On Wed, Aug 13, 2014, Abdul Anshad wrote: > I use the src rpm downloaded from > http://koji.fedoraproject.org/koji/buildinfo?buildID=551423 . > > Inquired about this issue with one of the package maintainers from > koji.fedoraproject.org and following was his comment. > > "Apparently the Known answer test for RSA X9.31 signatures > does not match anymore which is most probably caused by change in > rsa_eay.c introduced in 1.0.1i. The question is whether the change was > wrong or whether the known answer test value in the FIPS selftest is > wrong." > > I reverted the file rsa_eay.c to the previous version ( 1.0.1h ) which fixed > the issue. Just wanted to share this in case if someone else is facing the > same issue with that src rpm. > > Is this safe ? >
Please check to see if the official version of OpenSSL exhibits this behaviour. I've just tested 1.0.1 and don't get and problems entering FIPS mode. A change in rsa_eay.c in the OpenSSL sources should not affect the FIPS module which has a separate implementation. I can only assume that the version you are using is doing something strange and I can't really comment on distribution specific changes. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
