server:~# openssl sha1 testfile
139697803871912:error:2D06B06F:FIPS
routines:FIPS_check_incore_fingerprint:fingerprint does not
match:fips.c:232:
Thanks a lot!!
2015-09-02 20:16 GMT+02:00 Dr. Stephen Henson <st...@openssl.org>:
> On Tue, Sep 01, 2015, Alberto Roman Linacero wrote
Hi there, I'd like to know how to make fail some application compiled
with the FIPS module, I need to make that test for a certification
process but my tests doesn't get the application fail.
When some application is compiled with fipscanister.o it stores
inside the application a FIPS_signature.
724240ae1a6fd4345d4922db5
---
> HMAC-SHA1(fipscanister.o)= a1b9666ebbcb8fee0cbd15aa9d55862bf0d7062e
/usr/local/ssl/fips-2.0/lib//fipscanister.o fingerprint mismatch
make[2]: *** [link_app.] Error 1
Thanks again,
Alberto.
2015-09-01 19:53 GMT+02:00 Dr. Stephen Henson <st...@openssl.org>:
> On Tue
not sure if I'm thinking it fine, or if I could change e_os.h
to do that and still being FIPS certified, or...
Alberto.
2015-03-11 21:10 GMT+01:00 Tom Francis thomas.francis...@pobox.com:
On Mar 11, 2015, at 11:40 AM, Alberto Roman Linacero aro...@alienvault.com
wrote:
Dear all, I'm doing
Dear all, I'm doing an strace to the FIPS validated version of
openssl, and I'm seeing that is uses /dev/urandom. I thought that the
FIPS validated module always use /dev/random, isn't this the case, or
am I doing something wrong?.
If it uses /dev/urandom, is it possible/advisable to change it to
Dear all,
I'm trying to map the SP800-56b NIST document to the OpenSSL
capabilities running in FIPS mode.
There is a table full of should not, should, shall and so on,
needed to be filled by any NIST approved product, but there are
certain issues, that seems that OpenSSL doesn't pass, and the
