I'm probably missing something really obvious here....
I've got a couple of non-makefile based scripts to build my program.
The program is a mix of C and C++, so the FIPSLD_CC/fipsld does not
work due to c++ name mangling.
The scripts have a couple of variables:
FIPS_PREMAIN=`find $OPENSSLDIR -iname fips_premain.c 2>/dev/null`
FIPS_INCORE=`find $OPENSSLDIR/fips-2.0 -iname incore 2>/dev/null`
If FIPS_PREMAIN is not empty, it gets added to C_SOURCES and compiled.
So FIPS_text_start, FIPS_text_end, FIPS_rodata_start, FIPS_rodata_end,
and FIPS_signature are present in the executable.
If FIPS_PREMAIN and FIPS_INCORE are not empty, I try to embed the
fingerprint after compiling and linking:
if [ -z $FIPS_PREMAIN ] || [ -z $FIPS_INCORE ]; then
echo "Unable to build FIPS validated executable..."
else
( set -x ; $FIPS_INCORE -exe ac-test.exe )
fi
After embedding the signature, the program will only output a fingerprint:
$ ./ac-test.exe
84f0e9fb94d7388eca89ccb82026e051f0a20cb7
A few of questions:
How do I invoke incore/my program the second time to embed the
fingerprint? I'm trying to make sense of fipsld/incore, but its not
readily apparent to me.
Or, how do I instruct incore to directly embed the fingerprint without
the second link? Just calculate and embed the signature in one pass.
Or, what is the switch to supply to instruct fipsld to embed a
signature on an existing executable *whout* trying to compile and link
it? Just calculate and embed the signature.
Thanks in advance.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
