Fingerprint mismatch only for 32-bit DLL linked statically to FIPS Capable OpenSSL

Neptune pdrotter at us.ibm.com
Wed Dec 4 20:52:23 UTC 2019


I ran into the same issue on my FIPS journey a few years ago. I'm assuming
you are building for windows in which case setting the /FIXED flag is the
right thing to do, however you cannot be guaranteed to get the address you
specify - it may already be occupied in which case the dll will be re-based
and then you're bound to get a fingerprint mismatch.
I used the Process Explorer tool to verify that when my dll loaded, the
address it wanted was already occupied. I would suggest you do the same as a
first step to make sure this is actually the problem you are experiencing.
Unfortunately, I don't believe there is any way to guarantee that your dll
will not be re-based using FIPS in 32-bit Windows dlls...it's a bit of a
game of chance.



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html


More information about the openssl-users mailing list