I am trying to get a FreeBSD 14 system working with openssl in FIPS mode. Most of the applications I've used work fine, but I'm having a problem with pkg and was wondering if anyone else has run into this. I have a system that I installed from 14.0-RC1, and have upgraded to 14.0p5-RELEASE using freebsd-upgrade. I've switched the files in /etc/pkg/ to use https instead of http so that pkg is actually exercising OpenSSL. pkg works fine, but pkg-static (with --debug) produces "Insufficient randomness" messages and exits with an error. I see this with both the FreeBSD-shipped fips provider, and with a properly built 3.0.9 provider. I ran
Can anyone confirm they do or don't see this behaviour in FreeBSD 14? Thanks.
Here are the relevant parts of my /etc/ssl/openssl.cnf
openssl fipsinstall -module /usr/lib/ossl-modules/fips.so -out /etc/ssl/fipsmodule.cnf
with each provider before using it, and tested it with pkg-static fetch pkg
.Can anyone confirm they do or don't see this behaviour in FreeBSD 14? Thanks.
Here are the relevant parts of my /etc/ssl/openssl.cnf
INI:
openssl_conf = openssl_init
.include /etc/ssl/fipsmodule.cnf
[openssl_init]
providers = provider_sect
alg_section = algorithm_sect
[provider_sect]
#default = default_sect
fips = fips_sect
base = base_sect
[algorithm_sect]
default_properties = fips=yes
[base_sect]
activate = 1
[default_sect]
#activate = 1