We are running on SLES 10 SP2. Some of our processes need to enable and disable FIPS multiple times within its execution. The following code worked on openssl-fips-1.1.1 but appears to be broken in 1.1.2:
// this works int rc = FIPS_mode_set( 1 ); // and this works rc = FIPS_mode_set( 0 ); // but if I try to re-enable, this will fail rc = FIPS_mode_set( 1 ); I think I narrowed it down to a recent change in fips_rand.c. If I copy the 1.1.1 version of fips_rand.c to the 1.1.2 source directory and rebuild, the issue goes away. Let me know if I can offer any more information. Thanks in advance. brad
We are running on SLES 10 SP2. Some of our processes
need to enable and disable FIPS multiple times within its execution. The
following code worked on openssl-fips-1.1.1 but appears to be broken in 1.1.2: //
this works int
rc = FIPS_mode_set( 1 ); //
and this works rc
= FIPS_mode_set( 0 ); //
but if I try to re-enable, this will fail rc =
FIPS_mode_set( 1 ); I think I narrowed it down to a recent change in fips_rand.c.
If I copy the 1.1.1 version of fips_rand.c to the 1.1.2 source directory and
rebuild, the issue goes away. Let me know if I can offer any more information.
Thanks in advance. brad |