Re: FIPS-Capable openssl-1.0.1c: HP-UX parisc2-gcc hmac.c Build Crashes if FIPS Algs Specified, Runs Otherwise
On 09/11/2012 10:41 PM, Welling, Conrad Gerhart wrote: > openssl-users: > > > > Has anyone tried building FIPS-capable openssl-1.0.1c on HP PA-RISC 2.0? > If so, please give me a clue. We haven't had access to PA-RISC for some time now, so that platform is effectively unsupported. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com marqu...@openssl.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
FIPS-Capable openssl-1.0.1c: HP-UX parisc2-gcc hmac.c Build Crashes if FIPS Algs Specified, Runs Otherwise
openssl-users: Has anyone tried building FIPS-capable openssl-1.0.1c on HP PA-RISC 2.0? If so, please give me a clue. I can build the FIPS Object Module and link it, but, attempts to use FIPS algs fail although non-FIPS algs work. Following is brief description of test with hmac.c example from Users Guide. ### ### Platform ### HP 9000 C3600 C-Class Workstation PA-8600 Processor (64-bit) HP-UX 11i uname -a: HP-UX smirnov B.11.11 U 9000/785 2003396480 unlimited-user license gcc-4.7.0 ### ### Configure for FIPS Object Module OK. ### ... CC=gcc CFLAG =-DOPENSSL_FIPSCANISTER -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -DDSO_DL -D_REENTRANT -march=2.0 -O3 -D_REENTRANT EX_LIBS =-Wl,+s -ldld ... PROCESSOR = RANLIB=/barrel/E2E/dhp/hp-gcc-4.7.0/bin/ranlib ARFLAGS = PERL =/usr/local/bin/perl5.8.8 SIXTY_FOUR_BIT mode DES_PTR used DES_RISC1 used ... Configured for hpux-parisc2-gcc. ... ### ### Build FIPS Object Module without any problems and install to ###/usr/local/ssl/fips-2.0 OK ### ### ### Copy and modify hmac.c slightly to print more info. Then use ### following Makefile to build it OK. ### -> cat Makefile CC = gcc OPENSSLDIR = /usr/local/ssl/fips-2.0 LIBCRYPTO = $(OPENSSLDIR)/lib/libcrypto.a INCLUDES = -I$(OPENSSLDIR)/include CMD = hmac OBJS = $(CMD).o $(CMD): $(OBJS) FIPSLD_CC=$(CC) $(OPENSSLDIR)/bin/fipsld -o $(CMD) $(OBJS) $(LIBCRYPTO) $(OBJS): $(CMD).c $(CC) -c $(CMD).c $(INCLUDES) clean: rm $(OBJS) ### ### Run hmac con FIPS ### -> hmac -v hmac.c.old Start main Call FIPS_mode_set() Memory fault(coredump) ### ### Run hmac sin FIPS ### -> hmac -c -v hmac.c.old Start main Start dofile digest: 80a97335cb60a5a8278676aa6a725f5fbeee4944 ### ### Confirm digest ### -> openssl version OpenSSL 0.9.8g 19 Oct 2007 -> openssl dgst -sha1 -hmac etaonrishdlcupfm hmac.c.old HMAC-SHA1(hmac.c.old)= 80a97335cb60a5a8278676aa6a725f5fbeee4944
hmac.c
How can hmac.c(openssl/crypto/hmac) be used as pseudo random generator (to generate keys) and mac calculation? For both purpose i.e to generate keys and mac hmac.c is used. During keys 4th parameter of HMAC() is passed 0.AND During mac 4th parameter is message. prf= HMAC( md, key, keylen,(void *) &ZERO, sizeof(int), dummy, &len); mac = HMAC( md, key, keylen, msg, mlen, NULL, &len); I did not get how this is working for key and mac both, -- View this message in context: http://www.nabble.com/hmac.c-t1243771.html#a3293262 Sent from the OpenSSL - User forum at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]