>> When I use FIPS capable OpenSSL through Java JNI, I got error:
>> "3392:error:2D06906F:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint
>> does not match nonpic relocated:.\fips\fips.c:236"
>> which means it failed the base address check.
>> Based on OpenSSL FIPS document, I changed to use a different base
address
>> such as 0x75000000, then yes it works.
>> Just wandering:
>> (1) Why FIPS capable OpenSSL is doing base address check?
>>
>
> You only get the address check if the in core integrity check fails.
The
> reason it does that is to provide a useful diagnostic as to why it has
failed.
>
I succeded in getting this to work using fipsld and also including the
link option "-Wl,-Bsymbolic", this was from thread in
"mailing.openssl.users " titled "FIPS compliant shared object Options"
but to be honest I'm not 100% sure if this still creates a valid FIPS
shared library that can be used in a project requiring full FIPS 140-2
compliance?
--
Iain
