As far as I understand the HMAC-SHA1-SIG is something that is passed while compiling the fips_premain.c. And this is taken care by fipsld. Actually fipsld obtains this signature by executing the binary that is linked with fips_premain.o and recompiles the fips_premain.c by passing that signature .. I didn't find any issue while following the steps in the UserGuide.1.1
________________________________ From: [email protected] [mailto:[email protected]] On Behalf Of Lee Merrill Sent: Tuesday, October 12, 2010 5:55 PM To: [email protected] Subject: Re: FIPS Open SSL Build using VC++ on Windows I had a problem after building as well, I built the fips-mode (version 1.2) of openssl on LInux via running "./config fipscanisterbuild" and then "make", this builds fine, and "make test" works, only fipscanister.o doesn't have the strings that fipsld expects, when I run "strings fipscanister.o | fgrep HMAC" all I see is "HMAC: digest not allowed in FIPS mode". The other strings I got before with fips openssl 1.1 which have the hash values (e.g. "HMAC-SHA1(fips_premain.c)= 6a08d15c578f1258246181bf52134ae974aa5a80") are not present. This causes fipsld to fail, any suggestions appreciated. Lee -- On 10/12/2010 07:07 AM, rajesh kumar wrote: Hi All, i am very new to OpenSSL build ... I have build the static build of FIPS Capable OpenSSL as mentioned in user guide 1.2. I have used following commands on VS2005 Command Prompt... Build FIPS Module : ms\do_fips no-asm Set Confiugration : perl Configure VC-WIN32 --with-fipslibdir="..\openssl-0.9.8l\out32dll" For not using Assembler : ms\do_ms Static Build : nmake -f ms\nt.mak InstallStatic All this seems to work but the issue is that when i link libeay32.lib and ssleay32.lib in application and when i am calling FIPS_mode_set() function to set/reset FIPS Mode. I am seeing following link error ... error LNK2019: unresolved external symbol _FIPS_mode referenced in function Can some one please let me know if i am missing anything... when i am looking at the do_fips.bat file; it internally calls ntdll.mak - i am not sure if fips module is always creating Dynamic mode where as my application links them static... quick reply would be really helpful .... Thanks, Rajesh. -- Unless otherwise stated, any views presented in this email are solely those of the author and do not necessarily represent those of the company. Please do not print this email unless it is absolutely necessary. The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
