fips mode and key management

Roumen Petrov openssl at roumenpetrov.info
Sat Jan 18 11:19:25 UTC 2020


Hello,

Recently I note that when build is in FIPS_MODE some functionality is 
lost. For instance RSA_{g|s}et_ex_data is not available.

Reading the code I expect that in FIPS mode use of external keys is 
forbidden.
Remark: ex_data is used to store reference information for external keys.

Please confirm that in FIPS mode we could use external keys?


Regards
Roumen Petrov

P.S. If is not allowed this regression to previous FIPS 
releases(validations).
Neither OpenSSL nor Red Hat nor Solaris FIPS validation forbid use of 
"external" keys.



More information about the openssl-project mailing list