[openssl-users] Building FIP enabled OpenSSL fails in Yocto-ARM build

Jayalakshmi bhat bhat.jayalakshmi at gmail.com
Thu May 3 15:25:39 UTC 2018


Hi All,

In addition to the my previous mail, this is additional info

objdump -t libcrypto.so.1.0.0 | grep FIPS_signature
001ad8b0 l     O .data  00000014              FIPS_signature

readelf -a libcrypto.so.1.0.0 | grep FIPS_signature
11812: 001ad8b0    20 OBJECT  LOCAL  DEFAULT   23 FIPS_signature


Regards
Jayalakshmi

On Thu, May 3, 2018 at 7:39 PM, Jayalakshmi bhat <bhat.jayalakshmi at gmail.com
> wrote:

> Hi All,
>
> I am building FIPS supported OpenSSL in yocto for ARM architecture. I
> tried using openssl-fips-2.0.13 and openssl-fips-2.0.4
>
>
> I am building FIPS externally with the below environmental  settings
> ------------------------ ------------------------ ------------------------
> ------------------------ ------------------------
> PATH=/yocto/gcc/gcc-linaro-4.9-2016.02-x86_64_arm-linux-
> gnueabihf/bin:$PATH
>
> export PATH
> export FIPS_SIG=/yocto/openssl-fips-2.0.4/util/incore
> export MACHINE=armv71
> export RELEASE=4.9.13
> export SYSTEM=Linux
> export ARCH=arm
> export CROSS_COMPILE=arm-linux-gnueabihf-
> export HOSTCC=gcc
> export FIPSDIR=/yocto/meta/recipes-connectivity/openssl/fips2.0
>
> Build commands for FIPS library
>
> ./config -mfloat-abi=hard
> make
> make install
> ------------------------
>
> Then I am building OpenSSL 1.0.2h with the below environment settings
>
> export FIPSDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0"
> export FIPSLIBDIR="/yocto/meta/recipes-connectivity/openssl/fips2.0/lib/"
> export FIPS_SIG="/yocto/meta/recipes-connectivity/openssl/fips2.0/
> bin/incore"
>
> Build command to build OpenSSL.
>
> perl ./Configure ${EXTRA_OECONF} fips shared --with-fipsdir=${FIPSDIR}
> --prefix=$useprefix --openssldir=${libdir}/ssl --libdir=`basename
> ${libdir}` $target
>
> Build is successful. without any error.  But when I try executing
>
> export OPENSSL_FIPS=1
> openssl -v
>
> I am getting
>
> 3069334736:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint
> does not match:fips.c:244
>
> I am not understand what could be going wrong. Any help is appreciated
>
> Regards
> Jayalakshmi
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180503/13b308d7/attachment.html>


More information about the openssl-users mailing list