OpenSSL 3.0 hangs at exit with FIPS provider
matt at openssl.org
Mon Jul 20 11:45:02 UTC 2020
On 15/07/2020 18:20, Thomas Dwyer III wrote:
> Platform: Linux x86_64
> I understand this is still alpha but how complete is the FIPS provider
> right now?
Please could you raise this as a github issue so that it can be properly
investigated and tracked?
> When I run this it prints "finished!" and then hangs in some kind of
> spin loop consuming 100% CPU. Skipping the call to EVP_DigestInit_ex()
> allows it to exit successfully, as does inserting a call to
> OPENSSL_init_crypto() at the very top with the OPENSSL_INIT_NO_ATEXIT
> flag. Passing "default" instead of "fips" to OSSL_PROVIDER_load() also
> seems to work fine. What am I missing?
> Also, per section 7.8 of the wiki referenced above, I'm unable to
> confirm that the digest algorithm I want to use is being provided by the
> FIPS module. EVP_MD_provider(md) returns NULL even though the actual
> digest is computed correctly.
You need to explicitly fetch your md using EVP_MD_fetch(). The md you
are using at the moment has no associated provider - one is implicitly
fetched and used during the EVP_DigestInit_ex() call - but that doesn't
affect the md object. By using "EVP_MD_fetch()" you can make the fetch
explicit and EVP_MD_provider() should return the expected results.
More information about the openssl-users