Replies: 2 comments 2 replies
-
|
Beta Was this translation helpful? Give feedback.
2 replies
-
Multiple providers can be loaded, so your algorithms could be fetched from any of these providers.. (Which is why FIPS_mode() was removed, since it makes no sense anymore). The best you can do is load the fips provider, make sure it is loaded (available) and then fetch using |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi there!
I was wondering what the best way of determining whether or not a FIPS 140-* compatible provider has been loaded in OpenSSL 3+ is.
The proposed method that my team is looking at using is roughly as follows:
I don't know if this is honestly the proper way to confirm that a FIPS 140* provider has been loaded. It doesn't seem to work out of the box if I use this API without calling some of the explicit
OSSL_PROVIDER_load
family of APIs (or init functions that do similar).Can someone please help me understand what the correct way of determining this, outside of the
OSSL_PROVIDER*
family of APIs? I'm trying to find a method that would work with FIPS 140* compatible providers, which might not be provided by OpenSSL'sfips.so
module.Would using a "banned" algorithm, like MD5, while also omitting "fips=yes" in the properties parameter be the answer, by chance, e.g.,
Thanks so much!
PS We tried using
EVP_default_properties_is_fips_enabled()
, but that's checking to make sure that the "fips=yes" property was set in the config file or programmatically as opposed to confirming that a FIPS 140* compatible provider is usable, right? If so, what is the benefit of using these APIs, in lieu of just using other EVP* APIs? In 1.0.2,FIPS_mode()
provided a cut and dry way of determining whether or not FIPS 140* compatible algorithms were usable. I'm trying to find a way to determine whether or not FIPS 140* is allowed, similar to 1.0.2'sFIPS_mode()
API.Beta Was this translation helpful? Give feedback.
All reactions