All, I downloaded and built the 20060124 stable snapshot and built the FIPS version for Windows. It built w/o errors, but it did not create a SHA1 signature file for fipscanister.obj. I built my application linking with libeay32.lib and ssleay32.lib. When I tried to enter FIPS mode with FIPS_mode_set(1), it failed with error FIPS_F_FIPS_CHECK_DSO, FIPS_R_FINGERPRINT_DOES_NOT_MATCH. The build procedures have changed since 0.9.7i, as a result of the certification back-and-forth, and I understand the Users Guide will be released soon with the FIPS build procedures. But I was able to enter FIPS mode with 0.9.7i by generating a SHA1 signature file of my app and passing the path to it to FIPS_mode_set, which has now dropped that parameter.
My question is, has the current snapshot changed since the 0124 snapshot with regards to building FIPS versions for Windows and entering FIPS mode? Or am I doing something wrong, or is there an additional step in the build process that is not yet documented? Jim Adams Principal Software Developer Seagull Software Systems, Inc. Voice: (540) 341-8440 x102, Fax: (540) 428-3473 <mailto: [EMAIL PROTECTED]> -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Monday, January 30, 2006 8:08 AM To: openssl-users@openssl.org Subject: Re: OpenSSL FIPS Certification On Sun, Jan 29, 2006, Kyle Hamilton wrote: > 0.9.7h is FIPS certified, as long as you build with unmodified sources > (and this is checked with an SHA check on the sources in question). > Err no IT IS NOT. The version submitted for validation included various changes to sequestered code (the stuff under fips/). No released version of OpenSSL currently includes these changes. The current 0.9.7-stable snapshot sequestered code matches the submitted version. 0.9.7j (not yet released) and later releases will also match it. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
