FIPS and default properties

2020-07-30 Thread Thomas Dwyer III
I'm struggling to understand how EVP_default_properties_is_fips_enabled() works. I cannot get this function to return nonzero unless I first call either EVP_default_properties_enable_fips() or EVP_set_default_properties(), even when the config file sets default_properties to enable fips. Also, the

error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before - openssl 1.1.1 compilation

2020-07-30 Thread prudvi raj
Hi, During compilation of openssl 1.1.1g , i am seeing this error : openssl/crypto/ec/ecp_nistz256_table.c:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ecp_nistz256_precomputed’ options used : ./Configure no-threads no-dso no-shared no-zlib no-asm no-engine no-bf no-camelli

Re: alternative to deprecated ENGINE_* API for external engines for openssl-3.0.0

2020-07-30 Thread Matt Caswell
On 30/07/2020 16:06, Emeric Brun wrote: > Trying to compile my soft using openssl-3.0.0alpha5, I notice a lot of > warnings about deprecated ENGINE_* functions (since commit > 8dab4de53887639abc1152288fac76506beb87b3). > > Is-there any documentation on a new API/functions to handle exte

DTLS reconnect

2020-07-30 Thread Detlef Vollmann
Hello, section 4.2.8 "Establishing New Associations with Existing Parameters" of RFC 6347 () recommends ("SHOULD") that a new ClientHello from a client IP/port pair for which a session already exists initiates a new handshake. I tried to test su

alternative to deprecated ENGINE_* API for external engines for openssl-3.0.0

2020-07-30 Thread Emeric Brun
Trying to compile my soft using openssl-3.0.0alpha5, I notice a lot of warnings about deprecated ENGINE_* functions (since commit 8dab4de53887639abc1152288fac76506beb87b3). Is-there any documentation on a new API/functions to handle external crypto engines? R, Emeric