FIPS module loading problem on windows 10 (ms vc 2015)
Matt Caswell
matt at openssl.org
Wed Jan 26 16:23:25 UTC 2022
You might want to dump out the OpenSSL error queue to see if there are
any hints.
For example:
ERR_print_errors_fp(stdout);
Matt
On 26/01/2022 16:11, Gregory Letaille wrote:
> Hi
>
> I retrieved and compiled official openssl 3 version from openssl site
> configure the project with such command line
>
> perl Configure enable-fips VC-WIN32 --debug
> --prefix=D:\outssl\Dll\x32\debug --openssldir=D:\outssl\ssl
>
> nmake
> nmake install
>
> debug and release version tested
>
> all seems fine even the compilation of fips.dll module
>
> now I tried to create a command line too that just try to load the FIPS
> provider
>
> *OSSL_PROVIDER *fips;
> fips = OSSL_PROVIDER_load(NULL, "fips");
> *
>
> in the output window of visual studio I can see that he fips.dll well
> loaded then unloaded and fips pointer is returned as null
>
>
> I tried to play with the openssl/cnf file that basically (without
> success) configured as follow
> *
> config_diagnostics = 1
> openssl_conf = openssl_init
>
> .include d:\outssl\ssl\fipsmodule.cnf
>
>
> # Extra OBJECT IDENTIFIER info:
> # oid_file = $ENV::HOME/.oid
> oid_section = new_oids
>
> [openssl_init]
> providers = provider_sect
>
> [provider_sect]
> base = base_sect
> fips = fips_sect
>
> [base_sect]
> activate = 1*
>
>
> my d:\outssl\ssl\fipsmodule.cnf file is as follow
>
> *[fips_sect]*
> *#activate = 0 is the value documented to force FIPS in the code but I
> also tried 1 without more success**
> activate = 0
> conditional-errors = 1
> security-checks = 1
> module-mac =
> B9:FB:80:43:6A:58:FC:89:23:19:83:9F:A8:CE:FE:ED:52:F0:DA:93:1C:B9:F7:57:0A:BB:F3:E4:B0:EE:93:C9*
> *
> *
> I have the same problem in debug or release .
> if I do the same test with the legacy provider fips pointer is not
> null and seems correct
> *fips = OSSL_PROVIDER_load(NULL, "Legacy");*
>
> is someone have an idea of what is my problem
> is threr some debug info that I can enabled or check to make some progress?
>
>
> Thanks in advance
>
> Greg
>
>
> *
> *
>
>
More information about the openssl-users
mailing list