OpenSSL FIPS modules and APIs compatibility

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/27/2016 05:33 PM, cloud force wrote:
> Hi everyone,
> 
> Does OpenSSL FIPS modules keep all the OpenSSL APIs intact?
> i.e. If we use the OpenSSL FIPS modules, we don't need to make any API
> invocation changes on our applications side (in addition to invoking the
> FIPS_mode_set API). Is that correct?

OpenSSL and the OpenSSL FIPS module (technically the "OpenSSL FIPS
Object Module v2.0") are separate and distinct software products. The
OpenSSL FIPS module doesn't replace OpenSSL.

The "FIPS capable" OpenSSL (OpenSSL built with the "fips" option in the
presence of the FIPS module) will behave just like stock OpenSSL until
the FIPS mode of operation is enabled. At that point many cryptographic
operations are automagically disabled; but that's not the same thing as
changing the API.

-Steve M.

-- 
Steve Marquess
OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux