FIPS and default vs base providers

Thomas Dwyer III thomas.dwyer at
Tue Apr 4 20:10:32 UTC 2023

I understand that the base provider is intended to be used in 
conjunction with the FIPS provider. I'm trying to understand what 
functionality the base provider offers, if any, if the default provider 
is already loaded & active. Our application always loads both the 
default and fips providers via configuration files. When we require FIPS 
compliance we set "fips=yes" via EVP_default_properties_enable_fips(). 
Is the base provider completely redundant in this scenario?

My read of the documentation (OSSL_PROVIDER-default and 
OSSL_PROVIDER-base) as well as the,, and source files leads me to believe it is not necessary to load 
the base provider if the default provider is already loaded. I just want 
to confirm that I understand this correctly.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list