I assume that, after building the openssl library you ran openssl fipsinstall? i.e. you're not just using a previously generated fipsmodule.cnf file? The above errors initially seem like self tests failed on the fips provider load, suggesting that the module-mac or install-mac is incorrect in your config 'Neil
On Fri, May 24, 2024 at 2:05 AM murugesh pitchaiah < murugesh.pitcha...@gmail.com> wrote: > Hi, > > Need your help on using openssl fips provider programmatically with > openssl 3.0.9. > > Error seen: > > *80D1CD65667F0000:error:1C8000D4:Provider routines:SELF_TEST_post:invalid > state:../openssl-3.0.9/providers/fips/self_test.c:262:* > *80D1CD65667F0000:error:1C8000D8:Provider > routines:OSSL_provider_init_int:self test post > failure:../openssl-3.0.9/providers/fips/fipsprov.c:707:* > *80D1CD65667F0000:error:078C0105:common libcrypto > routines:provider_init:init > fail:../openssl-3.0.9/crypto/provider_core.c:932:name=fips* > *Error loading FIPS provider.* > > > Steps: > > Followed the steps @ > https://www.openssl.org/docs/man3.0/man7/fips_module.html > <https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fman3.0%2Fman7%2Ffips_module.html&data=05%7C02%7Cmpitchaiah%40extremenetworks.com%7Caf52a4e39993457c861108dc7bb5aaa9%7Cfc8c2bf6914d4c1fb35246a9adb87030%7C0%7C0%7C638521267407330615%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=w2QJpyWjNlvURzzptRoMSWDUkPSwgmttzBDysV5B4Cs%3D&reserved=0> > > #include <openssl/provider.h> > > > > int main(void) > > { > > OSSL_PROVIDER *fips; > > OSSL_PROVIDER *base; > > > > fips = OSSL_PROVIDER_load(NULL, "fips"); > > if (fips == NULL) { > > printf("Failed to load FIPS provider\n"); > > exit(EXIT_FAILURE); > > } > > base = OSSL_PROVIDER_load(NULL, "base"); > > if (base == NULL) { > > OSSL_PROVIDER_unload(fips); > > printf("Failed to load base provider\n"); > > exit(EXIT_FAILURE); > > } > > > > /* Rest of application */ > > > > OSSL_PROVIDER_unload(base); > > OSSL_PROVIDER_unload(fips); > > exit(EXIT_SUCCESS); > > } > > > More info: > > > /usr/bin # openssl version -d > > OPENSSLDIR: "/usr/lib/ssl-3" > > /exos/bin # openssl version -a > > OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023) > > built on: Tue May 30 12:31:57 2023 UTC > > platform: linux-x86_64 > > options: bn(64,64) > > compiler: x86_64-poky-linux-gcc -m64 -fstack-protector-strong -O2 > -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security > --sysroot=recipe-sysroot -O2 -pipe -g -feliminate-unused-debug-types > -fmacro-prefix-map= -fdebug-prefix-map= > -fdebug-prefix-map= -fdebug-prefix-map= > -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_BUILDING_OPENSSL > -DNDEBUG > > OPENSSLDIR: "/usr/lib/ssl-3" > > ENGINESDIR: "/usr/lib/engines-3" > > MODULESDIR: "/usr/lib/ossl-modules" > > Seeding source: os-specific > > CPUINFO: N/A > > > Attached the openssl and fips conf. > > > Could you guys please check and share what is missing here? Any help would > be appreciated. > > > Thanks, > > Murugesh > > >
