[openssl-users] FIPS mode: Need to use FIPS versions of (EVP) methods ?
Dr. Stephen Henson
steve at openssl.org
Tue Aug 2 23:30:59 UTC 2016
On Tue, Aug 02, 2016, jonetsu wrote:
> FIPS: Need to use FIPS versions of (EVP) methods ?
> In FIPS mode, is there a need to use the FIPS_* methods instead of the
> regular ones once FIPS_mode_set(1) was successfully executed ? For
> instance, is there a need to use FIPS_evp_sha1() instead of EVP_sha1()
> ? Wouldn't the FIPS version of EVP_sha1() be used automatically when
> in FIPS mode ?
The FIPS implementation of sha1 is automatically used in FIPS mode yes. You
shouldn't use FIPS_evp_sha1() etc.
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
More information about the openssl-users