On 21/02/2019 15:02, Dmitry Belyavsky wrote: > Dear Matt > > > > On Wed, Feb 13, 2019 at 9:30 PM Matt Caswell <matt@xxxxxxxxxxx > <mailto:matt@xxxxxxxxxxx>> wrote: > > Please see my blog post for an OpenSSL 3.0 and FIPS Update: > > https://www.openssl.org/blog/blog/2019/02/13/FIPS-update/ > > > After reading the proposed architecture description, I have some questions that > are very important for the developers of non-US certified openssl-based products. Hi Dmitry, Answers inserted. > > 1. Will it still be available to implement custom RAND_methods via the new > providers API? Yes, I expect this to be possible. > 2. Can we do something with a bunch of hard-linked non-extendable lists of > internal NIDs? > For example, providing GOST algorithms always requires a patch to extend 3-5 > internal lists. > If it could be done dynamically, it will be great. That's not currently something we've considered, but I agree it would be great to fix that. Perhaps you could create a github issue identifying the specific areas we should be looking at and then we can take a look at the feasibility of fixing it. > 3. Do you have plans to make some callback structures created by providers? > I mean such structures as SSL key exchange/authentication methods, X.509 > extensions etc. There aren't any plans to do that at the moment. There's nothing in the provider design that would prevent us from doing so at some point in the future. Matt