Brad Smith via RT wrote:
We are running on SLES 10 SP2. Some of our processes need to enable and
disable FIPS multiple times within its execution. The following code worked on
openssl-fips-1.1.1 but appears to be broken in 1.1.2:
// this works
int rc = FIPS_mode_set( 1 );
// and this works
rc = FIPS_mode_set( 0 );
// but if I try to re-enable, this will fail
rc = FIPS_mode_set( 1 );
I think I narrowed it down to a recent change in fips_rand.c. If I copy the
1.1.1 version of fips_rand.c to the 1.1.2 source directory and rebuild, the
issue goes away.
Let me know if I can offer any more information. Thanks in advance.
brad
Add in a call to
RAND_set_rand_method(NULL);
before the FIPS_mode_set(1) and it should work fine.
Tim.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
