Hi,
We have an application running in WINCE Kernel address space as a DLL.
We require to have it compiled against FIPS enabled openSSL.
For that we followed following steps:
=================================
1. compiled openssl-fips2.0.3 and built fipscanister.lib.
2. took openssl-1.0.1c and linked to create FINGERPRINTED libeay32.dll.
3. Linked libeay32.dll in a driver code to load the library and call
FIPS_mode_set(1).
4. From the platform builder noted the load address of libeay32.dll as ROMDll.
5. Tried to recompile libeay32.dll using that base address.
=====================================
Now the problem we have faced is:
======================================
link.exe won't accept baseaddr > 2GB, even with /LARGEADDRESSAWARE flag.
link.exe accepts baseaddr > 2GB with /LARGEADDRESSAWARE /DRIVER flag,
but it adds a section called INIT, fro which current msincore script
generates wrong sha1 and fingerprinting fails upon running it.
======================================
To get around the problem we have added following line in msincore
script, all the build procedure and files remains exactly same as in
source distribution.
======================================
system("editbin /nologo /rebase:base=0xc08a0000 @ARGV[$#ARGV] >
@ARGV[$#ARGV].rel");
======================================
Please let me know :
a> If the libeay32.dll thus produced will still be FIPS 140-2 validated module ?
b> Is there a better way solving the above described problem ?
Thanks in Advance,
-Abhijit
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
