So any of the API s like AES_cbc_encrypt, SHA1, PKCS5_PBKDF2_HMAC_SHA1, RSA_private_decrypt etc will not work in FIPS mode? I am using many low level API s like these in our crypto module. Now if I change my libcrypto to "FIPS capable" libcrypto, do I have to change al these API s to EVP?
Tarani On Wed, Mar 6, 2013 at 8:48 AM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Wed, Mar 06, 2013, Rahul Godbole wrote: > > > > > I get this error with FIPS mode set > > > > Low level API call to digest SHA1 forbidden in FIPS mode > > > > I have a bunch of OpenSSL APIs being called. Can someone tell me what > APIs > > are classified as low level APIs that are forbidden in FIPS mode? > > > > You have to use EVP in FIPS mode. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
