>> When I build with "./Configure debug-linux-x86_64" then the tests all >> pass. When I build with "./Configure debug-linux-x86_64 fips >> --with-fipsdir=..." then all tests pass up to ecdsatest: >> >> prime239v2: ........ ok >> prime239v3: ........ ok >> prime256v1: ........ ok >> sect163k1: ........ ok >> sect163r1: ........ ok >> sect163r2: ........ ok >> ecdsatest: bn_lib.c:243: BN_clear_free: Assertion `(_bnum2->top == 0) || >> (_bnum2->d[_bnum2->top - 1] != 0)' failed. >> sect193r1: make[1]: *** [test_ecdsa] Aborted > > Is it just that BN_DEBUG has significant false positives, and I > shouldn't really be defining it?
As FIPS module is compiled without BN_DEBUG it can and certainly will confuse code compiled with BN_DEBUG that will call it. This surely is the explanation for the phenomena and the answer to specific question is no, you shouldn't define it. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
