Re: PEM_read_bio_RSAPublicKey equivalent API which returns EVP_PKEY

Hi Skip Carter, Thanks for your reply. I replaced the code as you suggested, but I am getting below errors. It looks like I can't use RSA related APIs and data structures with Openssl 3.0.Please suggest if you know how to resolve these. I have included headers

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

Comments inline. Pauli On 15/4/21 12:09 am, Bala Duvvuri wrote: HI Paul, Thanks a lot for your response, thank you for pointing to /providers/implementations/rands/test_rng.c and the code to run NIST test. Still finding it a bit difficult to wrap around these new APIs In the old

Re: Sp800 56a rev3

These are all questions for your FIPS lab. Pauli On 15/4/21 4:19 am, Nagarjun J wrote: Hi, Suppose if any one submitted for FIPS 140-2 certification in Nov 2020 , what is the deadline to meet sp800 56 a rev3 revision requirement to avoid certificate going into historical list. And if we

Sp800 56a rev3

Hi, Suppose if any one submitted for FIPS 140-2 certification in Nov 2020 , what is the deadline to meet sp800 56 a rev3 revision requirement to avoid certificate going into historical list. And if we meet requirement before deadline what is the validity of certificate. And do we need to test

SP800 56A rev3 patch

Hi, I am looking to patch FOM for sp800 56 rev3 support . Does openssl-3.0 implements this requirement? Is there any patches available? Regards Nag

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

For setting up a parent for a DRBG, look at /providers/implementations/rands/test_rng.c which produces seed material (test_rng_generate) and nonces (test_rng_nonce).  The built in DRBG's don't need the nonce, they will act as per SP800-90Ar1 section 9.1 with a nonce available from their

Re: PEM_read_bio_RSAPublicKey equivalent API which returns EVP_PKEY

Hi Richard, Thanks for the reply. Maybe you misunderstood my query. As you suggested, I will use EVP_PKEY_CTX_new to create ctx for using it in "EVP_PKEY_encrypt" and "EVP_PKEY_decrypt". But to create ctx , EVP_PKEY_CTX_new takes input parameter as EVP_PKEY. In our code

Re: OpenSSL 3.0 - providing entropy to EVP_RAND ?

1> >>The best way to do this, is to create a provider which acts as a seed source and to then use this as the parent of the primary DRBG. See, for example, test/testutil/fakerandom.c for how to do this. The key is to set up the seed source before the RNG subsystem is first used. In our case

Re: Help with i2d_CMS_bio_stream from OpenSSL 1.0 to OpenSSL 1.1.1j

Thank you, It is a very useful resource but my problem is actually a wrong conversion of the stack of structures to ASN1 SEQUENCE in DER. What actually changed between 1.0.2 and 1.1.1? Thanks F Il giorno mar 13 apr 2021 alle ore 14:38 Floodeenjr, Thomas < thomas_floodee...@mentor.com> ha scritto: