[openssl-users] RSA and FIPS 186-4 in OpenSSL 1.0.1e/fips-2.0.9
Marcus Meissner
meissner at suse.de
Thu Dec 17 21:35:41 UTC 2015
On Thu, Dec 17, 2015 at 04:26:21PM -0500, jonetsu wrote:
> Hello,
>
>
> I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would it make functional sense using those versions to patch RSA_generate_key_ex() (../crypto/rsa/rsa_gen.c) to have:
>
>
> #ifdef OPENSSL_FIPS
> if (FIPS_mode())
> return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
> #endif
>
>
> Instead of using FIPS_rsa_generate_key_ex()
>
>
> (and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in rsa_gen.c)
I do not think this x931 RSA key generation is 186-4 compliant.
Ciao, Marcus
More information about the openssl-users
mailing list