[openssl-dev] [openssl.org #3694] WinCE openSSL 1.0.1L with FIPS 2.0.8 - fingerprint does not match
Andy Polyakov via RT
rt at openssl.org
Thu Feb 26 19:43:56 UTC 2015
>> One thing to try would be to try both ways of the define for __thumb. This can explain the fingerprint failure.
>>
>> In fips_canister.c around line 188
>>
>> # if defined(__thumb__) || defined(__thumb)
>> return (void *)((size_t)instruction_pointer&~1);
>> # else
>> return (void *)instruction_pointer;
>> # endif
>
> Well, procedure is build fipscanister.obj, build fips_algvs.exe, use
> fipscanister.obj *binary* with application. So that that whatever thumb
> definition was it worked, in fips_algvs.exe context. Besides, that mask
> is more of an optimization thing. I mean it should work in either case,
> just that without masking the bit all memory references will be
> unaligned. In other words, problem ought to be elsewhere...
There is an inaccuracy in what I said. Specifically the "besides, that
mask is more of an optimization thing" is wrong. Depending on how binary
code is fingerprinted, it might be absolutely crucial to mask the least
significant bit for reasons totally unrelated to optimization. However,
it should be noted that on Windows, be it regular Windows or CE,
fingerprinting does *not* rely on value in question and it does not
matter if the bit in question is masked or not.
More information about the openssl-dev
mailing list