On Fri, Jul 27, 2012, Cassie Helms wrote: > Dr. Stephen Henson <steve@...> writes: > > > > Integrity test started > > > ERROR:2D06B06F:lib=45,func=107,reason=111:file=fips.c:line=229 > > > Integrity test Failed Incorrectly!! > > > > Well that error indicates the fingerprint error. The question is what is > > different about the two build processes? > > The difference seems to be in the sequence of building things. In the main > build, I do > > 1. fipscanister.o > 2. fips_algvs > 3. openssl + fipscanister.o module > > If I use the copy of fips_algvs tool generated in step 2, I get the error on > the > target system. > > The build is set up such that I have source and build output leftover in > debug > directories. If I go back manually to the debugging source for fips and do a > make build_algvs, like so > > 4. fips_algvs > > and use that copy of the tool, no error comes out on the target system. >
What sequence of commands do you use in each case? > Much head scratching. And I still don't know what "digests" are getting > compared > during this FIPS_mode_set step. What is an incore fingerprint anyway? > It is an integrity test required by FIPS 140-2, details are included in the security policy and user guide. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
