I have a common c library on top of openssl to abstract it from our applications we use for devices and servers. We can easily plug in any version of openssl going forward. On Android we had an existing jni wrapper for our common library that I compile with android ndk. Sorry, I realize is not obvious from my previous reply and I didn't mention it before. As you can see it is not error prone as we have the same code executing everywhere the same way.
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Andy Polyakov Sent: Friday, November 09, 2012 12:04 PM To: [email protected] Subject: Re: Building openssl fips 2.0 shared without version for Android > Very good point, I agree. The advantage of the shared object is I > don't need to sign the entire application again (fipsld). My understanding is that native methods are always collected in shared library. Shared library containing FIPS module is the only one that needs to be fingerprinted. So why are you referring to "entire application"? > I wrote a very simple > jni wrapper for the FIPS_mode_set function that can be called anywhere > within the application. > > #include <openssl/crypto.h> > #include <jni.h> > #include <jni_log.h> > #include <string.h> > > void Java_com_mycompany_util_setFipsModeEnabled(JNIEnv* env, jobject > javaThis, jboolean isEnabled) { > LOGD("in set Fips enabled"); > if (isEnabled) { > if(FIPS_mode_set(1)) { And then what? How does your application call OpenSSL functions [that invoke FIPS module]? Or do you count that shared libcrypto that you load overrides system libcrypto.so? It's possible, but it's error-prone solution... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
