[openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9

jonetsu jonetsu at teksavvy.com
Thu Dec 17 21:26:21 UTC 2015


I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 compliance.  We are using OpenSSL 1.0.1e with the fips-2.0.9 module.    Would it make functional sense using those versions to patch RSA_generate_key_ex() (../crypto/rsa/rsa_gen.c) to have: 

	if (FIPS_mode())
    return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);

Instead of using FIPS_rsa_generate_key_ex()

(and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in rsa_gen.c)


More information about the openssl-users mailing list