Hi Matt,
Thanks Matt.
Please let me know RSA_public_decypt() is FIPS complaint in later version
(openssl 1.0.x).
Currently I am using RSA_public_decypt() in openssl-0.9.8l and not found
any issues in FIPS mode. To address some of the CVE, I have upgraded
openssl - from 0.9.8l to openssl-0.9.8ZA and encountered the decryption
issue.
As per you explanation, to make the system FIPS complaint in 0.9.8za, I
have to
1. replace the RSA_public_decypt() with EVP_verify()
EVP_VerifyInit(), EVP_VerifyUpdate() and
EVP_VerifyFinal()
EVP_VerifyUpdate() - A buffer
with the data to be verified. Same data in EVP_signUpdate()
EVP_VerifyFinal - same signature
which is used for EVP_SignFinal()
2. Needs to make similar changes in signing part using EVP_Sign*()
EVP_SignInit(), EVP_SignUpdate() and
EVP_SignFinal()
EVP_SignUpdate() - should contain
the data to be signed
EVP_SignFinal - should contain a
buffer to receive the signature
In 0.9.8 there is no other FIPS supported API for decryption.
Thanks,
Gayathri
On Tue, Oct 28, 2014 at 7:59 PM, Matt Caswell <m...@openssl.org> wrote:
> On 28 October 2014 05:58, Gayathri Manoj <gayathri.an...@gmail.com> wrote:
> > Hi All,
> >
> > I am using openssl-0.9.9za and I came to know EVP_PKEY_CTX is available
> > from 1.0.0.
> > Please let me know which API i can use in FIPS context instead of
> > RSA_public_decrypt().
>
> Well FIPS puts a different light on your question. From what I can
> understand from your question you are attempting to verify a
> signature, and you want that verification to be FIPS compliant,
> correct?
>
> That is only ever going to work if the signature has been generated
> using a FIPS compliant signature scheme in the first place. If you
> have some home grown or non-standard signature scheme then you are
> never going to be compliant without replacing both the signing and the
> verifying code. The problem with RSA_public_decrypt is that it is a
> very low level function. It can be used as part of a process to create
> a standardised signature...or it can be used in a completely
> non-standard way. Its use is definitely not encouraged.
>
> Some questions which might help us to understand your situation better:
> Do you control both the signing and the verifying?
> Do you know what signature scheme is in use? E.g. RSASSA-PKCS1-v1.5,
> or RSASSA-PSS.
> Can you provide more of your existing source code so that we can see
> how you are using RSA_public_decrypt?
>
> If you want FIPS compliance, and you want to stay on openssl 0.9.8
> then EVP_Verify* is the way to go...but only if the signature scheme
> in place is compliant in the first place (or can be changed to be so).
>
> Finally, I would recommend that you move off of 0.9.8. This version
> will no longer be receiving support (including security updates) after
> 31st December 2015. See:
> http://marc.info/?l=openssl-announce&m=141338840924517&w=2
>
>
> Matt
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
