FIPS and default vs base providers

Dr Paul Dale pauli at
Tue Apr 4 23:04:05 UTC 2023


Confirming that the base provider is completely redundant in your scenario.
Everything in the base provider is also in the default provider.

Paul Dale

On 5/4/23 06:10, Thomas Dwyer III wrote:
> I understand that the base provider is intended to be used in 
> conjunction with the FIPS provider. I'm trying to understand what 
> functionality the base provider offers, if any, if the default 
> provider is already loaded & active. Our application always loads both 
> the default and fips providers via configuration files. When we 
> require FIPS compliance we set "fips=yes" via 
> EVP_default_properties_enable_fips(). Is the base provider completely 
> redundant in this scenario?
> My read of the documentation (OSSL_PROVIDER-default and 
> OSSL_PROVIDER-base) as well as the,, and 
> source files leads me to believe it is not necessary to 
> load the base provider if the default provider is already loaded. I 
> just want to confirm that I understand this correctly.
> Thanks,
> Tom.III

More information about the openssl-users mailing list