OpenSSL3 unloading and re-loading the FIPS provider after it enters error state

Cristian Andrei Sandu cristians at
Mon Dec 6 15:49:13 UTC 2021

Hi guys,

Is there any way I can re-load the FIPS provider after it reached its error state? I'd like to do it without restarting the process. (If it matters, I'm already using a non-default library context with a separate configuration file that I load with OSSL_LIB_CTX_load_config()).

I'd like to be able to explicitly load the provider with OSSL_PROVIDER_load(), call OSSL_PROVIDER_self_test() with a corrupted test, unload the provider, re-load it and run OSSL_self_test() again without the previous corrupted test. (all of these without killing the process)
Which approach would you recommend?

Cristian Sandu
This email message and any attachments are intended solely for the use of the addressees hereof. 
This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law.
If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission.
If you have received this message in error, please promptly notify the sender at Ceragon by reply E-mail and immediately delete this message from your system.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list