Steve,
I resolved the remaining problem and now have FIPS working. For
OpenSSL, I had previously, found a compiler problem introduced during
optimization and had disabled optimization to avoid the problem. I had
to disable optimization during the FIPS module build to resolve this
remaining problem.
Changed:
$opt_cflags=' /MC /O1i'; # optimize for space, but with
intrinsics...
To:
$opt_cflags=' /MC /Od'; # optimize for space, but with
intrinsics...
In util\pl\VC-32.pl (for FIPS module)
However, having to continuously update "--with-baseaddr=0xnnnnnnn" is
going to be pain. So we need to explore the static linking option. It
is not obvious to me the changes needed generate the static LIB(s)
instead of the DLL. Could you provide me with the proper settings to
generate LIBs instead of the (libeay32.)DLL?
Thanks,
Joe
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Dr. Stephen Henson
Sent: Friday, October 19, 2012 6:39 PM
To: [email protected]
Subject: Re: Need help building FIPS capable Openssl for Windows CE
On Fri, Oct 19, 2012, Mendonca, Joseph wrote:
> Steve,
>
> Thanks for the suggestion. Unfortunately, it is still not working.
>
> I used Process Viewer and found that libeay32.dll's base address is
> 01C00000.
>
> I change the line:
> system "perl Configure VC-CE fips
> --with-fipslibdir=$myENCRYPTION_SRC_ROOT\\openssl_fips\\util\\fips-2.0
> ";
> to
> system "perl Configure VC-CE fips
> --with-fipslibdir=$myENCRYPTION_SRC_ROOT\\openssl_fips\\util\\fips-2.0
> --with-baseaddr=0x1C00000";
>
> When I tested again, I was still getting the error message:
> FIPS_mode_set: 2D079089: error:2D079089:FIPS
> routines:fips_pkey_signature_test:test failure
>
> Interestingly, I am no longer getting the message:
> FIPS_mode_set: 2D06B06F: error:2D06B06F:FIPS
> routines:FIPS_check_incore_fingerprint:fingerprint does not match
>
> I used Process Viewer to confirm that the DLL was still at base
> address 1C00000.
>
> Is there anything I could have messed up in generating the signature
> in the first place? Or is the fingerprint matching now and something
> else is failing?
>
That sounds like the signature is OK but some other self test is
failing.
Did you get fips_algvs built and can you run console applications on
your setup?
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
