Manualshelf

Release Notes

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
12345678910
6 Changes
RSA BSAFE Crypto-C Micro Edition 4.1.4 Release Notes
Changes
This release of Crypto-C ME is designed to include the following changes:
Updated operating environment support.
For more information, see Operating Environment Information.
Fixes for specific issues.
For more information, see Enhancements and Resolved Issues.
The two separate signature files which were used for the FIPS 140-2 module
integrity check are embedded into the main FIPS 140-2 module shared library file.
Initialization Vector (IV) generation for symmetric key encryption is updated for
compliance with the latest FIPS 140-2 implementation guidance (IG A.5). For
more information, see Symmetric Key Encryption > Automatic IV Generation
in the RSA BSAFE Crypto-C Micro Edition Developers Guide.
Default Diffie-Hellman (DH) key exchange, key generation, and parameter
generation is now performed using approved methods outlined in SP 800-56A
instead of the IEEE P1363 specification.
The default key exchange and key generation implementations allows the use of
legacy parameters, which might not have the sub-prime value available.
Elliptic curve cryptography (ECC) keys are generated using approved methods
outlined in SP 800-56A.
Library files for systems running an Apple
®
OS X
®
, macOS
®
or iOS
®
operating
system are provided as “Fat Libraries” instead of separate static and dynamic files
for each CPU architecture.
When generating keys using
R_SKEY_generate() for AES in XTS mode, it is
no longer possible to generate the same key data for
Key_1 and Key_2.
Changes to RSA key generation:
New default algorithm is FIPS 186-3 (formerly X9.31). X9.31 cannot be used
in FIPS mode, but is still available in the FIPS library.
Minimum key size allowed for RSA FIPS 186-4 compliant key generation
(
R_CR_RSA_KEY_GENERATION_FIPS186_3 and
R_CR_RSA_KEY_GENERATION) is 2048 bits.
The NIST testing tool for RSA signature generation and verification using
SHA-512/256 included an incorrect algorithm identifier.
RSA signature generation and verification and using SHA-512/256 is updated in
this release of Crypto-C ME to use the correct identifier. Signature verification is
also updated to include a test for the old identifier to ensure signatures generated
using previous versions of Crypto-C ME can still be verified. However, signatures
generated using this version of Crypto-C ME will not verify correctly on systems
using the old implementation.