On Wed, May 11, 2005, Matyas Majzik wrote: > Hi! > > I have a problem with hmac in fips mode. > > The following code always returns the same fingerprint. It doesn't depend > on the data. > > #include<openssl/ssl.h> > #include<openssl/hmac.h> > . > . > . > unsigned char data[16384]; > unsigned char md[256]; > unsigned int no; > . > . > . > HMAC_CTX ctx; > HMAC_CTX_init(&ctx); > FILE *fh=fopen("file","rb"); > HMAC_Init_ex(&ctx, (unsigned char *)"etaonrishdlcupfm", 16,EVP_sha1(),NULL); > //HMAC_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); > do > { > no=fread(data,1,16384,fh); > if( no>0 ) HMAC_Update(&ctx, data, no); > } > while(!feof(fh)); > HMAC_Final(&ctx, md, &no); > HMAC_CTX_cleanup(&ctx); > > So md always contains the same values in fips mode. However in non fips > mode this code works properly and md contains the proper sha1 hmac > fingerprint. > > I tried openssl 0.9.7g stable and snapshot 2005.05.11. I built them on > Windows XP. VS .NET 2003 using masm, both static and dynamic linking. >
Check that you have successfully entered FIPS mode. It may be that an error occurred there. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]