[openssl-users] FIPS mode errors

Jakob Bohm jb-openssl at wisemo.com
Fri Feb 12 07:34:45 UTC 2016


On 12/02/2016 03:45, cloud force wrote:
> Hi,
>
> I built the FIPS capable OpenSSL library on Ubuntu 12.04.
> When I run the command "OPENSSL_FIPS=1 openssl ciphers", I saw the 
> following error:
>
> 140073969415840:error:2D06B06F:FIPS 
> routines:FIPS_check_incore_fingerprint:fingerprint does not 
> match:fips.c:232:
>
> I tried few other openssl commands under the FIPS mode and got all the 
> same error messages. The non-FIPS mode was working fine.
>
> What is the above error mean and what could have caused this error?
This is the most severe FIPS error code, it means one of
3 things:

1. (official reason for this error code): Someone illegally
   modified the FIPS validated crypto code after it was
   compiled, do not use this computer until the cause has
   been thoroughly investigated and corrected.

2. (much more likely): The file containing the FIPS code
   (either lib/libcrypto.so.1.0.0 or the program you ran)
   was relocated to a different memory address this time
   than back when you ran fipsld to set the checksum
   (fingerprint).

3. (sometimes): You forgot to run fipsld to set the
   checksum (fingerprint).



Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160212/711b8bc8/attachment-0001.html>


More information about the openssl-users mailing list