As far as I understand the HMAC-SHA1-SIG is something that is passed
while compiling the fips_premain.c. And this is taken care by fipsld.
Actually fipsld obtains this signature by executing the binary that is
linked with fips_premain.o and recompiles the fips_premain.c by passing
that signature .. I didn't find any issue while following the steps in
the UserGuide.1.1

________________________________

From: [email protected]
[mailto:[email protected]] On Behalf Of Lee Merrill
Sent: Tuesday, October 12, 2010 5:55 PM
To: [email protected]
Subject: Re: FIPS Open SSL Build using VC++ on Windows


I had a problem after building as well, I built the fips-mode (version
1.2) of openssl on LInux via running "./config fipscanisterbuild" and
then "make", this builds fine, and "make test" works, only
fipscanister.o doesn't have the strings that fipsld expects, when I run
"strings fipscanister.o | fgrep HMAC" all I see is "HMAC: digest not
allowed in FIPS mode". The other strings I got before with fips openssl
1.1 which have the hash values (e.g. "HMAC-SHA1(fips_premain.c)=
6a08d15c578f1258246181bf52134ae974aa5a80") are not present. This causes
fipsld to fail, any suggestions appreciated.

Lee


--


On 10/12/2010 07:07 AM, rajesh kumar wrote:

        Hi All,

        i am very new to OpenSSL build ...

        I have build the static build of FIPS Capable OpenSSL as
mentioned in user guide 1.2.

        I have used following commands on VS2005 Command Prompt...

        Build FIPS Module : ms\do_fips no-asm


        Set Confiugration : perl Configure VC-WIN32
--with-fipslibdir="..\openssl-0.9.8l\out32dll"


        For not using Assembler : ms\do_ms


        Static Build : nmake -f ms\nt.mak InstallStatic


        All this seems to work but the issue is that when i link
libeay32.lib and ssleay32.lib in application and when i am calling
FIPS_mode_set() function to set/reset FIPS Mode.

        I am seeing following link error ...

        error LNK2019: unresolved external symbol _FIPS_mode referenced
in function

        Can some one please let me know if i am missing anything...

        when i am looking at the do_fips.bat file; it internally calls
ntdll.mak - i am not sure if fips module is always creating Dynamic mode
where as my application links them static...

        quick reply would be really helpful ....

        Thanks,
        Rajesh.


--
Unless otherwise stated, any views presented in this email are solely
those of the author and do not necessarily represent those of the
company.

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com

Reply via email to