Hi, My code is using the FIPS capable openssl (0.9.8j) in FIPS Mode.
X509_get_pub_key function is used to retrieve the public key from a signing
certificate.
pubKey = X509_get_pubkey(x509Cert);
The returned pubKey has the FIPS ALLOW Flag set :
if((pubKey->pkey.rsa)->flags & RSA_FLAG_NON_FIPS_ALLOW)
{
printf("This is true\n");
}
Is openSSL explicity setting this flag somewhere in code?
Subsequent call to RSA_verify succeeds because of setting of this flag. Is
this intended behaviour?
Pankaj
