags set in platform builder.
In other words ROM-based dll is not unconfirmed theory. Great! As
mentioned, it should be possible to fingerprint ROM-based dll in ROM
image. It would make procedure more robust as well as simpler.
A
normal DLL wouldn't work: it ignored the load address and setting /FIXED
stopped it loading altogether.
/fixed removes relocations, so that dll becomes impossible to load at
alternative address. Presumably it could have worked on CE5, if base
address was available, it would simply take "laser precision".
I believe CE 6 (wasn't directly involved with that myself though) is
friendlier and doesn't need platform builder tweaks or a ROM based DLL.
But you'd still have to define base address and preferably add /fixed.
You simply have as large swing room as on normal Windows and don't have
to be precise. Yet you still have to use available base address.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
