I am new to openssl and have to created a OpennSSl Fips application in windows.
I downloaded the openssl-fips-1.2.3.tar.gz and the 140sp1051.pdf which is for
Fips 1.2.3
I ranned the do_fips bat which build with no problem on VS2008. I ran the
fips_test_suite.exe which ran without error(see below).
I then created a test application that connect to existing SSL enable server.
Which is connecting with no problem. I am also calling FIPS_mode_set(1)
function and it is returning 1. So all look to be working.
But on the document there is the section on "Linking the Runtime Executable
Application" (show below)which I am not sure on.
Do I need to do any thing special to my application. Any help will be great.
Thanks Ricky
Linking the Runtime Executable Application
Note that applications interfacing with the FIPS Object Module are outside of
the cryptographic
boundary. When linking the application with the FIPS Object Module two steps
are necessary:
1. The HMAC-SHA-1 digest of the FIPS Object Module file must be calculated and
verified against
the installed digest to ensure the integrity of the FIPS object module.
2. A HMAC-SHA1 digest of the FIPS Object Module must be generated and embedded
in the FIPS
Object Module for use by the FIPS_mode_set() function at runtime initialization.
fips_test_suite.exe results:
C:\OpenSSL FIPS
140-2(V1.2.3)\openssl-fips-1.2.3(Latest)\openssl-fips-1.2.3.tar\openssl-fips-1.2.3\out32dll>fips_test_suite.exe
FIPS-mode test application
1. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful
2. Automatic power-up self test...successful
3. AES encryption/decryption...successful
4. RSA key generation and encryption/decryption...successful
5. DES-ECB encryption/decryption...successful
6. DSA key generation and signature validation...successful
7a. SHA-1 hash...successful
7b. SHA-256 hash...successful
7c. SHA-512 hash...successful
7d. HMAC-SHA-1 hash...successful
7e. HMAC-SHA-224 hash...successful
7f. HMAC-SHA-256 hash...successful
7g. HMAC-SHA-384 hash...successful
7h. HMAC-SHA-512 hash...successful
8. Non-Approved cryptographic operation test...
a. Included algorithm (D-H)...successful as expected
9. Zero-ization...
Generated 128 byte RSA private key
BN key before overwriting:
14c1cd71a6ee8f838356ed8e99fafac6e30e2013323bb30ed5d811e1f6f6e3f59f79227e6eecf3b88f3f56f898d7eee76a5e19d90df414ec5f74c57d2db44b483dba3e6c3
b4ea5de97dcc55d02692d9c619e2738f30564a7199e835f801fc439906c099b326b7075df675af38efcbdf2928d941f82c84cd2d4fbb3d620ce1
BN key after over
ting:
4489c354b39f237f23c199b4633c7b8aff06f59852714ab9f5420c09d9c3b307de21039865df6fee4cee23c8babe4ea4bb3a3f224ff26be5fc15d09eaddae1cc0bebc9ba6
91de77141ab52ef154410d369bb50420e9ae734124483950ab96e28bd1069cd08d682b4274fad9af293ea92c1e9e5185883113e4d4c216a181af
char buffer key b
re overwriting:
4850f0a33aedd3af6e477f8302b10968
char buffer key after overwriting:
200db54d63bfab8141f28dcabbf412ec
successful as expected
All tests completed with 0 errors
