FIPS and default vs base providers
Thomas Dwyer III
thomas.dwyer at oracle.com
Tue Apr 4 20:10:32 UTC 2023
I understand that the base provider is intended to be used in
conjunction with the FIPS provider. I'm trying to understand what
functionality the base provider offers, if any, if the default provider
is already loaded & active. Our application always loads both the
default and fips providers via configuration files. When we require FIPS
compliance we set "fips=yes" via EVP_default_properties_enable_fips().
Is the base provider completely redundant in this scenario?
My read of the documentation (OSSL_PROVIDER-default and
OSSL_PROVIDER-base) as well as the encoders.inc, decoders.inc, and
stores.inc source files leads me to believe it is not necessary to load
the base provider if the default provider is already loaded. I just want
to confirm that I understand this correctly.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users