[openssl-users] 755413103 error on fingerprint match
Brian Jost
brian at virtru.com
Wed Aug 3 18:56:20 UTC 2016
Update on this. Here is the log from my app. Any idea why my calculated sig
is 000000000...?
2016-08-03 11:47:49.988 App[32127:2253410] FIPS_mode_set failed: 755413103
2016-08-03 11:47:49.988 App[32127:2253410] Embedded sig:
7363808352b3d84a797c91df813afcb58bf924b4
2016-08-03 11:47:49.988 App[32127:2253410] Calculated sig:
0000000000000000000000000000000000000000
Here is my code inside of my main.m files for my ios app
int mode = FIPS_mode(), ret = 0;
unsigned long err = 0;
if(mode == 0)
{
ret = FIPS_mode_set(1 /*on*/);
err = ERR_get_error();
}
else
{
ret = FIPS_mode_set(0 /*off*/);
err = ERR_get_error();
}
if(1 != ret)
NSLog(@"FIPS_mode_set failed: %lu", err);
NSMutableString* f1 = [NSMutableString stringWithCapacity:MAGIC_20*2 + 8];
for(unsigned int i = 0; i < MAGIC_20; i++)
[f1 appendFormat:@"%02x", FIPS_signature[i]];
NSLog(@"Embedded sig: %@", f1);
unsigned char calculated[20] = {};
unsigned int ret2 = FIPS_incore_fingerprint(calculated, sizeof(calculated));
if(ret2 != MAGIC_20)
{
// Failure - wipe it.
// Default is 0x00. We use 0xFF to differentiate
memset(calculated, 0xFF, sizeof(calculated));
}
NSMutableString* f2 = [NSMutableString stringWithCapacity:MAGIC_20*2 + 8];
for(unsigned int j = 0; j < MAGIC_20; j++)
[f2 appendFormat:@"%02x", calculated[j]];
NSLog(@"Calculated sig: %@", f2);
On Wed, Aug 3, 2016 at 10:39 AM, Brian Jost <brian at virtru.com> wrote:
> I modified a script to get a FIPS compliant iOS library and am having
> issues with the fingerprint. I had to add a CPU adjustment to the
> incore_macho but I wouldn't think that would cause a FIPS fingerprint
> mismatch.
>
> https://gist.github.com/jostster/ebbc6925c668b632d8b185293080256c
>
> Does anyone have any thoughts how to overcome this error so that I can
> have a FIPS compliant iOS library for armv7, armv7s and arm64?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160803/075cbadb/attachment-0001.html>
More information about the openssl-users
mailing list