Fingerprint mismatch only for 32-bit DLL linked statically to FIPS Capable OpenSSL
Dipak B
deepak.redmi2 at gmail.com
Wed Dec 4 20:03:56 UTC 2019
*Appreciate any help on the following.*
1.
Built OpenSSL Fips Module and then 'static binaries' of FIPS capable
OSSL which 'statically link to the windows run-time'. Thus, my application
binary (FipsApp.exe) does not depend on OSSL DLLs.
2.
Consumed these static binaries namely (libeaycompat32.lib,
libeayfips32.lib and ssleay32.lib) into myapp.dll using msincore.pl.
3.
FipsApp.exe calls function foo() inside myapp.dll which executes
FIPS_mode_set() which returns (100:error:2D06B06F:lib(45):func(107):
reason (111):/FIPS/FIPS.c:232)
Result
1.
On executing 64-bit FipsApp.exe, the FIPS mode gets set and working with
64-bit myapp.dll
2.
But on executing 32-bit FipsApp.exe which uses 32-bit myapp.dll with
same configuration, FIPS_mode_set() fails with reason 111 (Fingerprint
mismatch)
Attempted
Since above 32-bit myapp.dll did not work, some additional configuration
changes were made.
1.
ReBuilt 32-bit myapp.dll with above LFLAGS "/DynamicBase:No /Fixed".
Here default base address gets used for myapp.dll
2.
ReBuilt 32-bit myapp.dll with base address of 0xFB00000. (OSSL does same
thing for FIPS dlls)
3.
Checking out following
http://openssl.6102.n7.nabble.com/FIPS-Static-Library-linked-into-Win32-Dll-builds-but-fails-self-test-td63011.html
But 32-bit myapp DLL does always fail with fingerprint mismatch.
Question
How do I get 32-bit myapp.dll working in FIPS mode? FIPS_mode_set()
returns (100:error:2D06B06F:lib(45):func(107):
reason (111):/FIPS/FIPS.c:232)
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20191205/0348088a/attachment-0001.html>
More information about the openssl-users
mailing list