Hey all, I'm currently using FIPS capable OpenSSL 0.9.8r w/FOM 1.2.2 and I noticed that the DSA_verify() method returns 0 in FIPS mode because it fails the DSA_FLAG_NON_FIPS_ALLOW flag check. The documentation for DSA_FLAG_FIPS_METHOD in dsa.h states: "/* If this flag is set the operations normally disabled in FIPS mode are * permitted it is then the applications responsibility to ensure that the * usage is compliant. */ I'm a little confused as to what "...applications responsiblilty to ensure that the usage is compliant." means exactly. Does this mean DSA_verify() is not FIPS compliant? If so, will moving to FOM 1.2.3 help?
Cheers, -Chang Lee