Re: FIPS_mode_set(1) - FIPS_mode_set(0) - FIPS_mode_set(1)

Wed, 23 Sep 2009 00:30:36 -0700 

This is a problem for us with FIPS module 1.2.0.


wolfoftheair wrote:
> 
> Is this still present in FIPS module 1.2.0?
> 
> -Kyle H
> 
> On Mon, Aug 24, 2009 at 11:55 AM, Mike Trent<michael.tr...@xerox.com>
> wrote:
>>
>>
>>
>> Mike Trent wrote:
>>>
>>> It seems that after setting FIPS mode off one cannot set it back on
>>> again
>>> in the same executable.
>>>
>>> I have a test program which does:
>>>
>>> FIPS_mode_set(1)  - works ok indicated by a return true.
>>> FIPS_mode_set(0) - to turn off and works ok, at least the FIPS_mode()
>>> call
>>> returns 0, so it seems to be off.
>>>
>>> Then followed by again FIPS_mode_set(1) which returns a 0 indicating
>>> failure. A FIPS_Mode() call indicates that the test program is still in
>>> non FIPS mode.
>>>
>>> Is it possible to turn off FIPS and turn it back on in an executable?
>>>
>>> Thanks.
>>>
>> Ok... found the answer.
>> One needs to make this call:    RAND_set_rand_method(NULL);
>> prior to making a FIPS_mode_set(1) after having turned off FIPS.
>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/FIPS_mode_set%281%29---FIPS_mode_set%280%29---FIPS_mode_set%281%29-tp25121412p25121535.html
>> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> User Support Mailing List                    openssl-us...@openssl.org
>> Automated List Manager                           majord...@openssl.org
>>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
> 
> 

-- 
View this message in context: 
http://www.nabble.com/FIPS_mode_set%281%29---FIPS_mode_set%280%29---FIPS_mode_set%281%29-tp25121412p25530885.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to