The 1.2.0-test tarball IS NOT FIPS VALIDATED. You cannot make a FIPS-validated module from it.
When the 1.2.0 validation occurs, it will be announced here, the certificate will be posted on the NIST's website, the full validated tarball will be made available, and the certificate's Administration and User manuals will be released, including the correct HMAC for the validated tarball. Until then, you have to wait -- just like everyone else. This is likely a Nortel-internal political debate, so I'm going to make it absolutely clear: The module is not available at this time, because it is still in the validation process. If you have an application that requires FIPS validation that is designed to link with OpenSSL, you must wait to release it until the validated module is released. The 1.2.0-test tarball can be used to test the functionality of the fully-validated 1.2.0 module, thus making it possible to build and test and debug your application -- but the final FIPS-validated RTM build cannot be built at this time. We do not know how long it's going to take for the validation to occur. When it is complete and fully-validated, Steve Marquess of the Open Source Software Institute will post the announcement here. -Kyle H On Fri, Jul 18, 2008 at 12:46 PM, rabail javed <[EMAIL PROTECTED]> wrote: > thanx a lot and it worked ....but when i generated the HMAC-SHA-1 hash its > different from the one given in the security policy document .....actually i > have installed the openssl-fips-test-1.2.0 and the security policy document > "OPENSSL FIPS 140-2 Secuirty Policy versin 1.1.2" Appendix B shows value of > the HMAC-SHA1 digest for the fips module 1.1.2. > > > Could you please send me the HMAC-SHA-1 digest for the > openssl-fips-test-1.2.0.tar.gz so that i could compare it with my HMAC-SHA-1 > digest. > > Thanx again. > > On Fri, Jul 18, 2008 at 10:40 AM, Dr. Stephen Henson <[EMAIL PROTECTED]> > wrote: >> >> On Fri, Jul 18, 2008, rabail javed wrote: >> >> > Hi Bill, >> > I have installed the openssl-fips-test-1.2.0 using the following >> > commands >> > >> > ./config fipscanisterbuild >> > make >> > make install >> > >> > >> > and the libraray is installed in the /usr/local/ssl and i have generated >> > tehe fipscanister.o, fipscanister.o.sha1, fips_premain.c, >> > fips_premian.c.sha1, lipcrypto.so >> > >> > now i have download openssl-0.9.8b-stable-SNAP but i am unable to >> > compile >> > it. >> > I did >> > ./config fips shared --with-fipslibdir=/usr/local/ssl/fips-1.0/lib/ >> > --prefix=/usr/openssl-0.9.8b-SNAP >> > >> > make depend >> > >> > but i am getting the error "make: *** No rule to make target `depend`. >> > Stop" >> > >> > >> > >> > if a use make instead of make depend >> > then it says "make: *** No targets specified and nomake file found. >> > Stop." >> > >> > Could you please tell me how to compile it ??? >> > >> >> You can't: the 0.9.8 source tree is not (currently) FIPS capable. Instead >> you >> need to use the fips test snapshots such as: >> >> >> ftp://ftp.openssl.org/snapshot/openssl-0.9.8-fips-test-SNAP-20080718.tar.gz >> >> Steve. >> -- >> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage >> OpenSSL project core developer and freelance consultant. >> Homepage: http://www.drh-consultancy.demon.co.uk >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List openssl-users@openssl.org >> Automated List Manager [EMAIL PROTECTED] > > > > -- > Regards, > Rabail Javed > > Telecommunications Software Designer > NORTEL NETWORKS CORPORATION > Canada > cell: 1-613-242-1316 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
