On Mon, Mar 29, 2010, Susumu Sai wrote: > When I use FIPS capable OpenSSL through Java JNI, I got error: > "3392:error:2D06906F:FIPS routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint > does not match nonpic relocated:.\fips\fips.c:236" > which means it failed the base address check. > Based on OpenSSL FIPS document, I changed to use a different base address > such as 0x75000000, then yes it works. > Just wandering: > (1) Why FIPS capable OpenSSL is doing base address check? >
You only get the address check if the in core integrity check fails. The reason it does that is to provide a useful diagnostic as to why it has failed. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
