On Thu, Apr 25, 2013, Alan Kozlay wrote: > This is the trace from the crash dump. > I've added some additional info, in *Bold*. > But, again, the crash is likely something in my code which I need to fix. > I'm wondering why FIPS mode wants to do an encryption operation when I asked > for a signing operation. > Could it be that FIPS mode encrypts some random data to get a better random > number before entertaining the signature? >
Firstly a disclaimer. If you redirect FIPS operations you're taking responsibility for the result being validated. When you redirect the default RSA functionality the call to FIPS_rsa_sign_digest will call the rsa_priv_enc operation. This is "encrypting with a private key" which is normally used for signing operations. The equivalent in PKCS#11 is C_Sign using the CKM_RSA_PKCS mechanism though not all tokens will support that. You can just redirect the operation for a single key through the ENGINE_load_privkey function which calls your ENGINE and it should return an EVP_PKEY with the appopriate ENGINE set up e.g. through RSA_new_method(). Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
