OpenSSL 3.0.0 FIPS compatible ECDH-KAS
Kory Hamzeh
kory at avatarci.com
Wed Sep 22 17:44:30 UTC 2021
I have an OpenSSL app which performs ECDH-KAS using openssl-1.0.1g + openssl-fips-2.0.5. It needs to be FIPS compatible. The app was written using the low level ECDH functions similar to what is documented here:
https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman#Using_the_Low_Level_APIs
According to the OpenSSL 3.0.0 Wiki, I MUST rewrite my code to use the high level EVP functions if I want FIPS compatibility. If so, I was going to follow the EVP example at the top of the same URL above.
However, I can use some help. Using the EVP example on that page, when and which methods do I need to fetch? If I just add this at the top:
EVP_set_default_properties(NULL, "fips=yes”);
will that be enough?
Thanks,
Kory
More information about the openssl-users
mailing list