This looks like you're actually trying to use the config file for OpenSSL-3.0 with OpenSSL-1.1.1 which does not understand the providers module and tries to load it as a conf shared library module. I'd suggest using different --openssldir= when configuring the openssl- 3.0 build if you need both openssl-3.0 and openssl-1.1.1 in your system. Tomas Mraz On Thu, 2022-10-20 at 05:26 +0000, Gahlot, Ashish Kumar wrote: > Hi everyone, > > I'm trying to enable fips provider in openssl3 by writing the > following lines into openssl.cnf file: > > openssl_conf = openssl_init > > .include fipsmodule.cnf > > [openssl_init] > providers = provider_sect > > [provider_sect] > fips = fips_sect > base = base_sect > > [base_sect] > activate = 1 > > Now when it is enabled, there is an error in syslog that > libproviders.so file not found: > > DSO support routines:dlfcn_load:could not load the shared > library:crypto/dso/dso_dlfcn.c:118:filename(libproviders.so): > libproviders.so: cannot open shared object file: No such file or > directory > 140666570000192:error:25070067:DSO support routines:DSO_load:could > not load the shared library:crypto/dso/dso_lib.c:162: > 140666570000192:error:0E07506E:configuration file > routines:module_load_dso:error loading > dso:crypto/conf/conf_mod.c:224:module=providers, path=providers > 140666570000192:error:0E076071:configuration file > routines:module_run:unknown module > name:crypto/conf/conf_mod.c:165:module=providers > > And this seems to be a common issue in openssl3. I have seen > solutions like commenting outprovider_sect but I think I would need > it to enable fips provider. Is there any working solution for this? > > Thank you, > Ashish > > Notice: This e-mail together with any attachments may contain > information of Ribbon Communications Inc. and its Affiliates that is > confidential and/or proprietary for the sole use of the intended > recipient. Any review, disclosure, reliance or distribution by others > or forwarding without express permission is strictly prohibited. If > you are not the intended recipient, please notify the sender > immediately and then delete all copies, including any attachments. -- Tomáš Mráz, OpenSSL
