On 18/12/2015 19:58, Steve Marquess wrote:
On 12/18/2015 12:58 PM, jonetsu wrote:
Fair enough (in this context). But what about the code itself, is it ready
to be RSA 186-4 compliant ?
We think we know how to write the code that would be necessary, for FIPS
186-4 and all the other new
On 12/21/2015 07:06 AM, Jakob Bohm wrote:
> On 18/12/2015 19:58, Steve Marquess wrote:
>> On 12/18/2015 12:58 PM, jonetsu wrote:
>>> Fair enough (in this context). But what about the code itself, is it
>>> ready
>>> to be RSA 186-4 compliant ?
>> We think we know how to write the code that would
Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if
this means an upgrade ?)
Thanks.
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61769.html
Sent from the OpenSSL - User mailing list
> What would then be the permitting conditions to pursue a new validation ?
> If you don't mind me asking. I have read several notes you have on the
> subject and I agree that the whole thing is of Dedalus proportions. In a
> nutshell what would be these conditions ?
In a nutshell: someone
Sorry, I forgot: What about the code itself, if we do not mind the validation
? Is the 185-4 RSA compatible code present in any OpenSSL/FIPS module ?
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-and-FIPS-186-4-in-OpenSSL-1-0-1e-fips-2-0-9-tp61753p61774.html
Sent
What would then be the permitting conditions to pursue a new validation ? If
you don't mind me asking. I have read several notes you have on the subject
and I agree that the whole thing is of Dedalus proportions. In a nutshell
what would be these conditions ?
Thanks, much appreciated.
--
On 12/18/2015 11:03 AM, jonetsu wrote:
> Is there any current solution to have RSA 186-4 in OpenSSL FIPS (now, even if
> this means an upgrade ?)
We aren't allowed to update existing validations to include that type of
"cryptographically significant" change, just like we aren't allowed to
fix
On 12/18/2015 01:10 PM, Salz, Rich wrote:
>> What would then be the permitting conditions to pursue a new
>> validation ? If you don't mind me asking. I have read several
>> notes you have on the subject and I agree that the whole thing is
>> of Dedalus proportions. In a nutshell what would be
Fair enough (in this context). But what about the code itself, is it ready
to be RSA 186-4 compliant ?
And, if we go through a validation, can OpenSSL benefit from it ?
--
View this message in context:
On 12/18/2015 12:58 PM, jonetsu wrote:
> Fair enough (in this context). But what about the code itself, is it ready
> to be RSA 186-4 compliant ?
We think we know how to write the code that would be necessary, for FIPS
186-4 and all the other new requirements, though you can never be sure
until
Hello,
I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4
compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would
it make functional sense using those versions to patch RSA_generate_key_ex()
(../crypto/rsa/rsa_gen.c) to have:
#ifdef OPENSSL_FIPS
On Thu, Dec 17, 2015 at 04:26:21PM -0500, jonetsu wrote:
> Hello,
>
>
> I have read about the use of FIPS_rsa_x931_generate_key_ex() for 186-4
> compliance. We are using OpenSSL 1.0.1e with the fips-2.0.9 module. Would
> it make functional sense using those versions to patch
12 matches
Mail list logo
