On Thu, Dec 17, 2015 at 04:26:21PM -0500, jonetsu wrote: > Hello, > > > I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4 > compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would > it make functional sense using those versions to patch RSA_generate_key_ex() > (../crypto/rsa/rsa_gen.c) to have: > > > #ifdef OPENSSL_FIPS > if (FIPS_mode()) > return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb); > #endif > > > Instead of using FIPS_rsa_generate_key_ex() > > > (and also adding the prototype for FIPS_rsa_x931_generate_key_ex() earlier in > rsa_gen.c)
I do not think this x931 RSA key generation is 186-4 compliant. Ciao, Marcus _______________________________________________ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users