On 12/02/2016 03:45, cloud force wrote:
Hi,
I built the FIPS capable OpenSSL library on Ubuntu 12.04.
When I run the command "OPENSSL_FIPS=1 openssl ciphers", I saw the
following error:
140073969415840:error:2D06B06F:FIPS
routines:FIPS_check_incore_fingerprint:fingerprint does not
match:fips.c:232:
I tried few other openssl commands under the FIPS mode and got all the
same error messages. The non-FIPS mode was working fine.
What is the above error mean and what could have caused this error?
This is the most severe FIPS error code, it means one of
3 things:
1. (official reason for this error code): Someone illegally
modified the FIPS validated crypto code after it was
compiled, do not use this computer until the cause has
been thoroughly investigated and corrected.
2. (much more likely): The file containing the FIPS code
(either lib/libcrypto.so.1.0.0 or the program you ran)
was relocated to a different memory address this time
than back when you ran fipsld to set the checksum
(fingerprint).
3. (sometimes): You forgot to run fipsld to set the
checksum (fingerprint).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
