Usage of OQS-Provider in openSSL 3.0

[stfries]

Hi,

hope it is not a silly question.
The oqs-provider is available in openSSL 3.2. For some use cases we still utilize openSSL 3.0 and I was wondering if there are problems known when using the oqs-provider together with openSSL 3.0. Right from the top of my head I don't see changes in the provider interface from version 3.0 to 3.2 but the readme mentions that there were some glitches addressed for CMS. We are targeting CMS signing, hence the question.

Appreciate any hint.

Bets regards
Steffen

[baentsch]

hope it is not a silly question.

No, but a relevant one. The answer is documented, though: https://github.com/open-quantum-safe/oqs-provider#3031

Right from the top of my head I don't see changes in the provider interface from version 3.0 to 3.2 but the readme mentions that there were some glitches addressed for CMS. We are targeting CMS signing, hence the question.

The APIs didn't change, oqsprovider didn't change, but there were OpenSSL flaws fixed that didn't get backported to 3.0. Hence we also do not test CMS in downlevel OpenSSL versions:

oqs-provider/scripts/oqsprovider-cmssign.sh

Lines 50 to 53 in eb80076

	if [[ "$openssl_version" == "OpenSSL 3.0."* ]]; then
	echo "Skipping CMS test for OpenSSL 3.0: Support only starting with 3.2"
	exit 0
	fi

[stfries]

Thank you for the swift reply. It essentially means we need to do the back porting and related testing to ensure it works as intended.