Re: Fips provider and non-Fips context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The FIPS provider looks up any required algorithms internally, so it won't find provider A's implementation.

This was a deliberate decision to guarantee FIPS compliance and to avoid the intricacies of the mandated secure channel when data crosses FIPS boundaries.


Pauli

On 17/4/23 10:06, Afshin Pir wrote:

Hi,

 

Is it allowed to use a non-fips provider algorithm as fips algorithm provider internal algorithm? For example, let’s say that I want to use Fips version of CMAC like this:

EVP_MAC *mac = EVP_MAC_fetch(libctx, "CMAC", "fips=yes");

and libctx has already loaded provider fips and provider A. Now if I want to init it, I use a code like this:

 

char ciphername[] = "HW-AES-128-CBC";

char propname[] ="?provider=A";

OSSL_PARAM params[3];

params[0] = OSSL_PARAM_construct_utf8_string("cipher", ciphername, 0);

params[1] = OSSL_PARAM_construct_utf8_string("properties", propname, 0);

params[2] = OSSL_PARAM_construct_end();

 

EVP_MAC_CTX *ctx = EVP_MAC_CTX_new(mac);

Int res = EVP_MAC_init(ctx, (const unsigned char *)key, strlen(key), params);

 

Now should EVP_MAC_init() succeed here or not for fips provider algorithm? Because it seems that I cannot use provider A with fips provider while I can with default provider.

 

Best Regards,

Afshin


This email is confidential and may contain information subject to legal privilege. If you are not the intended recipient please advise us of our error by return e-mail then delete this email and any attached files. You may not copy, disclose or use the contents in any way. The views expressed in this email may not be those of Gallagher Group Ltd or subsidiary companies thereof.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux