(no subject)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

(no subject)

Nagarjun J
Hi,

I am building Nginx application with openssl-3.0.0, i have added below code in main function of nginx application to load fips provider,

  OSSL_PROVIDER *fips;
       OSSL_PROVIDER *base;

       fips = OSSL_PROVIDER_load(NULL, "fips");
       if (fips == NULL) {
           printf("Failed to load FIPS provider\n");
           exit(EXIT_FAILURE);
       }
       base = OSSL_PROVIDER_load(NULL, "base");
       if (base == NULL) {
           OSSL_PROVIDER_unload(fips);
           printf("Failed to load base provider\n");
           exit(EXIT_FAILURE);
       }

but when I start the application it's giving Failed to load FIPS provider error , with initial debugging I found SELF_TEST_post is failing in below code st->module_checksum_data in null and returning  error.

    if (st == NULL
            || st->module_checksum_data == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
        goto end;
    }

Anything I am missing here?

Regards,
Nagarjun



Reply | Threaded
Open this post in threaded view
|

Re:

Paul Nelson
You may have not run the openssl fipsinstall command.  

You should be able to perform ‘make install_fips’ after you do a make install. Then check your openssl.conf file and make sure it has the proper fipsmodule.cnf filename and loads the providers you want.

On Feb 17, 2021, at 10:26 AM, Nagarjun J <[hidden email]> wrote:

Hi,

I am building Nginx application with openssl-3.0.0, i have added below code in main function of nginx application to load fips provider,

  OSSL_PROVIDER *fips;
       OSSL_PROVIDER *base;

       fips = OSSL_PROVIDER_load(NULL, "fips");
       if (fips == NULL) {
           printf("Failed to load FIPS provider\n");
           exit(EXIT_FAILURE);
       }
       base = OSSL_PROVIDER_load(NULL, "base");
       if (base == NULL) {
           OSSL_PROVIDER_unload(fips);
           printf("Failed to load base provider\n");
           exit(EXIT_FAILURE);
       }

but when I start the application it's giving Failed to load FIPS provider error , with initial debugging I found SELF_TEST_post is failing in below code st->module_checksum_data in null and returning  error.

    if (st == NULL
            || st->module_checksum_data == NULL) {
        ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
        goto end;
    }

Anything I am missing here?

Regards,
Nagarjun