[openssl-users] FIPS mode errors
Jakob Bohm
jb-openssl at wisemo.com
Fri Feb 12 07:34:45 UTC 2016
On 12/02/2016 03:45, cloud force wrote:
> Hi,
>
> I built the FIPS capable OpenSSL library on Ubuntu 12.04.
> When I run the command "OPENSSL_FIPS=1 openssl ciphers", I saw the
> following error:
>
> 140073969415840:error:2D06B06F:FIPS
> routines:FIPS_check_incore_fingerprint:fingerprint does not
> match:fips.c:232:
>
> I tried few other openssl commands under the FIPS mode and got all the
> same error messages. The non-FIPS mode was working fine.
>
> What is the above error mean and what could have caused this error?
This is the most severe FIPS error code, it means one of
3 things:
1. (official reason for this error code): Someone illegally
modified the FIPS validated crypto code after it was
compiled, do not use this computer until the cause has
been thoroughly investigated and corrected.
2. (much more likely): The file containing the FIPS code
(either lib/libcrypto.so.1.0.0 or the program you ran)
was relocated to a different memory address this time
than back when you ran fipsld to set the checksum
(fingerprint).
3. (sometimes): You forgot to run fipsld to set the
checksum (fingerprint).
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160212/711b8bc8/attachment-0001.html>
More information about the openssl-users
mailing list