Hello All, Some details are given in the below link.(PAGE 13) http://openssl.org/docs/fips/UserGuide-2.0.pdf
HMAC-SHA-1 digest A HMAC-SHA-1 digest of a file using a specific HMAC key (the ASCII string "etaonrishdlcupfm"). Such digests are referred to in this document as "digests" or "fingerprints". The digests are used for integrity checking to verify that the software in question has not been modified or corrupted from the form originally used as the basis of the FIPS 140-2 validation. Trying to relate the following error code status from test Application: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide about this command. openssl sha1 -hmac etaonrishdlcupfm openssl-fips-2.0.9.tar.gz Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, August 13, 2015 8:13 AM To: 'r...@openssl.org' Subject: RE: [openssl.org #3978] Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Appreciate for any suggestion. Currently no clue about the issue. Thanks&Regards Ashwini V Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Tuesday, August 04, 2015 8:24 AM To: 'openssl-dev@openssl.org'; 'openssl-us...@openssl.org'; 'r...@openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS; Reddy, Harshavardhana IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, Following steps are done to check the FIPS feasibility . To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Note: The libleay32.dll preferred address is 0xFB00000 in Q-Build Its different in case of Syngo normal build 0x10000000. Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Thursday, July 30, 2015 3:17 PM To: 'openssl-dev@openssl.org'; 'openssl-us...@openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; Karunakaran, Sajith IN BLR STS Subject: FW: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I have followed the below steps Integration of FIPS Complaint compiled OPENSSL Library with Visual Studio 2008 ==================================================================== 1. Open Visual Studio 2008 2. File => New => Project => Visual C++ => Win 32 => Win32 Console Application=> Next => Empty Project => Finish 3. Right Click on source file => Add => Existing Items => C:\openssl-fips-2.0\fips\hmac\fips_hmactest.c 4. Right Click on Resources File => Add => Existing Items => libeayfips32.lib, ssleay32.lib & libeaycompat32.lib (from C:\openssl-1.0.1e-fips-compliant\out32) and C:\openssl-1.0.1e-simple\out32\libeay32.lib (OpenSSL simple Version) 5. Right Click on fips_hmactest.c=> Properties => C++ => General => Additional Include Directories : C:\usr\local\ssl\include => Finish 6. Compile the Project => Works Fine The following code was used to set the fips mode in our application. int mode = FIPS_mode(), ret = 0; unsigned long err = 0; if(mode == 0) { ret = FIPS_mode_set(1 ); err = ERR_get_error(); } if(1 != ret) DisplayError("FIPS_mode_set failed", err); Get the following error code status: 2D06B06F - (FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT),"FIPS_check_incore_fingerprint"}, Please guide me throught the error. Kindly share your thoughts and let me know opinion and also provide us the steps how this error can be overcome? To check ASLR dependency the following link was referred. http://openssl.6102.n7.nabble.com/FIPS-Module-1-2-build-with-Visual-Studio-2010-fails-self-tests-td36372.html Linker properties were changed in visual studio 2008 for the test application executable file. The following flag was disabled ( which was enabled by default in 2008VS) Linker>Advanced Properties>Disable the "Randomized Base Address property " There is no change in the error code. We get the below error when run the exe: ERROR:2D06B06F:LIB-45,FUNC=107,REASON=111:FILE=fips.c line=232 FIPSerr(FIPS_F_FIPS_CHECK_INCORE_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH); Regards Ashwini Patil _____________________________________________ From: Patil, Ashwini IN BLR STS Sent: Friday, July 17, 2015 5:31 PM To: 'openssl-dev@openssl.org' Cc: Inbarajan, Prabhu IN BLR STS; CN, Sujai IN BLR STS; Reddy, Harshavardhana IN BLR STS Subject: RE: Openssl 1.0.2c include the FIPS 140-2 Object Module Hello All, I am using windows 7 64-BIT Service Pack 1 OS . Visual Studio 2008 (Visual studio tool used is normal 32-bit cmd prompt not cross compiler) Nasm - nasm-2.11.08 Perl - ActivePerl-5.20.1.2000-MSWin32-x86-64int-298557 (1) I have used the below steps to integrate openssl-fips2.0.9 in openssl-1.0.2c : Procedure for FIPS Enabled OpenSSL Module Compilation ===================================================== ================================= 1. Compile openssl-fips2.0 module ================================= a. Extract the contents of openssl-fips-2.0.9tar.gz to C:\openssl-fips-2.0.9\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-fips2.0.9\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. ms\do_fips [no-asm] (nmake -f ms\ntdll.mak & nmake -f ms\ntdll.mak install are included in this command) Compiled FIPS module is located at C:\usr\local\ssl\fips-2.0.9 ======================================================= 2. Integrate compiled openssl-fips2.0.9 in openssl-1.0.2c ======================================================= a. Extract the contents of openssl-1.0.1e.tar.gz to C:\openssl-1.0.2c-fips-compliant\ b. Open Visual Studio 2008 Command Prompt. c. cd C:\openssl-1.0.2c-fips-compliant\ d. Copy all the contents of "C:\Program Files\NASM" in this source folder e. perl Configure VC-WIN32 fips --with-fipslibdir=C:\usr\local\ssl\fips-2.0.9 f. ms\do_nasm g. nmake -f ms\nt.mak h. For Testing, use the following command: nmake -f ms\nt.mak test i. nmake -f ms\nt.mak install j. (If you want to create DLL files then Use the following commands nmake -f ms\ntdll.mak && nmake -f ms\ntdll.mak install) k. Compiled FIPS compliant OpenSSL exe is located at C:\usr\local\ssl\bin\openssl.exe l. Run C:\usr\local\ssl\bin\openssl.exe and type "version". You will be confirmed to get the following output. ======================================= ****OpenSSL 1.0.2c-fips 12 June 2015**** ======================================= m. Compiled FIPS compliant OpenSSL fipslibeay32.lib, ssleay32.lib & libeaycompat32.lib are located at C:\openssl-1.0.1e-fips-compliant\out32 n. Compiled FIPS compliant OpenSSL fipslibeay32.dll & ssleay32.dll are located at C:\openssl-1.0.1e-fips-compliant\out32 Build is successful and able to generate fipslibeay32.lib, ssleay32.lib, libeaycompat32.lib & ssleay32.dll. But fipslibeay32.dll is missing. Please guide me . When executed the command nmake -f ms\ntdll.mak I get the below error for the first time: nmake -f ms\ntdll.mak Creating library out32dll\libeay32.lib and object out32dll\libeay32.exp out32dll\fips_premain_dso.exe out32dll\libeay32.dll 2796:error:25078067:DSO support routines:WIN32_LOAD:could not load the shared li brary:.\crypto\dso\dso_win32.c:179:filename(out32dll\libeay32.dll) 2796:error:25070067:DSO support routines:DSO_load:could not load the shared libr ary:.\crypto\dso\dso_lib.c:232: Get hash failure at \usr\local\ssl\fips-2.0\bin\fipslink.pl line 60. NMAKE : fatal error U1077: 'C:\Perl64\bin\perl.EXE' : return code '0x1' Stop. Please provide your help for the same. Please let me know if any steps are missed. With best regards, Ashwini V Patil Siemens Technology and Services Private Limited CT DC AA HC H1-FH STD IBP 6 84, Hosur Road Bengaluru 560100, Indien Mobil: +91 9008132565 mailto:ashwini.vpa...@siemens.com http://www.siemens.co.in/STS Registered Office: 130, Pandurang Budhkar Marg, Worli, Mumbai 400 018. Telephone +91 22 39677000. Fax +91 22 39677075. Other Offices: Bengaluru, Chennai, Gurgaon, Noida, Pune. Corporate Identity number:U99999MH1986PLC093854 _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev