Is there any fips flag that I can set while compiling OpenSSL 1.0.1.c so that any usage of low level APIs will result in a compilation error?
On Wed, Mar 6, 2013 at 8:47 PM, Dr. Stephen Henson <st...@openssl.org>wrote: > On Wed, Mar 06, 2013, Taraniteja Vishwanatha wrote: > > > So any of the API s like AES_cbc_encrypt, SHA1, PKCS5_PBKDF2_HMAC_SHA1, > > RSA_private_decrypt etc will not work in FIPS mode? > > I am using many low level API s like these in our crypto module. Now if I > > change my libcrypto to "FIPS capable" libcrypto, do I have to change al > > these API s to EVP? > > > > Should've been a bit clearer. You have to use EVP for ciphers and digests, > so AES_*, SHA1_* and SHA2* etc calls will fail. > > RSA_private_decrypt is fine and PKCS5_PBKDF2_HMAC_SHA1 uses EVP internally > so > that is OK too. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
