On 10/23/2013 06:16 AM, Stephen Henson via RT wrote: > What version of OpenSSL are you using? This was worked around in 1.0.1e due to > the difficulty of changing the FIPS module.
Ah, okay; I see the drbg_free_entropy functions are checking for NULL there now, which works (even though it's probably still FIPS's bad). We're using (modified) Ubuntu Precise's openssl1.0.0 (really 1.0.1) debian package, which looks to have cherry-picked security fixes from 1.0.1e (and prior), but probably didn't grab the FIPS stuff under consideration of the fact that they don't _build_ with FIPS stuff. For my curiosity, what's difficult about modifying FIPS? More involved change-vetting process? -mjc ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org