When attempting to verify the hmac signature of the file "openssl-fips-1.2.crossbuild.diff.gz" I get a wrong value. At least it's wrong when compared with the Security Policy document.
Also, the file when retrieved from the web is not compressed as the file name might imply, but merely a text format patch file. The patch works fine, but does not match the signature as published. When I check the signature of the file "openssl-fips-1.2.tar.gz" I do get the correct value. I attempt to compute the signature pf the crossbuild patch as published and get the following result: openssl sha1 -hmac etaonrishdlcupfm openssl-fips-1.2.crossbuild.diff.gz HMAC-SHA1(openssl-fips-1.2.crossbuild.diff.gz)= 304eb3fae1578bd46c6e30699d2bb53606f8dec2 Whats wrong ? Thanks in advance ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org