FIPS module loading problem on windows 10 (ms vc 2015)
Gregory Letaille
gletaille at gmail.com
Wed Jan 26 16:11:48 UTC 2022
Hi
I retrieved and compiled official openssl 3 version from openssl site
configure the project with such command line
perl Configure enable-fips VC-WIN32 --debug
--prefix=D:\outssl\Dll\x32\debug --openssldir=D:\outssl\ssl
nmake
nmake install
debug and release version tested
all seems fine even the compilation of fips.dll module
now I tried to create a command line too that just try to load the FIPS
provider
*OSSL_PROVIDER *fips;fips = OSSL_PROVIDER_load(NULL, "fips");*
in the output window of visual studio I can see that he fips.dll well
loaded then unloaded and fips pointer is returned as null
I tried to play with the openssl/cnf file that basically (without success)
configured as follow
*config_diagnostics = 1openssl_conf = openssl_init.include
d:\outssl\ssl\fipsmodule.cnf# Extra OBJECT IDENTIFIER info:# oid_file
= $ENV::HOME/.oidoid_section = new_oids[openssl_init]providers =
provider_sect[provider_sect]base = base_sectfips =
fips_sect[base_sect]activate = 1*
my d:\outssl\ssl\fipsmodule.cnf file is as follow
*[fips_sect]*
*#activate = 0 is the value documented to force FIPS in the code but I
also tried 1 without more success*
*activate = 0 conditional-errors = 1security-checks = 1module-mac =
B9:FB:80:43:6A:58:FC:89:23:19:83:9F:A8:CE:FE:ED:52:F0:DA:93:1C:B9:F7:57:0A:BB:F3:E4:B0:EE:93:C9*
I have the same problem in debug or release .
if I do the same test with the legacy provider fips pointer is not null
and seems correct
*fips = OSSL_PROVIDER_load(NULL, "Legacy");*
is someone have an idea of what is my problem
is threr some debug info that I can enabled or check to make some progress?
Thanks in advance
Greg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220126/ff06d6fc/attachment.htm>
More information about the openssl-users
mailing list