OpenSSL 3.0.x + Python 3.9.x + Enable FIPS- Need help/inputs
Dr Paul Dale
pauli at openssl.org
Wed Mar 8 05:31:30 UTC 2023
> Are there any specific .h files where we can refer to this method that
> needs to be used ( ex: evp.h )?
#include "openssl/evp.h" should be enough to get the EVP APIs. You will
need other includes for other parts of OpenSSL but that covers EVP well
> still, are there any files that we can go through once before calling
> in the fips mode?
Turn on -Wdeprecated or equivalent in your compile and the low level
calls will be flagged. They should all be deprecated.
> One more doubt is How can we set fips enabled for the complete
> application (process/service) while running so that if we are using
> non-compliant algorithms/methods it should throw errors? Is it
> possible in OpenSSL 3.0.x?
The call you are looking for is:
I strongly suggest reading the documentation about the FIPS provider
<https://www.openssl.org/docs/man3.0/man7/fips_module.html> and the
the avoidance of low level calls and setting the default properties are
covered therein. There are a number of other nuances to trip over when
using the FIPS provider.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users