Hello All,
I am using OpenSSL 0.9.7e with fips configure option.
I edited one of the fips source files and tried to build OpenSSL and I got the error
"Your source code does not match the FIPS validated source."
"Your source code does not match the FIPS validated source."
This error can be overcome as follows
i. Edit the fips source files.
ii. Generate the HMAC finger print for the new source file using the following command
# openssl sha1 -hmac etaonrishdlcupfm file_name.c
HMAC-SHA1(file_name.c)= b70bbbd675efe0613da0d57055310926a0104d55
iii. Replace this value with the original value in fingerprint.sha1 file.
iv. Now the product builds successfully with the modified fips source
ii. Generate the HMAC finger print for the new source file using the following command
# openssl sha1 -hmac etaonrishdlcupfm file_name.c
HMAC-SHA1(file_name.c)= b70bbbd675efe0613da0d57055310926a0104d55
iii. Replace this value with the original value in fingerprint.sha1 file.
iv. Now the product builds successfully with the modified fips source
v libcrypto.a and libcrypto.a.sha1 are generated successfully.
Suppose I call this library a fips compliant library(though it is not).
How can a user who uses this library ensure that it was built from the FIPS validated sources
How can a user who uses this library ensure that it was built from the FIPS validated sources
Thanks,
Prakash
What are the most popular cars? Find out at Yahoo! Autos
