fips mode and key management

Roumen Petrov openssl at
Sat Jan 18 11:19:25 UTC 2020


Recently I note that when build is in FIPS_MODE some functionality is 
lost. For instance RSA_{g|s}et_ex_data is not available.

Reading the code I expect that in FIPS mode use of external keys is 
Remark: ex_data is used to store reference information for external keys.

Please confirm that in FIPS mode we could use external keys?

Roumen Petrov

P.S. If is not allowed this regression to previous FIPS 
Neither OpenSSL nor Red Hat nor Solaris FIPS validation forbid use of 
"external" keys.

More information about the openssl-project mailing list