I was recently able to build the 20060323 stable snapshot of 0.9.7j in fips mode with the fips 1.0 canister built per the security policy. (Windows build). Previously when I got the error that the source didn't match the validated source, it was because I had unzipped with CR LF instead of just LF.
Jim -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Thursday, March 30, 2006 11:34 AM To: openssl-users@openssl.org Subject: Re: building 0.9.7j with fips parameter On Thu, Mar 30, 2006, Tinnerello, Richard wrote: > Hello, > Has anyone been able to build 0.9.7j (OpenSSL-fips-1.0) with the 'fips' parameter? > We get a hash check error although we have modified nothing in the distribution: > > make[3]: Leaving directory `/sci/users/OpenSSL/openssl-0.9.7j/fips-1.0/hmac' > /usr/local/bin/perl ../util/checkhash.pl || (rm fipscanister.o* 2>/dev/null; exit 1) > Hash check failed for file Makefile > FATAL: hash mismatch on 1 files > *** Your source code does not match the FIPS validated source *** > make[2]: *** [check] Error 1 > > The 0.9.7i version builds fine with fips specified. Thanks, This will be detailed in the user guide in due course. Briefly... you first have to compile and install from the validated source which is at: http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz You *have to* use the command sequence: ./config fips make make install then you can download a recent OpenSSL 0.9.7 snapshot. You can pass additional command line options this time and you have to include the "fips" switch to config or Configure. It should then link in the validated FIPS modules you built before. The functionality to link a newer version of OpenSSL to the validated module is a fairly recent change so it may need a bit of tweaking. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]