Re: OpenSSL FIPS certificate #4282

A good question. In a nut shell: the 3.0.0 FIPS provider is designed to work with all 3.0.x releases.  We actively test this as part of our CI loops and it's the way to claim FIPS compliance when using OpenSSL 3.0.7.  You need to build 3.0.7 (with or without FIPS support) and the 3.0.0 FIPS

OpenSSL FIPS certificate #4282

The OpenSSL project has obtained certificate #4282 from NIST for the FIPS provider. Nice. However, the certificate and accompanying security policy specifically list version 3.0.0 while the current release is

Re: Question about migrating from d2i_ECPrivateKey() to d2i_PrivateKey(EVP_PKEY_EC, ...)

On Tue, Nov 22, 2022 at 11:09:07AM -0600, Nico Williams wrote: > > Not exactly, PKCS#8-based typing is used in d2i_PKCS8_PRIV_KEY_INFO() > > (for unencrypted PKCS#8 blobs, so no password callback). The > > d2i_PrivateKey() function takes an explicit pkey_type instead. > > Hmmm, well,

ASN1 function declarations

On Tue, Nov 22, 2022 at 11:09:07AM -0600, Nico Williams wrote: > Also, the prototype for i2d_PUBKEY() does not appear in any header, > public or private, but i2d_PUBKEY() _is_ documented -- is this a bug? The d2i_* and i2d_* functions are mostly generated by macros that declare all or some of

RE: Upgrading OpenSSL on Windows 10

Michael's point should be asked and answered first for your environment. To find all of the OpenSSL bits used on a windows system you would use Powershell or a tool that flexes its use like PDQ Inventory. There is a steep learning curve and it is probably off topic for this group but there are

EVP_PKEY_get_params strange behaviors

I just migrated some JWK code from openssl 1.x to 3.x. First I have to say, a lot of things got a lot easier and a lot clearer than before. I did see some strange behaviors with EVP_PKEY_get_params. I see the following statements from `man OSSL_PARAM`: [A] When requesting parameters, it's