fips mode and key management
Roumen Petrov
openssl at roumenpetrov.info
Sat Jan 18 11:19:25 UTC 2020
Hello,
Recently I note that when build is in FIPS_MODE some functionality is
lost. For instance RSA_{g|s}et_ex_data is not available.
Reading the code I expect that in FIPS mode use of external keys is
forbidden.
Remark: ex_data is used to store reference information for external keys.
Please confirm that in FIPS mode we could use external keys?
Regards
Roumen Petrov
P.S. If is not allowed this regression to previous FIPS
releases(validations).
Neither OpenSSL nor Red Hat nor Solaris FIPS validation forbid use of
"external" keys.
More information about the openssl-project
mailing list