On 12/02/2016 03:45, cloud force wrote: > Hi, > > I built the FIPS capable OpenSSL library on Ubuntu 12.04. > When I run the command "OPENSSL_FIPS=1 openssl ciphers", I saw the > following error: > > 140073969415840:error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not > match:fips.c:232: > > I tried few other openssl commands under the FIPS mode and got all the > same error messages. The non-FIPS mode was working fine. > > What is the above error mean and what could have caused this error? This is the most severe FIPS error code, it means one of 3 things: 1. (official reason for this error code): Someone illegally modified the FIPS validated crypto code after it was compiled, do not use this computer until the cause has been thoroughly investigated and corrected. 2. (much more likely): The file containing the FIPS code (either lib/libcrypto.so.1.0.0 or the program you ran) was relocated to a different memory address this time than back when you ran fipsld to set the checksum (fingerprint). 3. (sometimes): You forgot to run fipsld to set the checksum (fingerprint). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160212/711b8bc8/attachment-0001.html>
