I just created https://github.com/openssl/openssl/issues/12496 for this.
Regards, Tom.III On Sat, Jul 18, 2020 at 1:06 AM Dr. Matthias St. Pierre < matthias.st.pie...@ncp-e.com> wrote: > Thomas, > > > > > I consider this a bug, of course, but at least now I know what's causing > it and how to work around it. > > > > thanks for sharing your analysis. Would you mind creating a GitHub issue > for the hang? > > > > https://github.com/openssl/openssl/issues > > > > Matthias > > > > > > > > *[image: NCP engingeering GmbH]* *Dr. Matthias St. Pierre* > > Senior Software Engineer > matthias.st.pie...@ncp-e.com > Phone: +49 911 9968-0 > www.ncp-e.com > > > * Follow us on:* Facebook <https://www.facebook.com/NCPengineering> | > Twitter <https://twitter.com/NCP_engineering> | Xing > <https://www.xing.com/companies/ncpengineeringgmbh> | YouTube > <https://www.youtube.com/user/NCPengineeringGmbH> | LinkedIn > <http://www.linkedin.com/company/ncp-engineering-inc.?trk=cws-cpw-coname-0-0> > > *Headquarters Germany: *NCP engineering GmbH • Dombuehler Str. 2 • 90449 > • Nuremberg > *North American HQ:* NCP engineering Inc. • 601 Cleveland Str., Suite > 501-25 • Clearwater, FL 33755 > > Authorized representatives: Peter Soell, Patrick Oliver Graf, Beate > Dietrich > Registry Court: Lower District Court of Nuremberg > Commercial register No.: HRB 7786 Nuremberg, VAT identification No.: DE > 133557619 > > This e-mail message including any attachments is for the sole use of the > intended recipient(s) and may contain privileged or confidential > information. Any unauthorized review, use, disclosure or distribution is > prohibited. If you are not the intended recipient, please immediately > contact the sender by reply e-mail and delete the original message and > destroy all copies thereof. > > <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen> > <https://www.ncp-e.com/de/aktuelles/events/veranstaltungen> > > *From:* openssl-users <openssl-users-boun...@openssl.org> *On Behalf Of > *Thomas > Dwyer III > *Sent:* Friday, July 17, 2020 6:57 PM > *To:* openssl-users <openssl-users@openssl.org> > *Subject:* [SOLVED] Re: OpenSSL 3.0 hangs at exit with FIPS provider > > > > It turns out the problem was caused by a misinterpretation of the phrase > "add the following lines near the beginning" in section 7.1 of the > documentation at https://wiki.openssl.org/index.php/OpenSSL_3.0 for > enabling FIPS support. I added these lines to the very top of the file: > > > > openssl_conf = openssl_init > > > > .include /usr/local/ssl/fipsmodule.cnf > > > > [openssl_init] > > providers = provider_sect > > > > [provider_sect] > > fips = fips_sect > > > > This caused the existing default section to now become part of the > [provider_sect] section. Apparently any name=value line in that particular > section where no [value] section exists causes OpenSSL to hang at exit when > the FIPS provider is used. I consider this a bug, of course, but at least > now I know what's causing it and how to work around it. > > > > Regarding how to confirm which provider is actually providing a given > algorithm, I found that EVP_MD_provider() returns NULL for any EVP_MD > obtained via EVP_get_digestbyname() (even after it's used successfully by > EVP_DigestInit_ex()) but it returns a valid OSSL_PROVIDER for any EVP_MD > obtained via EVP_MD_fetch(). Is this intentional? > > > > > > Tom.III > > >
