Hello,
I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4
compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would
it make functional sense using those versions to patch RSA_generate_key_ex()
(../crypto/rsa/rsa_gen.c) to have:
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
#endif
Instead of using FIPS_rsa_generate_key_ex()
(and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in
rsa_gen.c)
Thanks.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
