On Thu, Oct 30, 2014, Gayathri Manoj wrote: > Hi Matt, > > Currently I am getting the signed hash message from some other entity. So i > can't make changes for the signing part. > My current implementation is phone will send the signed hash message and > our application will decrypt the signed message by using > RSA_public_decrypt() and then we compare the resultant data with hash > value of the phone identity (will calculate this hash by using > evp_digest*() using the info supplied by phone). > > Its worked fine in openssl-0.9.8l in fips mode without any issue. I have't > make any other changes appart from upgrading openssl-0.9.8za. I have > checked the source code of RSA_public_decrypt() and not found any > difference in both versions. Please let me know what might be the reason > and how can i rectify this. Is there any other API i can use apart from > EVP_verify*(). >
FIPS compliance requires that you use an approved signature scheme. If your scheme is not compliant then there isn't much you can do about that. Earlier versions of OpenSSL didn't enforce this and you can still override this. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
