According to Dr. Henson, this is a known problem and can be fixed by: RAND_set_rand_method(NULL);
when calling FIPS_mode_set(0); Ken John Firebaugh <[EMAIL PROTECTED]> wrote: Is it intended that it is not possible to re-enter FIPS mode via FIPS_mode_set(1) after previouly calling FIPS_mode_set(1) then FIPS_mode_set(0)? If you do so, the RAND_bytes() call at fips.c line 307 fails. It seem the sequence of events is this: 1. FIPS_mode_set(1), RAND_set_rand_method(FIPS_rand_method()) called. 2. FIPS_mode_set(0), FIPS mode disabled but rand_method not reset to non-FIPS method. 3. FIPS_mode_set(1), RAND_bytes() fails because it attempts to use fips_rand with an unkeyed context. This is with openssl-fips-test-1.2.0. John ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
