[Bug 1022874] fips.c(484): OpenSSL internal error, assertion failed: FATAL FIPS SELFTEST FAILURE Aborted

http://bugzilla.suse.com/show_bug.cgi?id=1022874 http://bugzilla.suse.com/show_bug.cgi?id=1022874#c3 Vítězslav Čížek changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vcizek@suse.com --- Comment #3 from Vítězslav Čížek --- (In reply to Holger Bruenjes from comment #0)

with patch 41 Patch41: openssl-fips-dont_run_FIPS_module_installed.patch

if the hmac files .libcrypto.so.1.0.0.hmac .libssl.so.1.0.0.hmac

installed and no CRYPTO_FIPS enabled openssl is brocken

I don't fully understand your setup, could you tell us more, how do you build openssl? And what is CRYPTO_FIPS here? I can't find such symbol anywhere. Couldn't the fips selftest failure be caused by incorrect .hmac files?

in this situation Patch56: openssl-fips-selftests_in_nonfips_mode.patch has no effect,

is worked for all releases before without the Patch41

In 1.0.2 it could have worked because due to bug 982268, the fips selftests weren't run at all. See below. (In reply to Holger Bruenjes from comment #2)

I participate from the excellent work of the suse maintainer and rebuild the src.rpm on 'eisfair'. In the last years I have no problems with this source and now the openssl lib bailed out. I can not read (bsc#982268), Access Denied; You are not authorized to access bug #982268.

Bug 982268 was about skipping fips initialization entirely, because we don't ship /etc/system-fips. Patch openssl-fips-dont_run_FIPS_module_installed.patch was added to reinstate the fips init. With it, openssl should behave as it did in the 1.0.1 version. -- You are receiving this mail because: You are on the CC list for the bug.