On Tue, Sep 22, 2009, Pankaj Aggarwal wrote:
> Hi,
>
> My code is using the FIPS capable openssl (0.9.8j) in FIPS Mode.
>
> X509_get_pub_key function is used to retrieve the public key from a signing
> certificate.
>
>
> pubKey = X509_get_pubkey(x509Cert);
>
> The returned pubKey has the FIPS ALLOW Flag set :
>
> if((pubKey->pkey.rsa)->flags & RSA_FLAG_NON_FIPS_ALLOW)
>
> {
>
> printf("This is true\n");
>
> }
>
> Is openSSL explicity setting this flag somewhere in code?
>
> Subsequent call to RSA_verify succeeds because of setting of this flag. Is
> this intended behaviour?
>
No this is a bug. Will be fixed in the next version. Please try the next
snapshot or apply this patch:
http://cvs.openssl.org/chngview?cn=18625
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
