On Wed, Oct 13, 2010, [email protected] wrote:

> I got the FIPS openssl integrated with my application. Unfortunately I
> had to stick to build environment which is on sun solaris and my target
> machine is a powerpc embedded system.  Until now I had to create the
> application in solaris machine execute in the target, after getting the
> hmac signature recompiled the fips_premain.c with that signature. After
> checking Dr.Steve's post I tried using incore.gz on my application.
> Somehow the signatures are different
> 
> I noticed that the 'file format'  of the object I have is "elf32-big"
> which is not handled in the script. I assume the INCORE_ADJUST should be
> -8 for that type of format too. I added that code but still it returns a
> different signature that does not match with the generated signature
> from the target.
> 
> Any values I should check between the script's result on the host
> machine vs code loaded in the target to make it match ?
> 

There are several ways to do this. One is to not embed a signature and
call the executable on the target: it should then output the expected
signature. You can then tweak the offset so the two match.

Alternatively check out the code in FIPS_incore_fingerprint(). You can write a
simple program to dump the data that OpenSSL fingerprints, then modify the
script to dump the same data for its external fingerprint.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

Reply via email to