FIPS mode and ECDSA explicit curves

Felipe Gasper felipe at
Wed Jul 27 17:41:15 UTC 2022


What is the best way to test whether a given OpenSSL build supports explicit ECDSA curves?

Specifically, I’d like to know whether the OpenSSL in question will fail the test at line 106 of providers/common/securitycheck.c:

        if (nid == NID_undef) {
            ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_CURVE,
                           "Explicit curves are not allowed in fips mode");
            return 0;

Thank you!

-Felipe Gasper

More information about the openssl-users mailing list