Hi,
I'm using OpenSSL 1.0.1c linked with FIPS object module.
On startup FIPS is enabled successfully (using FIPS_mode_set function).
When I try to generate rsa key it failed with error 'non fips rsa method'.
I tried calling both EVP API and rsa function directly (RSA_generate_key).
I can see it failed in rsa_gen.c in function RSA_generate_key_ex()
Here is the EVP API I'm using:
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
{ /* Error occurred */
return 0;
}
if (EVP_PKEY_keygen_init(ctx) <= 0)
{ /* Error */
return 0;
}
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
{ /* Error */
return 0;
}
/* Generate key */
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
{ /* Error */
return 0;
}
Anything I should do differently to make it work ?
Thanks,
Tal
