Hi, We are working on porting FIPS compliant Openssl to a vxworks (5.4) based platform, running on MPC85xx cpu family. I compiled the FOM (version 3.0) which includes the complete fips modules (fipscanister.o....fips_premain.o). This is a statically linked library. So, the libcrypto.a and libss.a files that are generated by building the FIPS and openssl modules are linked to a final elf format binary file. Apart from this application binary, there is a kernel binary and driver binary that are downloaded to the target.
I am using the fipsld script to do the final linking and build. But the vxworks version we use does not support the __attribute__ and constructor etc defined in fips_premain.c. So, I copied all the code from fips_premain.c to fips.c and compiled the FOM (3.0) and SSL modules to create libcrypto.a and libssl.o. I know this will create fingerprint mismatch for the fips.c and the final libcrypto.a as well. I tried to invoke the fipsld. But it gave linker errors and -o related errors. So, I invoked the incore script directly which generates and embeds the signature into the FINGERPRINT_ascii_value of the cross-compiled libcrypto.a. The incore script properly copies the signature into the object. Then, this object is sent through the gzip processing and loaded into the target. In the target, I am calling the FINGERPRINT_premain() manually first. It copies the converted FINGERPRINT_ascii_value into the FIPS_signature. But after that FIPS_mode_set(1) is failing with finger print mismatch. Selftest fails too because of the same reason. Any idea how I can resolve these issues? I am suspecting the object might be relocated during loading in target. That could be the reason for fingerprint mismatch on the target? Or is there a difference between the SHA1 key calculation algorithm in incore file and the target FIPS_incore_fingerprint calculation? I could not find any visible difference. The incore script is a perl script which implements the same HMAC package that is running in the target. I am attaching the incore script file as wel. Thanks, R. Sairam
incore
Description: incore
