18908406 Checksum of OpenSSL FIPS tar ball should be checked with FIPS validated openssl
--- a/components/openssl/openssl-fips/Makefile Fri Jun 06 13:20:18 2014 -0700
+++ b/components/openssl/openssl-fips/Makefile Fri Jun 06 13:45:34 2014 -0700
@@ -18,7 +18,7 @@
#
# CDDL HEADER END
#
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
#
#
@@ -113,8 +113,8 @@
# used and that we used the correct tarball.
$(BUILD_DIR)/%/.verified: $(BUILD_DIR)/%/.installed
(printf x; \
- $(ENV) - LD_LIBRARY_PATH=$(@D) \
- openssl sha1 -hmac $(OPENSSL_FIPS_HMAC_KEY) \
+ $(ENV) - OPENSSL_FIPS=1 LD_LIBRARY_PATH=$(@D) \
+ /lib/openssl/fips-140/openssl sha1 -hmac $(OPENSSL_FIPS_HMAC_KEY) \
$(COMPONENT_ARCHIVE)) | \
$(NAWK) '{ if ($$2 != "$(OPENSSL_FIPS_HMAC)") exit 1 }'
@echo Basic FIPS-140 mode verification passed.