OpenSSL FIPS validation of source files

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL FIPS validation of source files

prakash babu
Hello All,
 
I am using OpenSSL 0.9.7e with fips configure option.
 
I edited one of the fips source files and tried to build OpenSSL and I got the error
"Your source code does not match the FIPS validated source."
 
This error can be overcome as follows
 
i. Edit the fips source files.
ii. Generate the HMAC finger print for the new source file using the following command
    # openssl sha1 -hmac etaonrishdlcupfm file_name.c
    HMAC-SHA1(file_name.c)= b70bbbd675efe0613da0d57055310926a0104d55
iii. Replace this value with the original value in fingerprint.sha1 file.
iv. Now the product builds successfully with the modified fips source
v   libcrypto.a and libcrypto.a.sha1 are generated successfully.
 
Suppose I call this library a fips compliant library(though it is not).
How can a user who uses this library ensure that it was built from the FIPS validated sources
 
Thanks,
Prakash



What are the most popular cars? Find out at Yahoo! Autos