[openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9
jonetsu
jonetsu at teksavvy.com
Thu Dec 17 21:26:21 UTC 2015
Hello,
I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would it make functional sense using those versions to patch RSA_generate_key_ex() (../crypto/rsa/rsa_gen.c) to have:
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
#endif
Instead of using FIPS_rsa_generate_key_ex()
(and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in rsa_gen.c)
Thanks.
More information about the openssl-users
mailing list