On Wed, Apr 24, 2013, Alan Kozlay wrote: > OpenSSL Team, > > Compiled for Android: > OpenSSL 1.0.1e > FIPS Module 2.0.3. > > I've created an Engine for PKCS#11 to perform RSA operations. > It works when OpenSSL is used for TLS/SSL in both FIPS and non-FIPS mode. > It works when OpenSSL is used for PKCS_sign in non-FIPS mode but not in FIPS > mode. > > I see something occurring which I am not expecting and I'm wondering if it's > a mistake in OpenSSL or intended. > > When I run with FIPS mode disabled, I see: > > [OpenSSL] PKCS7_sign > [ENGINE] -> pkcs11_rsa_sign > [PKCS#11] -> C_SignInit > ?. > > When I run the test with fips mode enabled, the call stack looks like: > > [OpenSSL] PKCS7_sign > [ENGINE] -> pkcs11_rsa_encrypt > [PKCS#11] -> C_EncryptInit > [PKCS#11] !!! crash with SIGSEGV !!! > > The crash is likely something in my PKCS11 code but should I be expecting > PKCS7_sign to perform encryption like this? > If so, what is it attempting to encrypt? > >
Are you replacing the default RSA method or just the method for that specific private key? If it's the default method you might be messing with the FIPS POST. If you just replace that one key then can you provide a full stack trace? Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
