Bug 1219384 - [Build 20240130] openQA test fails in openssl_fips_cipher
Summary: [Build 20240130] openQA test fails in openssl_fips_cipher
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Otto Hollmann
QA Contact: E-mail List
URL: https://openqa.opensuse.org/tests/390...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-01-31 08:19 UTC by Dominique Leuenberger
Modified: 2024-05-16 09:44 UTC (History)
2 users (show)

See Also:
Found By: openQA
Services Priority:
Business Priority:
Blocker: Yes
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique Leuenberger 2024-01-31 08:19:46 UTC 
## Observation

openssl has split out the fips providers. Trying to use openssl with fips results in

FATAL: Startup failure (dev note: apps_startup()) for openssl
40C7BD59537F0000:error:12800067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/lib64/ossl-modules/fips.so): /usr/lib64/ossl-modules/fips.so: cannot open shared object file: No such file or directory
40C7BD59537F0000:error:12800067:DSO support routines:DSO_load:could not load the shared library:crypto/dso/dso_lib.c:152:
40C7BD59537F0000:error:07880025:common libcrypto routines:provider_init:reason(524325):crypto/provider_core.c:904:name=fips
40C7BD59537F0000:error:0700006D:configuration file routines:module_run:module initialization error:crypto/conf/conf_mod.c:276:module=providers, value=provider_sect retcode=-1      


The fips pattern should be responsible to pull in the fips provider in this case



openQA test in scenario microos-Tumbleweed-MicroOS-Image-x86_64-microos_fips@64bit fails in
[openssl_fips_cipher](https://openqa.opensuse.org/tests/3905406/modules/openssl_fips_cipher/steps/6)

## Test suite description
microos FIPS enablement and some FIPS specific tests. 


## Reproducible

Fails since (at least) Build [20231001](https://openqa.opensuse.org/tests/3612603)


## Expected result

Last good: (unknown) (or more recent)


## Further details

Always latest result in this scenario: [latest](https://openqa.opensuse.org/tests/latest?arch=x86_64&distri=microos&flavor=MicroOS-Image&machine=64bit&test=microos_fips&version=Tumbleweed)
Comment 1 Fabian Vogt 2024-03-21 09:22:23 UTC 
Ping
Comment 2 Dominique Leuenberger 2024-05-16 09:44:50 UTC 
This bug has actually been fixed a while ago as part of patterns-base

Wed Jan 31 08:23:06 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>

- patterns-base-fips: Require openssl-fips-provider when libopenssl
  is installed (meta package and libopenssl3) (boo#1219384).

The error in openQA changed after that; so THIS bug is in fact resolved fips_provider fails QA differently now:

Error setting cipher DES-EDE3-CBC
40D7805C147F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:341:Global default library context, Algorithm (DES-EDE3-CBC : 63), Properties ()