"Dr. Stephen Henson" <steve-mcmkbn63+blafugrpc6...@public.gmane.org> writes:
[...] > Validated RSA_METHOD structures set RSA_FLAG_FIPS_METHOD, so that will work > with the FIPS module. > > That code is there so you can't accidentally use an unvalidated method (e.g. > from an ENGINE) in FIPS mode but if you are sure it is acceptable it can be > overridden by setting RSA_FLAG_NON_FIPS_ALLOW in the key. Ah, right. Like an idiot, I was just looking through openssl and binary openssl-fips files, which of course don't mention RSA_FLAG_FIPS_METHOD. [...] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org