[Bug 1022874] New: fips.c(484): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE Aborted
http://bugzilla.suse.com/show_bug.cgi?id=1022874 Bug ID: 1022874 Summary: fips.c(484): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE Aborted Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: i586 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: holgerbruenjes@gmx.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Version Openssl 1.0.2k-288.12/17 with patch 41 Patch41: openssl-fips-dont_run_FIPS_module_installed.patch come from * Fri Sep 30 2016 vcizek@suse.com if the hmac files .libcrypto.so.1.0.0.hmac .libssl.so.1.0.0.hmac installed and no CRYPTO_FIPS enabled openssl is brocken in this situation Patch56: openssl-fips-selftests_in_nonfips_mode.patch has no effect, is worked for all releases before without the Patch41 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c1
Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c2
--- Comment #2 from Holger Bruenjes
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c3
Vítězslav Čížek
with patch 41 Patch41: openssl-fips-dont_run_FIPS_module_installed.patch
if the hmac files .libcrypto.so.1.0.0.hmac .libssl.so.1.0.0.hmac
installed and no CRYPTO_FIPS enabled openssl is brocken
I don't fully understand your setup, could you tell us more, how do you build openssl? And what is CRYPTO_FIPS here? I can't find such symbol anywhere. Couldn't the fips selftest failure be caused by incorrect .hmac files?
in this situation Patch56: openssl-fips-selftests_in_nonfips_mode.patch has no effect,
is worked for all releases before without the Patch41
In 1.0.2 it could have worked because due to bug 982268, the fips selftests weren't run at all. See below. (In reply to Holger Bruenjes from comment #2)
I participate from the excellent work of the suse maintainer and rebuild the src.rpm on 'eisfair'. In the last years I have no problems with this source and now the openssl lib bailed out. I can not read (bsc#982268), Access Denied; You are not authorized to access bug #982268.
Bug 982268 was about skipping fips initialization entirely, because we don't ship /etc/system-fips. Patch openssl-fips-dont_run_FIPS_module_installed.patch was added to reinstate the fips init. With it, openssl should behave as it did in the 1.0.1 version. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c4
--- Comment #4 from Holger Bruenjes
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c5
--- Comment #5 from Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c6
--- Comment #6 from Holger Bruenjes
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c7
--- Comment #7 from Holger Bruenjes
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c8
--- Comment #8 from Holger Bruenjes
http://bugzilla.suse.com/show_bug.cgi?id=1022874
http://bugzilla.suse.com/show_bug.cgi?id=1022874#c9
Vítězslav Čížek
participants (1)
-
bugzilla_noreply@novell.com