OK, that worked -- built my library using fipsld. However, on running, I am STILL getting fingerprint validation failure when calling FIPS_mode_set(1).
1552985864:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:229: Any good ideas on how to debug why? ----- Original Message ----- From: Dr. Stephen Henson <st...@openssl.org> To: openssl-users@openssl.org Cc: Sent: Friday, July 20, 2012 1:35 PM Subject: Re: FIPS 2.0: fipsld on cross-compile On Fri, Jul 20, 2012, AJ wrote: > 1) I am cross-compiling a static FIPS enabled OpenSSL library for Android > (using Linux host). > > I have generated the libssl.a and lib crypto.a. > I am trying to use the "fipsld" tool, as documented in Sec 5.3.1 in the User > Guide. > > However, I am running into the following error: > ../openssl-fips-2.0/fips/fipsld: line 137: > ../openssl-fips-2.0/fips/../fips/fips_premain_dso: cannot execute binary file > > > fips_premain_dso does not seem to be a linux executable (... nor does this > work when I try to link using MacOS cross-compile environment). > > > > Am I doing this right for cross-compile? > > If the fipsld script needs any modification, would this violate any FIPS > validation? > You need to set the FIPS_SIG environment variable to point to the incore script from the validated tarball. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
