On Wed, Oct 13, 2010, [email protected] wrote: > I got the FIPS openssl integrated with my application. Unfortunately I > had to stick to build environment which is on sun solaris and my target > machine is a powerpc embedded system. Until now I had to create the > application in solaris machine execute in the target, after getting the > hmac signature recompiled the fips_premain.c with that signature. After > checking Dr.Steve's post I tried using incore.gz on my application. > Somehow the signatures are different > > I noticed that the 'file format' of the object I have is "elf32-big" > which is not handled in the script. I assume the INCORE_ADJUST should be > -8 for that type of format too. I added that code but still it returns a > different signature that does not match with the generated signature > from the target. > > Any values I should check between the script's result on the host > machine vs code loaded in the target to make it match ? >
There are several ways to do this. One is to not embed a signature and call the executable on the target: it should then output the expected signature. You can then tweak the offset so the two match. Alternatively check out the code in FIPS_incore_fingerprint(). You can write a simple program to dump the data that OpenSSL fingerprints, then modify the script to dump the same data for its external fingerprint. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
