On Tue, Jul 28, 2015, Randy Steck wrote:
> Thus, it appears that there is a function in the FIPS API that allows
> for the creation of RSA keys in a non-approved manner.
>
> Am I missing something? Is this by design, or is it a bug?
>
Yes you're right it uses the unapproved keygen algorithm by
I posted this to openssl-dev, but didn't get a reply. Perhaps it's more
appropriate here.
In the FIPS Security Policy there are listed two functions for
generating RSA keys:
FIPS_rsa_generate_key_ex() (renamed from RSA_generate_key_ex())
and
FIPS_rsa_x931_generate_key_ex() (renamed from
R
