[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: Need help cross-compiling OpenSSL FIPS
From: "Boehm, Eric" <Eric.Boehm () netapp ! com>
Date: 2014-07-29 14:54:04
Message-ID: ac9467e3df8a498ba4957e3f217cf2de () hioexcmbx02-prd ! hq ! netapp ! com
[Download RAW message or body]
I've read other messages on this topic but I am still not clear on what I need
to do to get this to work.
I need to cross-compile a FreeBSD binary on a Linux system.
I can build natively on both FreeBSD and Linux. I am using openssl-1.0.1h
and openssl-fips-2.0.5.
My problem is that fipsld wants to run fips_standalone_sha1 on
fipscanister.o and fips_premain.c. Unfortunately, the FreeBSD cross-compiled
binary won't run on Linux and the Linux binary won't process fipscanister.o
for FreeBSD.
I've read the UserGuide and see that the incore utility will read ELF
objects. My confusion is that the incore utility does not return the same
fingerprint that fips_standalone_sha1 returns.
For example, on Linux I get
./fips_standalone_sha1 fipscanister.o; cat fipscanister.o.sha1
HMAC-SHA1(fipscanister.o)= c771a0fcb0459af6bc41e08ec8ac1c40390c85f8
HMAC-SHA1(fipscanister.o)= c771a0fcb0459af6bc41e08ec8ac1c40390c85f8
but the incore utility reports
echo -e "HMAC-SHA1(fipscanister.o)= \c"; \
../util/incore -dso fipscanister.o;echo; cat fipscanister.o.sha1
HMAC-SHA1(fipscanister.o)= e2ccf7d960d747bbc6b0416f44b1ff57907f0a13
HMAC-SHA1(fipscanister.o)= c771a0fcb0459af6bc41e08ec8ac1c40390c85f8
I understand that I can modify fipsld as long as I preserve the verification
of the HMAC-SHA1 fingerprint. I am at a loss as to how to do that with the
incore utility.
Any guidance would be appreciated.
--
Eric Boehm
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic