Hi Experts,
Looking for some assistance. I’ve compiled one of the App in FIPs mode and while running the App. I’m getting fingerprint mismatch error. I’ve followed the standard procedure to build a FIPS module using OpenSSL UserGuide 2.0. But not sure what part is missing. :~$ openssl version OpenSSL 1.0.2q-fips 20 Nov 2018 :~$ (App version check Output) error initializing FIPS mode 0:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232: I followed the standard procedure to build the FIPS module. If I try running Openssl commands via FIPS enabled it didn’t give me any errors: root@haproxyOpenSSLFIPS-02:/home/ubuntu# OPENSSL_FIPS=1 openssl md5 xyz.txt Error setting digest md5 140197799200408:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: But if I try via app it initialize to fail due to fingerprint error: I compiled the app build via following make command: make TARGET=linux2628 USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 SSL_INC=/usr/local/ssl/include SSL_LIB=/usr/local/ssl/lib/ Where as FIPS module path is: /usr/local/ssl/fips-2.0 I’m thinking may be issue is at the path end while using make for haproxy (as above ^) but not sure. Here is ldd haproxy result: root@haproxyOpenSSLFIPS-02:/home/ubuntu/haproxy-1.9.2# ldd haproxy linux-vdso.so.1 => (0x00007ffcd331c000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fa12fef2000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fa12fcd8000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fa12fabb000) librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fa12f8b3000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fa12f6af000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007fa12f43f000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa12f075000) /lib64/ld-linux-x86-64.so.2 (0x00007fa13012a000)
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
