[openssl-users] Cannot initialize FIPS library in 1.0.2j but 1.0.2i is OK

Perrow, Graeme graeme.perrow at sap.com
Fri Oct 28 17:16:20 UTC 2016

I'm seeing a problem where my application cannot initialize the FIPS library (i.e. the call to FIPS_mode_set fails) when using 1.0.2j libraries. The error I get is: "FIPS_check_incore_fingerprint:fingerprint does not match:fips.c:232:" However if I build 1.0.2i libraries, everything is fine. I am using the same script to build both versions, and completely wiping the directories and re-creating from the .tar.gz files each time.

The weirdest thing is that if I build my application for 1.0.2i but replace 1.0.2i with the 1.0.2j code (just modifying the version number in the header files), everything works. If I build it for 1.0.2j but actually use 1.0.2i (again just changing the version number), it fails.

This is on 64-bit Linux. Other platforms (32-bit and 64-bit Windows, 32-bit Linux, Solaris, HP) are all working fine.

This seems to be a problem with *my* code but I have no idea how I could possibly cause this to happen. Any ideas?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161028/c3aa751a/attachment.html>

More information about the openssl-users mailing list