On Thu, Feb 16, 2012, john hagen wrote: > Can someone shed some light on the following? > > I'm able to 'verify' via the command line like this: > "# env OPENSSL_FIPS=1 ./openssl dgst -sha512 -verify pub.pem > -signature format.sign format.c > Verified OK" > > Programmatically I get the following runtime error. > "(error:0407708E:rsa routines:RSA_verify:operation not allowed in fips mode)" > > Is there a different routine that I should use to 'verify' an RSA > signature while in FIPS mode? >
You need to use the EVP functions EVP_Verify*, those are used by the dgst utility. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
