Hello,
I have (may be stupid) a query as below.
Is there any difference in OpenSSL API output in FIPS vs no-FIPS? Or more precisely if consumer application has no conditional code paths for FIPS /no FIPS. No change in application in FIPS mode vs No Fips except calling FIPS_mode_set with 0 or 1 (may be depending on user i/p). It is always using same set of Openssl APIs/Algos in both modes i.e. Fips or no FIPS.
Is it necessary to test an application twice i.e. with FIPS mode set and not set?
Will it be safe to assume if such an application is working with FIPS enable then it will work in no-FIPS? Note here i am not concerned about the strength of the key etc..
Thanks in advance.
Thanks and regards,
Guruprasad B. Raorane.