Hello, Our product was FIPS-certified a few years ago. We are now about to start the re-certification process. The test for RSA X9.31 key generation have somewhat changed, or so it looks like to me anyway. A few years ago, we received test vectors with the following parameters: modulus size, e, xp1, xp2, Xp, xq1, xq2, Xq. The response we provided included the previous parameters and these generated values: p, q, n, d. We used FIPS_rsa_x931_derive_ex() to generate the values. I believe this function implements section B.3.6: Generation of Probable Primes with Conditions Based on Auxiliary Probable Primes. Prime method: Primes p1, p2, q1,q2, p and q shall all be probable primes. Is my assumption correct? If so, we?d like to minimise effort and reuse our test sw for the new tests in http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf. I?m looking at section 6.2.1 where the parameters are: modulus size, e, N=25 (number of iterations). It seems to me that we have to send a response with all of the other parameters: xp1, xp2, Xp, xq1, xq2, Xq, p, q, n, d. xp1, xp2, Xp, xq1, xq2, Xq are random numbers, some of them have to be odd. Which function(s) do you suggest to use to generate them? Or can I just use FIPS_rsa_x931_generate_key_ex() ? Is this used with a fixed exponent? Does it also implement section B.3.6? We also have to indicate to NIST the type of Probabilistic Primality Test the (specific) OpenSSL functions use: a) Table C.2. Minimum number of rounds of M-R testing when generating primes b) Table C.3. Minimum number of rounds of M-R testing when generating primes using an error probability of 2^?100 Which one(s) does OpenSSL implement? If both, how is that chosen? Many thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150515/1cb294ec/attachment-0001.html>