Steve, Thanks for the suggestion. Unfortunately, it is still not working.
I used Process Viewer and found that libeay32.dll's base address is 01C00000. I change the line: system "perl Configure VC-CE fips --with-fipslibdir=$myENCRYPTION_SRC_ROOT\\openssl_fips\\util\\fips-2.0 "; to system "perl Configure VC-CE fips --with-fipslibdir=$myENCRYPTION_SRC_ROOT\\openssl_fips\\util\\fips-2.0 --with-baseaddr=0x1C00000"; When I tested again, I was still getting the error message: FIPS_mode_set: 2D079089: error:2D079089:FIPS routines:fips_pkey_signature_test:test failure Interestingly, I am no longer getting the message: FIPS_mode_set: 2D06B06F: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match I used Process Viewer to confirm that the DLL was still at base address 1C00000. Is there anything I could have messed up in generating the signature in the first place? Or is the fingerprint matching now and something else is failing? Any other suggestions would be welcomed. Thanks, Joe -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dr. Stephen Henson Sent: Friday, October 19, 2012 7:25 AM To: [email protected] Subject: Re: Need help building FIPS capable Openssl for Windows CE On Thu, Oct 18, 2012, Mendonca, Joseph wrote: > > Would it be possible to get some instructions to accomplish building > the "ROM-based DLL"? I would like to try that. > > Well you need a consistent load address for the DLL. If it isn't ROM based then things like the load order can result in different addresses which will mess up the signature. So one (messy) way is to set up platform builder to get that consistent load address: as long as it doesn't change it doesn't matter what it is. You can use process viewer to check the load address. Then once you're sure the address doesn't change you can use that address when you build the FIPS capable OpenSSL to embed the signature. This is the --with-baseaddr=<address> option to Configure. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
