Replies: 1 comment 2 replies
-
My assumption is that, in order to get this result, you have created a config file that explicitly loads and activates both the default and fips providers.
On the above assumption, and you are using the same config file, then this is the expected behaviour. The config file load and activates both the default and fips providers. You explicitly also load the fips provider via command line - but this has no effect because it was already loaded via config - and it does not suppress the already loaded default provider. |
Beta Was this translation helpful? Give feedback.
-
Hello
Can you please let me know if this an usage issue or a bug in openssl command line when multiple providers are listed, and we try to use fips provider:
I am checking this on OpenSSL 3.0.13 version with configuration as:
./Configure aix-cc enable-fips
make
make install
With only default provider, it works fine:
#/usr/local/bin/openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.13
status: active
#/usr/local/bin/openssl md5 test.txt
MD5(test.txt)= f5ac8127b3b6b85cdc13f237c6005d80
With only FIPS provider, it works fine:
#/usr/local/bin/openssl list -providers
Providers:
fips
name: OpenSSL FIPS Provider
version: 3.0.13
status: active
#/usr/local/bin/openssl md5 -provider fips test.txt
md5: Unknown option or message digest: md5
md5: Use -help for summary.
00000001:error:0308010C:digital envelope routines:(unknown function):unsupported:crypto/evp/evp_fetch.c:386:Global default library context, Algorithm (md5 : 102), Properties ()
Command is expected to fail as MD5 is not FIPS approved
With both default and FIPS provider:
#/usr/local/bin/openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.0.13
status: active
fips
name: OpenSSL FIPS Provider
version: 3.0.13
status: active
#/usr/local/bin/openssl md5 -provider fips test.txt
MD5(test.txt)= f5ac8127b3b6b85cdc13f237c6005d80
With -provider fips option, I expected command to give error, however it works fine.
Can you please let me know if this usage issue or a bug?
Thanks
Beta Was this translation helpful? Give feedback.
All reactions