The official version of OpenSSL works fine when compiled against the
upstream FIPS module.
Yes, It's distribution specific and reverting the file fixed the issue.
Thanks for your time.
Regards,
Abdul
On 13-Aug-14 7:02 PM, Dr. Stephen Henson wrote:
On Wed, Aug 13, 2014, Abdul Anshad wrote:
I use the src rpm downloaded from
http://koji.fedoraproject.org/koji/buildinfo?buildID=551423 .
Inquired about this issue with one of the package maintainers from
koji.fedoraproject.org and following was his comment.
"Apparently the Known answer test for RSA X9.31 signatures
does not match anymore which is most probably caused by change in
rsa_eay.c introduced in 1.0.1i. The question is whether the change was
wrong or whether the known answer test value in the FIPS selftest is
wrong."
I reverted the file rsa_eay.c to the previous version ( 1.0.1h ) which fixed
the issue. Just wanted to share this in case if someone else is facing the same
issue with that src rpm.
Is this safe ?
Please check to see if the official version of OpenSSL exhibits this
behaviour. I've just tested 1.0.1 and don't get and problems entering FIPS
mode.
A change in rsa_eay.c in the OpenSSL sources should not affect the FIPS module
which has a separate implementation. I can only assume that the version you
are using is doing something strange and I can't really comment on
distribution specific changes.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org