I tested this on 1.0.2g-1ubuntu4.3 using the openssl_fips_test.c that was attached. And all worked as expected and I received the expected error message. Thus verifying this issue has been resolved in 1.0.2g- 1ubuntu4.3,
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1588524 Title: FIPS_mode_set reports incorrect error message Status in openssl package in Ubuntu: Fix Released Bug description: Hi! Some integration tests we run attempt to enable FIPS mode in OpenSSL, and assert that either our software continues to work, or that the error message emitted by OpenSSL is related to missing the FIPS module. On Ubuntu 14.10, running FIPS_mode_set fails and produces an error like: 140225357260448:error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported:o_fips.c:92: On Ubuntu 16.04 running OpenSSL/libssl1.0.0 version 1.0.2g-1ubuntu4.1, FIPS_mode_set fails, but does not produce an error message. I have attached a C file which, when executed on both these platforms, will demonstrate this behavior. I believe this may have been introduced by this ticket: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1553309 It provides a patch called openssl-1.0.2g-ubuntu-fips-cleanup.patch which includes this statement: +@@ -443,6 +430,7 @@ int FIPS_module_mode_set(int onoff, const char *auth) + fips_selftest_fail = 0; + ret = 1; + end: ++ ERR_clear_error(); /* clear above err msg; fips mode disabled for now */ + fips_clear_owning_thread(); + fips_w_unlock(); + return ret; This appears to be clearing the error messages we're asserting on before returning from FIPS_module_mode_set. For reference, here is our ticket where we are tracking this issue: https://jira.mongodb.org/browse/SERVER-24350 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1588524/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
