Thank you very much. Recoded my test app for the EVP_Verify routines, things are working as expected now.
Now back to making sense of all the key format (DER,PEM,BER) options. This is new stuff for me. JH On 2/16/12, Dr. Stephen Henson <[email protected]> wrote: > On Thu, Feb 16, 2012, john hagen wrote: > >> Can someone shed some light on the following? >> >> I'm able to 'verify' via the command line like this: >> "# env OPENSSL_FIPS=1 ./openssl dgst -sha512 -verify pub.pem >> -signature format.sign format.c >> Verified OK" >> >> Programmatically I get the following runtime error. >> "(error:0407708E:rsa routines:RSA_verify:operation not allowed in fips >> mode)" >> >> Is there a different routine that I should use to 'verify' an RSA >> signature while in FIPS mode? >> > > You need to use the EVP functions EVP_Verify*, those are used by the dgst > utility. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [email protected] > Automated List Manager [email protected] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
