Hi, I am seeing crashes in OpenSSL 1.0.2d when using it with the FIPS 2.0.10 object module. Apparently the size of struct ec_group_st (in crypto/ec/ec_lcl.h) differs between 1.0.1 and 1.0.2, since BN_MONT_CTX *mont_data; /* data for ECDSA inverse */ has been added to it. The FIPS module still uses the 1.0.1 version of struct ec_group. That leads to crashes when ownership is transferred between the FIPS module and OpenSSL. I.e. when an ec_group object is allocated by the FIPS version of EC_GROUP_new and then destroyed by the OpenSSL variant of OPENSSL_free. Am I using the FIPS object module wrongly or is not compatible to OpenSSL 1.0.2 when it comes to EC crytpography? If 1.0.2 is not supported by FIPS 2.0.10, are there any plans to get another, compatible version of the FIPS object module validated? Thanks! Sebastian
