Hi, I am probably re-posting same question after I made some headway in compiling, linking and running FIPS enabled openssl module in our platform. Following are the steps I followed:
1. Downloaded http://www.openssl.org/source/openssl-fips-2.0.2.tar.gz : 2. I have used following script to setup the environment: =============================================== export MACHINE=armv4t export RELEASE=2.6.23 export SYSTEM=Linux export ARCH=arm export CROSS_COMPILE="/opt/fip-tools/" export HOSTCC=/usr/bin/gcc ================================================ ./config -t Operating system: armv4t-whatever-linux2 Auto Configuring fipsonly Auto Configuring fipsonly Configuring for linux-armv4 /usr/bin/perl ./Configure linux-armv4 -Wa,--noexecstack no-bf no-camellia no-cast no-idea no-md2 no-md5 no-mdc2 no-rc2 no-rc4 no-rc5 no-ripemd no-seed ================================================== 3. created a shell script: /opt/fip-tools/gcc ============================================== /opt/gccarm-4.1.2/bin/gcc -march=armv4 -Dmalloc=XXX_malloc -Dfree=XXX_free $* ============================================== -march was needed as we need to specify the cpu architecture, else build fails as openssl header file tries to guess the CPU architechture. -Dmalloc was needed, as we have custom memory allocator. 4. built fipscanister.o linked with our customized openssl-1.0.1c and created signed libcrypto.so. 5. compiled with our application and run it in our target platform. ======================================================== Now my question is : As I have not changed a single file in openssl-fips-2.0.2 source tree and since FIPS_selftest() , FIPS_mode_set(1) passes in our platform, does that mean libcrypto.so that I built is FIPS compliant ? Thank you in advance, -Abhijit ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
