Alpine 3.19.2/openssl 3.1.6 and alpine 3.20 has FIPS broken for nginx. #406
Comments
|
As pointed out in the openssl issue: applying the patch from openssl/openssl#24661 fixes the issue. |
|
Firstly, this is a wrong place to report the issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
I'm using this dockerfile to build openssl FIPS (the latest approved module 3.0.9 and it is used with newer openSSLs).
I wrote a simple test application https://gist.github.com/oxpa/4fb1619513d350250b4d4e363ad611fa (which is more or less copypaste from nginx). The application can be built and works for alpine 3.19.1 with and without FIPS module enabled.
But when run with 3.19-stable or 3.20 and FIPS enabled - the application fails with "add1 hkdf info failed" message.
Looking through changelog from openssl 3.1.4 to 3.1.6 I found this issue: openssl/openssl#23448 .
If I build openssl with the patch reverted then the test application works well.
I ran into this issue with only alpine, probably, because alpine has the most fresh openssl or all OSs I'm using.
I'm not sure if the issue is fixed in the latest openssl. Just to be sure, I'll create a similar issue with openssl and leave it here in a comment.
Finally, I'm not quite sure you can fix the issue but I hope seeing this issue may help others
Cheers.
The text was updated successfully, but these errors were encountered: