Bug 1219384

Summary: [Build 20240130] openQA test fails in openssl_fips_cipher
Product: [openSUSE] openSUSE Tumbleweed Reporter: Dominique Leuenberger <dimstar>
Component: OtherAssignee: Otto Hollmann <otto.hollmann>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: fvogt, guillaume.gardet
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://openqa.opensuse.org/tests/3905406/modules/openssl_fips_cipher/steps/6
Whiteboard:
Found By: openQA Services Priority:
Business Priority: Blocker: Yes
Marketing QA Status: --- IT Deployment: ---

Description Dominique Leuenberger 2024-01-31 08:19:46 UTC 
## Observation

openssl has split out the fips providers. Trying to use openssl with fips results in

FATAL: Startup failure (dev note: apps_startup()) for openssl
40C7BD59537F0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/ossl-modules/fips.so): /usr/lib64/ossl-modules/fips.so: cannot open shared object file: No such file or directory
40C7BD59537F0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:152:
40C7BD59537F0000:error:07880025:common libcrypto routines:provider_init:reason(524325):crypto/provider_core.c:904:name=fips
40C7BD59537F0000:error:0700006D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:276:module=providers, value=provider_sect retcode=-1      


The fips pattern should be responsible to pull in the fips provider in this case



openQA test in scenario microos-Tumbleweed-MicroOS-Image-x86_64-microos_fips@64bit fails in
[openssl_fips_cipher](https://openqa.opensuse.org/tests/3905406/modules/openssl_fips_cipher/steps/6)

## Test suite description
microos FIPS enablement and some FIPS specific tests. 


## Reproducible

Fails since (at least) Build [20231001](https://openqa.opensuse.org/tests/3612603)


## Expected result

Last good: (unknown) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?arch=x86_64&distri=microos&flavor=MicroOS-Image&machine=64bit&test=microos_fips&version=Tumbleweed)
Comment 1 Fabian Vogt 2024-03-21 09:22:23 UTC 
Ping
Comment 2 Dominique Leuenberger 2024-05-16 09:44:50 UTC 
This bug has actually been fixed a while ago as part of patterns-base

Wed Jan 31 08:23:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

- patterns-base-fips: Require openssl-fips-provider when libopenssl
  is installed (meta package and libopenssl3) (boo#1219384).

The error in openQA changed after that; so THIS bug is in fact resolved fips_provider fails QA differently now:

Error setting cipher DES-EDE3-CBC
40D7805C147F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (DES-EDE3-CBC : 63), Properties ()