[openssl-dev] [openssl.org #3694] WinCE openSSL 1.0.1L with FIPS 2.0.8 - fingerprint does not match

[Gilles Khouzam via RT]

Hi Lior,

One thing to try would be to try both ways of the define for __thumb. This can explain the fingerprint failure. 

In fips_canister.c around line 188

# if defined(__thumb__) || defined(__thumb)
    return (void *)((size_t)instruction_pointer&~1);
# else
    return (void *)instruction_pointer;
# endif

-----Original Message-----
From: openssl-dev [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Lior Gotian via RT
Sent: Tuesday, February 10, 2015 11:16
Cc: openssl-dev at openssl.org
Subject: [openssl-dev] [openssl.org #3694] WinCE openSSL 1.0.1L with FIPS 2.0.8 - fingerprint does not match

I was successful at compiling the FIPS 2.0.8 module for Windows CE exactly as provided without any modifications.
Additionally, I built fips_algvs.exe to successfully validate the canister on the target system.

After tweaking some #ifdef directives in the openSSL 1.0.1L, I was able to get it to successfully build for WinCE.

The build appears to complete successfully.  However, at run-time, entering FIPS mode fails with an error messages:
FIPS_check_incore_fingerprint:fingerprint does not match

I have reviewed the build instructions carefully and believe all the build instructions have been adhered to.  What needs to be changed for the signature to be properly embedded?

Thank you for your assistance.

Best regards,
Lior Gotian



This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If you are not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited.

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev