On 15/07/2020 18:20, Thomas Dwyer III wrote: > Platform: Linux x86_64 > > I understand this is still alpha but how complete is the FIPS provider > right now? Fairly complete. Please could you raise this as a github issue so that it can be properly investigated and tracked? > When I run this it prints "finished!" and then hangs in some kind of > spin loop consuming 100% CPU. Skipping the call to EVP_DigestInit_ex() > allows it to exit successfully, as does inserting a call to > OPENSSL_init_crypto() at the very top with the OPENSSL_INIT_NO_ATEXIT > flag. Passing "default" instead of "fips" to OSSL_PROVIDER_load() also > seems to work fine. What am I missing? > > Also, per section 7.8 of the wiki referenced above, I'm unable to > confirm that the digest algorithm I want to use is being provided by the > FIPS module. EVP_MD_provider(md) returns NULL even though the actual > digest is computed correctly. You need to explicitly fetch your md using EVP_MD_fetch(). The md you are using at the moment has no associated provider - one is implicitly fetched and used during the EVP_DigestInit_ex() call - but that doesn't affect the md object. By using "EVP_MD_fetch()" you can make the fetch explicit and EVP_MD_provider() should return the expected results. Matt > > > Thanks, > Tom.III > >
