FIPS-140 approved curves?
Jordan Brown
openssl at jordan.maileater.net
Sat Nov 4 02:05:53 UTC 2023
EC_get_builtin_curves() will give you a list of supported curves.
However, in a FIPS-140 installation, EVP_EC_gen() appears to reject most
of them. (Oddly, saying "unknown group".)
And even for the 15 that EVP_EC_gen() accepts, several (B-163, K-163,
P-192) can't be used for signing certificates and requests. (Says
"Curve X-yyy cannot be used for signing".)
Is there an easy way to get a list of FIPS-140 approved curves that can
be used for signing certificates and requests, or do you have to try
each one and see if it works?
OpenSSL 3.0.10.
--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231104/731e975a/attachment.htm>
More information about the openssl-users
mailing list