This is a known issue. This workflow fails: FIPS_mode_set(1); FIPS_mode_set(0); FIPS_mode_set(1); /* fails */
This workflow succeeds: FIPS_mode_set(1); FIPS_mode_set(0); RAND_set_rand_method(NULL); FIPS_mode_set(1); /* succeeds */ The reason is that the 1.1.x series of FIPS did not properly handle the case where the randomness method was not already the default when going into FIPS mode. I am rather confused why people need to drop out of FIPS mode. The Federal Information Processing Standard dictates that FIPS-validated cryptography be used for everything that requires cryptographic transformation for storage (or really anything that enters or leaves the cryptograpic security boundary). -Kyle H On Wed, Sep 24, 2008 at 6:17 AM, joshi chandran <[EMAIL PROTECTED]> wrote: > when i have done FIPS_mod_set(1),it goes into the fips mode and when i am > doing FIPS_mod_set(0), it come out of fips mode but when i again apply > FIPS_mod_set(1) ,it does not goes to fips mode > > can u please help me out > > Thanks > Joshi > > > On Wed, Sep 24, 2008 at 3:55 AM, Tim Hudson <[EMAIL PROTECTED]> wrote: >> >> joshi chandran wrote: >>> >>> when i am using make CC=fipsld FIPSLD_CC=gcc , i am getting error message >> >> > gcc: unrecognized option `-qnostdinc' >> > gcc: unrecognized option `-qnolm' >> >> Those are xlc options - i.e. the IBM compiler. >> Perhaps >> make CC=fipsld FIPSLD_CC=xlc >> might be a better option. Look at the settings for CC in the top-level >> Makefile and that is the value to use for FIPSLD_CC >> >> Tim. > > > > -- > Regards > Joshi Chandran > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
