[issue28854] FIPS mode causes dead-lock in ssl module

Christian Heimes added the comment: It was a downstream bug in Fedora. Tomas Mraz has fixed the issue and will release openssl-1.0.2j-3 soon, https://bugzilla.redhat.com/show_bug.cgi?id=1400922 -- resolution: -> third party stage: -> resolved status: open -> closed

[issue28854] FIPS mode causes dead-lock in ssl module

Changes by Alex Gaynor : -- nosy: +alex, dstufft, janssen ___ Python tracker ___ ___

[issue28854] FIPS mode causes dead-lock in ssl module

Christian Heimes added the comment: It's a dead lock in OpenSSL. :( if (n == CRYPTO_LOCK_RAND) { fprintf(stderr, "%s%s %i %s:%i\n", (mode & CRYPTO_READ) ? "R" : "W", (mode & CRYPTO_LOCK) ? "L" : "U", n, file, line); } test_random

[issue28854] FIPS mode causes dead-lock in ssl module

New submission from Christian Heimes: Python's ssl module is dead-locking when OpenSSL is running in FIPS mode. I first noticed it with pip. The issue is also reproducible with Python's test suite. $ sudo touch /etc/system-fips $ OPENSSL_FORCE_FIPS_MODE=1 ./python -m test.regrtest -v