Steve, The compiler version is: Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.01.8569 for ARM Copyright (C) Microsoft Corp 1984-1999. All rights reserved.
I know this is an older version, but it is what was used to develop the rest of the NK.bin. It is likely that the problem was resolved in a newer compiler version. The DLL is currently included in the NK.bin. -Joe -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dr. Stephen Henson Sent: Thursday, October 25, 2012 3:45 PM To: [email protected] Subject: Re: Need help building FIPS capable Openssl for Windows CE On Thu, Oct 25, 2012, Mendonca, Joseph wrote: > Steve, > > I resolved the remaining problem and now have FIPS working. For > OpenSSL, I had previously, found a compiler problem introduced during > optimization and had disabled optimization to avoid the problem. I > had to disable optimization during the FIPS module build to resolve > this remaining problem. > Changed: > $opt_cflags=' /MC /O1i'; # optimize for space, but with > intrinsics... > To: > $opt_cflags=' /MC /Od'; # optimize for space, but with > intrinsics... > In util\pl\VC-32.pl (for FIPS module) > Unfortunately making changes like that violates the security policy and the result is no longer validated. The original CE5 validation also suffered from a compiler bug which was worked around by disabling optimisation for the affected code see crypto/bn/bn_nist.c in the 2.0.1 sources. What version of C compiler are you using? > However, having to continuously update "--with-baseaddr=0xnnnnnnn" is > going to be pain. So we need to explore the static linking option. > It is not obvious to me the changes needed generate the static LIB(s) > instead of the DLL. Could you provide me with the proper settings to > generate LIBs instead of the (libeay32.)DLL? > Well a fixed base address can work provided you make approriate changes to platform builder and include the DLL in the nk.bin file. A static build of the FIPS capable OpenSSL is untested but should follow the rules of a static Win32 build (call the static Makefile instead). You'd then need to modify the link procedure of your application to call fipslink.pl or an equivalent (e.g. making use of msincore). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
