> [EMAIL PROTECTED] - Thu Mar 01 18:42:31 2007]: > > On further examination, this problem appears to be bad compilation of > the sha/fips_standalone_sha1 program: >
Which would indicate either a bad SHA1 implementation or that that programs' calls are getting a translated version of the file. Try compiling the 1.1.1 distro in non-FIPS mode and compare its results. > > > I'm going to assume that, even though fipscanister.o and > fipscanister.o.sha1 are created, it is not possible to replace the > fips_standalone_sha1 binary with a shell script that calls the binary > already on the system. > (Reasoning: it's a cryptographic operation, and thus it must be done > through a FIPS-validated module in order to retain the FIPS > validation for the result of the operation.) > The reasoning is that the build failed from the validated sources so the result is not validated. Steve ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
