Sorry, only after I wrote the message, I understood that you didn’t use FIPS mode. I don’t use your binaries. I built it according to the wiki ( http://wiki.openssl.org/index.php/FIPS_Library_and_Android <http://wiki.openssl.org/index.php/FIPS_Library_and_Android> ). I found the answer to my question here: https://www.ngxo.com/thread/11534124 <https://www.ngxo.com/thread/11534124> If doing a static library build, fipsld tool needs to be run to add the correct fingerprint at link time.
If doing a shared library build, this gets done automatically behind the scenes. Now I try to understand it. > On Feb 5, 2015, at 15:36, Emile Belanger <[email protected]> wrote: > > I have not used OpenSSL in FIPS mode before, but the library is NOT built > with the FIPS module. Possibly the error is due to this? > > On Thursday, February 5, 2015 at 1:20:52 PM UTC, Yuri Glick wrote: > I understood. > > How did you integrate your built OpenSSL binaries to a android project? > I wrote wrapper.c file and build wrapper.so file on the same linux. > Now I renamed the wrapper.so to the libwrapper.so and copied to > <my_project>/libs/armeabi/ > Now I wrote java class: > > public class OpenSslJniWrapper { > > static { > try { > System.loadLibrary("wrapper"); > } catch (Throwable e) { > Log.e("TEST", "wrapper FAILED", e); > } > } > > public native String testGetString(String msg); > public native int enableFipsMode(); > } > > > And in Application class I call the method enableFipsMode(). > > But I received the runtime error: > OpenSslJniWrapper errorCode 755413103, errror FIPS_mode_set failed: 2d06b06f. > Reason: error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not match > > What am I do wrong? > >> On Feb 5, 2015, at 14:55, Emile Belanger <[email protected] <javascript:>> >> wrote: >> >> For clarifcation it was built using this: >> http://wiki.openssl.org/index.php/Android >> <http://wiki.openssl.org/index.php/Android> >> Not in FIPS mode. >> I personally built it because I needed a few crypto functions >> >> On Thursday, February 5, 2015 at 10:41:21 AM UTC, Emile Belanger wrote: >> If you are getting warning about OpenSSL here is the latest version built >> for x86 and Arm: >> >> https://github.com/emileb/OpenSSL-for-Android-Prebuilt >> <https://github.com/emileb/OpenSSL-for-Android-Prebuilt> >> >> Hopefully useful to someone. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> Visit this group at http://groups.google.com/group/android-security-discuss >> <http://groups.google.com/group/android-security-discuss>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to > [email protected] > <mailto:[email protected]>. > Visit this group at http://groups.google.com/group/android-security-discuss > <http://groups.google.com/group/android-security-discuss>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/d/optout.
