Matt Caswell
Matt Caswell
Do you have some certs that demonstrate this issue?
Hmmm. I'm not sure why this would be considered a problem. The strings *are* different so why does it matter that one is PRINTABLESTRING and one is UTF8STRING?
There is a minor bug here although it is not quite as you might expect. The calls to `BN_rand_range` in your code above are actually failing (returning with a 0...
Looks like the same problem also affects master/3.0. Marking this as help wanted/good first issue.
I assume you are talking about OpenSSL 3.0 (as opposed to the old FIPS module). > Do we have any utility to let the user know whether the running application...
I'm unclear what you mean by a "utility". If you are looking for an API from within the application itself so that it can determine whether it is running in...
> Assuming this property is enforced, does it ensure the application would be FIPS-compliant? No. It checks whether the specified libctx has the default "fips=yes" property set. By default that...
Resolving the PKCS7/CMS mess would fantastic to sort out. Deprecating the PKCS7 API seems like the right way to go. (and yes this has to be 4.0)
OpenSSL does have some support for cross-compilation through the cross-compile-prefix option. So you are likely to want a Configure command something like this: ```` perl Configure --cross-compile-prefix=arm-none-eabi- my-target ```` This...
There was an error in the CLA database which meant the "hold: cla required" flag hadn't been removed automatically. Fixed now.