On Wed, Nov 12, 2014, Gayathri Manoj wrote: > Hi Steve, > > Conclusion of previous thread : For making FIPS compliance we have to > replace RSA_public_decrypt() with EVP_verify*() APIs. It requires hash of > the the entire message and not the hash of the 'signed message'. > > Currently I am getting only hash of the signed message from my phone and i > can't make any changes here. > then how can i verify this message in FIPs mode pother than > RSa_public_decrypt(). >
It isn't completely clear how you're verifying the digest using RSA_public_decrypt. I suspect you're using it to extrat a raw digest and then comparing the result to verify. If so then the signature scheme is not FIPS compliant and there's nothing you can do to make it compliant without modifying the signature format which you say you can't do. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
