OpenSSL Team, Compiled for Android: OpenSSL 1.0.1e FIPS Module 2.0.3.
I've created an Engine for PKCS#11 to perform RSA operations. It works when OpenSSL is used for TLS/SSL in both FIPS and non-FIPS mode. It works when OpenSSL is used for PKCS_sign in non-FIPS mode but not in FIPS mode. I see something occurring which I am not expecting and I'm wondering if it's a mistake in OpenSSL or intended. When I run with FIPS mode disabled, I see: [OpenSSL] PKCS7_sign [ENGINE] -> pkcs11_rsa_sign [PKCS#11] -> C_SignInit …. When I run the test with fips mode enabled, the call stack looks like: [OpenSSL] PKCS7_sign [ENGINE] -> pkcs11_rsa_encrypt [PKCS#11] -> C_EncryptInit [PKCS#11] !!! crash with SIGSEGV !!! The crash is likely something in my PKCS11 code but should I be expecting PKCS7_sign to perform encryption like this? If so, what is it attempting to encrypt? Thanks, -Alan Alan Kozlay Director, Product Development Software/Hardware Engineer Biometric Associates, LP.
