Looking at the fips_canister.c I see that ia32 (32-bit and 64-bit) systems are
not enabled with the cross compiling when using 'Linux'. But ia32 (32-bit) is
enabled on Android systems.
This is preventing me from cross compiling and using the fipsld with the incore
script to link my applications.
I modified fips_canister.c as shown in the attached patch. So far in my testing
(building various applications and running them on the target system), the
incore script is working correctly.
Would it be possible to add this change to the fips_canister in a future
version, or would this require a full re-validation of the openssl-fips?
Until then, my only other option is to use something like qemu to run the linked
application to get the necessary checksum, in order to recompile/relink the
final binary. Is modifying the fipsld script in such a way acceptable for FIPS
compliance?
Thanks for any insight.
--Mark
diff -ur openssl-fips-2.0.5.orig/fips/fips_canister.c
openssl-fips-2.0.5/fips/fips_canister.c
--- openssl-fips-2.0.5.orig/fips/fips_canister.c 2013-04-10
16:43:06.000000000 -0500
+++ openssl-fips-2.0.5/fips/fips_canister.c 2014-03-24 09:33:01.009630420
-0500
@@ -34,6 +34,8 @@
defined(__mips__)|| defined(__mips))) || \
(defined(__NetBSD__) && (defined(__powerpc__) || defined(__i386))) ||
\
(defined(__linux) && ((defined(__PPC__) && !defined(__PPC64__)) || \
+ defined(__i386__) || defined(__i386) || \
+ defined(__x86_64) || defined(__x86_64__) || \
defined(__arm__) || defined(__arm)) || \
defined(__mips__)) || \
(defined(__APPLE__) /* verified on all MacOS X & iOS flavors */)|| \
