[openssl-project] OpenSSL 3.0 and FIPS Update

Dmitry Belyavsky beldmit at gmail.com
Thu Feb 21 15:02:38 UTC 2019


Dear Matt



On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell <matt at openssl.org> wrote:

> Please see my blog post for an OpenSSL 3.0 and FIPS Update:
>
> https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/


After reading the proposed architecture description, I have some questions
that are very important for the developers of non-US certified
openssl-based products.

1. Will it still be available to implement custom RAND_methods via the new
providers API?
2. Can we do something with a bunch of hard-linked non-extendable lists of
internal NIDs?
For example, providing GOST algorithms always requires a patch to extend
3-5 internal lists.
If it could be done dynamically, it will be great.
3. Do you have plans to make some callback structures created by providers?
I mean such structures as SSL key exchange/authentication methods, X.509
extensions etc.

Thank you very much!

-- 
SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190221/54df1832/attachment.html>


More information about the openssl-users mailing list