Brad Smith via RT wrote:
> We are running on SLES 10 SP2. Some of our processes need to enable and disable FIPS multiple times within its execution. The following code worked on openssl-fips-1.1.1 but appears to be broken in 1.1.2:
>
>
> // this works
> int rc = FIPS_mode_set( 1 );
>
> // and this works
> rc = FIPS_mode_set( 0 );
>
> // but if I try to re-enable, this will fail
> rc = FIPS_mode_set( 1 );
>
> I think I narrowed it down to a recent change in fips_rand.c. If I copy the 1.1.1 version of fips_rand.c to the 1.1.2 source directory and rebuild, the issue goes away.
>
> Let me know if I can offer any more information. Thanks in advance.
> brad
>


Add in a call to
RAND_set_rand_method(NULL);
before the FIPS_mode_set(1) and it should work fine.

Tim.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org