FIPS140-2: ANSI X9.31 in openssl ???

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

FIPS140-2: ANSI X9.31 in openssl ???

Brendan Simon
I have been using openssl-0.9.6d and using PKCS#1.

I have a requirement to be compliant with FIPS140-2 and it seems that
PKCS#1 is not compliant with FIPS140-2 :(
It seems that I must use ANSI X9.31 to generate random numbers to be
FIPS140-2 compliant.

I was told that newer versions of openssl had support for X9.31.
I have downloaded that latest version (0.9.8) and could not find any
references to X9.31.
Browsing CVS I can see there are some references to X9.31 in
openssl-0.9.7-stable.

My questions are:

Is there such a release as 0.9.7-stable ?

If so, does 0.9.7-stable have some features that 0.9.8 does not have ?

I assume that 0.9.8 is the latest release and would have the most
features (apart from development snapshots and cvs).

What is the appropriate version of openssl to use to get X9.31
functionality?

If not in openssl, where else can I get this functionality that will
intereoperate with other openssl crypto functionality.

Hopefully someone can answer my questions or point me in the right
direction.
Cheers,
Brendan Simon.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: FIPS140-2: ANSI X9.31 in openssl ???

Thomas J. Hruska
Brendan Simon wrote:

> I have been using openssl-0.9.6d and using PKCS#1.
>
> I have a requirement to be compliant with FIPS140-2 and it seems that
> PKCS#1 is not compliant with FIPS140-2 :(
> It seems that I must use ANSI X9.31 to generate random numbers to be
> FIPS140-2 compliant.
>
> I was told that newer versions of openssl had support for X9.31.
> I have downloaded that latest version (0.9.8) and could not find any
> references to X9.31.
> Browsing CVS I can see there are some references to X9.31 in
> openssl-0.9.7-stable.
>
> My questions are:
>
> Is there such a release as 0.9.7-stable ?
>
> If so, does 0.9.7-stable have some features that 0.9.8 does not have ?
>
> I assume that 0.9.8 is the latest release and would have the most
> features (apart from development snapshots and cvs).
>
> What is the appropriate version of openssl to use to get X9.31
> functionality?
>
> If not in openssl, where else can I get this functionality that will
> intereoperate with other openssl crypto functionality.
>
> Hopefully someone can answer my questions or point me in the right
> direction.
> Cheers,
> Brendan Simon.

0.9.8 doesn't have all of the components added yet that are in previous
versions.  Use 0.9.7g for the time being.

That said, I believe a recent discussion showed that OpenSSL is waiting
for FIPS acceptance.  See the archives for the discussion on the topic.

--
Thomas Hruska
Shining Light Productions

Home of BMP2AVI, Nuclear Vision, ProtoNova, and Win32 OpenSSL.
http://www.slproweb.com/

Ask me about discounts on any Shining Light Productions product!
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]