openssl 3.0 fips provider and low level APIs
Tomas Mraz
tomas at openssl.org
Tue May 3 16:08:00 UTC 2022
All the providers can use the low-level APIs internally to implement
crypto algorithms. The FIPS provider however includes all the low level
implementations as a separately built and statically linked code.
That means you cannot use the low-level calls in an application and
still be FIPS compliant as the low-level API calls called from an
application are implemented by the libcrypto library and not the FIPS
provider.
Tomas Mraz, OpenSSL
On Tue, 2022-05-03 at 10:12 -0500, Joy Latten wrote:
> Hi,
> I understand that low-level APIs have been deprecated in version 3. I
> have been playing some with the fips provider trying to understand
> the config options to use with it. I noticed that the fips provider
> source code includes a few low level APIs like SHA256_Init().
> Is it correct to conclude that although use of the low level APIs are
> deprecated, perhaps for a grace period for transitioning they are
> permitted in the fips provider?
>
> Thanks for all help!
> regards,
> Joy
>
>
--
Tomáš Mráz, OpenSSL
More information about the openssl-users
mailing list