On further examination, this problem appears to be bad compilation of the sha/fips_standalone_sha1 program:
[EMAIL PROTECTED]:~/Downloads/openssl-fips-1.1.1/fips-1.0$ which openssl /usr/bin/openssl [EMAIL PROTECTED]:~/Downloads/openssl-fips-1.1.1/fips-1.0$ openssl version OpenSSL 0.9.7l 28 Sep 2006 [EMAIL PROTECTED]:~/Downloads/openssl-fips-1.1.1/fips-1.0$ openssl sha1 -hmac etaonrishdlcupfm fips_premain.c HMAC-SHA1(fips_premain.c)= 6a08d15c578f1258246181bf52134ae974aa5a80 [EMAIL PROTECTED]:~/Downloads/openssl-fips-1.1.1/fips-1.0$ sha/ fips_standalone_sha1 fips_premain.c HMAC-SHA1(fips_premain.c)= 2f57ab3b34392031d618a56eba79267f783002a2 I'm going to assume that, even though fipscanister.o and fipscanister.o.sha1 are created, it is not possible to replace the fips_standalone_sha1 binary with a shell script that calls the binary already on the system. (Reasoning: it's a cryptographic operation, and thus it must be done through a FIPS-validated module in order to retain the FIPS validation for the result of the operation.) gcc version: i686-apple-darwin8-gcc-4.0.1 (GCC) 4.0.1 (Apple Computer, Inc. build 5367) Copyright (C) 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
