I've read other messages on this topic but I am still not clear on what I need to do to get this to work.
I need to cross-compile a FreeBSD binary on a Linux system. I can build natively on both FreeBSD and Linux. I am using openssl-1.0.1h and openssl-fips-2.0.5. My problem is that fipsld wants to run fips_standalone_sha1 on fipscanister.o and fips_premain.c. Unfortunately, the FreeBSD cross-compiled binary won't run on Linux and the Linux binary won't process fipscanister.o for FreeBSD. I've read the UserGuide and see that the incore utility will read ELF objects. My confusion is that the incore utility does not return the same fingerprint that fips_standalone_sha1 returns. For example, on Linux I get ./fips_standalone_sha1 fipscanister.o; cat fipscanister.o.sha1 HMAC-SHA1(fipscanister.o)= c771a0fcb0459af6bc41e08ec8ac1c40390c85f8 HMAC-SHA1(fipscanister.o)= c771a0fcb0459af6bc41e08ec8ac1c40390c85f8 but the incore utility reports echo -e "HMAC-SHA1(fipscanister.o)= \c"; \ ../util/incore -dso fipscanister.o;echo; cat fipscanister.o.sha1 HMAC-SHA1(fipscanister.o)= e2ccf7d960d747bbc6b0416f44b1ff57907f0a13 HMAC-SHA1(fipscanister.o)= c771a0fcb0459af6bc41e08ec8ac1c40390c85f8 I understand that I can modify fipsld as long as I preserve the verification of the HMAC-SHA1 fingerprint. I am at a loss as to how to do that with the incore utility. Any guidance would be appreciated. -- Eric Boehm ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
