Hi all,
We use the OpenSSL FIPS Object Module v.2.0, but are not allowed anymore (as of
the start of this year) to submit new product for validation because the RSA
implementation is only FIPS 186-2 compliant. Based on extensive review and
research it seems to be possible to "patch" the RSA key
On 03/26/2014 03:19 AM, Leon Brits wrote:
> Hi all,
>
>
>
> We use the OpenSSL FIPS Object Module v.2.0, but are not allowed anymore
> (as of the start of this year) to submit new product for validation
> because the RSA implementation is only FIPS 186-2 compliant. Based on
> extensive review a
> Much of the mystery and inconsistency of cryptographic module validation
> would be obviated if the results of validations were more fully disclosed. At
> present details about validations are treated as state secrets, with the
> singular exception of our open source based validations.
Sadly
illing to point to the sections of code that they
(you) believe would need to be changed?
--
View this message in context:
http://openssl.6102.n7.nabble.com/RSA-FIPS-186-4-issue-tp48944p49310.html
Sent from the OpenSSL - Dev mailing list archive at Nabb
age in context:
http://openssl.6102.n7.nabble.com/RSA-FIPS-186-4-issue-tp48944p49309.html
Sent from the OpenSSL - Dev mailing list archive at Nabble.com.
__
OpenSSL Project http://www.openssl.org
Dev
JDM,
> Leon Brits wrote
> > I am in no way capable of writing such a patch and was hoping that
> > someone is willing to share.
> > To be more specific I need a patch that will change the key generation
> > from:
> > d = e-1 mod((p-1)(q-1))
> > to this:
> > d = e-1 mod(LCM(p-1, q-1))
>
> We’re al
