On Wed, May 11, 2005, Matyas Majzik wrote:
> Hi!
>
> I have a problem with hmac in fips mode.
>
> The following code always returns the same fingerprint. It doesn't depend
> on the data.
>
> #include<openssl/ssl.h>
> #include<openssl/hmac.h>
> .
> .
> .
> unsigned char data[16384];
> unsigned char md[256];
> unsigned int no;
> .
> .
> .
> HMAC_CTX ctx;
> HMAC_CTX_init(&ctx);
> FILE *fh=fopen("file","rb");
> HMAC_Init_ex(&ctx, (unsigned char *)"etaonrishdlcupfm", 16,EVP_sha1(),NULL);
> //HMAC_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
> do
> {
> no=fread(data,1,16384,fh);
> if( no>0 ) HMAC_Update(&ctx, data, no);
> }
> while(!feof(fh));
> HMAC_Final(&ctx, md, &no);
> HMAC_CTX_cleanup(&ctx);
>
> So md always contains the same values in fips mode. However in non fips
> mode this code works properly and md contains the proper sha1 hmac
> fingerprint.
>
> I tried openssl 0.9.7g stable and snapshot 2005.05.11. I built them on
> Windows XP. VS .NET 2003 using masm, both static and dynamic linking.
>
Check that you have successfully entered FIPS mode. It may be that an error
occurred there.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
