[openssl-dev] [openssl.org #4298] [Bug] Random number generation failing with FIPS and Android < 5.0

Armour Comms via RT rt at openssl.org
Mon Feb 8 17:25:18 UTC 2016


I'm using OpenSSL in FIPS mode as part of an Android app.  I'm using the
NDK.  I create an EC Curve with EC_GROUP_new_curve_GFp() and then delete it
with EC_GROUP_clear_free().  This presumably uses a lot of entropy as,
while this may succeed running once, all further attempts for the next
several minutes will crash the app (Fatal signal 11 (SIGSEGV) at 0x00000000
(code=1)).

This occurs on two devices, one running Android 4.1 and one running Android
4.2.

When FIPS mode is disabled this behavior does not occur.  When
EC_GROUP_free() is used instead this also does not occur. There are no
problems running this on an Android 5.1 device.

Any ideas?

-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4298
Please log in as guest with password guest if prompted



More information about the openssl-dev mailing list