You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using this dockerfile to build openssl FIPS (the latest approved module 3.0.9 and it is used with newer openSSLs).
I wrote a simple test application https://gist.github.com/oxpa/4fb1619513d350250b4d4e363ad611fa (which is more or less copypaste from nginx). The application can be built and works for alpine 3.19.1 with and without FIPS module enabled.
But when run with 3.19-stable or 3.20 and FIPS enabled - the application fails with "add1 hkdf info failed" message.
Looking through changelog from openssl 3.1.4 to 3.1.6 I found this issue: openssl/openssl#23448 .
If I build openssl with the patch reverted then the test application works well.
I ran into this issue with only alpine, probably, because alpine has the most fresh openssl or all OSs I'm using.
I'm not sure if the issue is fixed in the latest openssl. Just to be sure, I'll create a similar issue with openssl and leave it here in a comment.
Finally, I'm not quite sure you can fix the issue but I hope seeing this issue may help others
Cheers.
The text was updated successfully, but these errors were encountered:
Hello,
I'm using this dockerfile to build openssl FIPS (the latest approved module 3.0.9 and it is used with newer openSSLs).
I wrote a simple test application https://gist.github.com/oxpa/4fb1619513d350250b4d4e363ad611fa (which is more or less copypaste from nginx). The application can be built and works for alpine 3.19.1 with and without FIPS module enabled.
But when run with 3.19-stable or 3.20 and FIPS enabled - the application fails with "add1 hkdf info failed" message.
Looking through changelog from openssl 3.1.4 to 3.1.6 I found this issue: openssl/openssl#23448 .
If I build openssl with the patch reverted then the test application works well.
I ran into this issue with only alpine, probably, because alpine has the most fresh openssl or all OSs I'm using.
I'm not sure if the issue is fixed in the latest openssl. Just to be sure, I'll create a similar issue with openssl and leave it here in a comment.
Finally, I'm not quite sure you can fix the issue but I hope seeing this issue may help others
Cheers.
The text was updated successfully, but these errors were encountered: