Raymond: It is possible that the functions you are referring to may be required to support RSA (key wrapping; key establishment) methodology as described on page 19 of the Security Policy.
You also have to take into consideration that all algorithms are supported in the code, but certain algorithms are disabled once you enable FIPS MODE. Bill ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond Yuan Sent: July 5, 2007 7:33 PM To: openssl-users@openssl.org Subject: Re: OpenSSL FIPS module doesn't support RSA public-key encryption scheme? Marek, Thanks for your reply. That page in security policy, 17& 18, is really what I'm referring to. Based on that I drew a conclusion that RSA public-key encyrption is not approvied algorithms in the OpenSSL FIPS module. However in the FIPS source code in /fips-1.0/rsa/fips_rsa_eay.c , I saw the API RSA_eay_public_encrypt() and RSA_eay_private_decrypt(). In fips_rsa_selftest.c, there're self-tests against public-key encyrption/decryption. It's a little confusing. I'm trying to seek some explanation from experts on this. -Raymond ----- Original Message ---- From: Marek Marcola <[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Thursday, July 5, 2007 3:08:15 PM Subject: Re: OpenSSL FIPS module doesn't support RSA public-key encryption scheme? Hello, > > According to my understanding on OpenSSL FIPS module security > policy, RSA public-key encryption scheme is not approved algorithm in > the module. However, in OpenSSL FIPS module source code, I saw the API > like RSA_eay_public_encrypt(). Could someone shed a light on this? Look at: http://www.openssl.org/docs/fips/SecurityPolicy-1.1.1.pdf page 17. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org <http://www.openssl.org/> User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ________________________________ Get the Yahoo! toolbar and be alerted to new email <http://us.rd.yahoo.com/evt=48225/*http:/new.toolbar.yahoo.com/toolbar/f eatures/mail/index.php> wherever you're surfing.
