On Wed, Mar 06, 2013, Taraniteja Vishwanatha wrote: > So any of the API s like AES_cbc_encrypt, SHA1, PKCS5_PBKDF2_HMAC_SHA1, > RSA_private_decrypt etc will not work in FIPS mode? > I am using many low level API s like these in our crypto module. Now if I > change my libcrypto to "FIPS capable" libcrypto, do I have to change al > these API s to EVP? >
Should've been a bit clearer. You have to use EVP for ciphers and digests, so AES_*, SHA1_* and SHA2* etc calls will fail. RSA_private_decrypt is fine and PKCS5_PBKDF2_HMAC_SHA1 uses EVP internally so that is OK too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
