PKCS12 APIs with fips 3.0

Zeke Evans Zeke.Evans at
Mon Jan 25 16:53:24 UTC 2021


Many of the PKCS12 APIs (ie: PKCS12_create, PKCS12_parse, PKCS12_verify_mac) do not work in OpenSSL 3.0 when using the fips provider.  It looks like that is because they try to load PKCS12KDF which is not implemented in the fips provider.  These were all working in 1.0.2 with the fips 2.0 module.  Will they be supported in 3.0 with fips?  If not, is there a way for applications running in fips approved mode to support the same functionality and use existing stores/files that contain PKCS12 objects?

Zeke Evans
Micro Focus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list