Reference Guide
22 Chapter 3: Resource Management
RSA BSAFE Crypto-C Micro Edition 3.x to 4.1.4 Migration Guide
ret = R_LIB_CTX_add_provider(lib_ctx, fips);
if (R_ERROR_NONE != ret)
goto end;
/* Perform cryptographic operations */
end:
R_PROV_free(fips);
R_LIB_CTX_free(lib_ctx);
R_STATE_cleanup();
return 0;
}
The following table lists the entities for setting equivalent FIPS 140-2 modes for
Crypto-C ME 3.x and Crypto-C ME 4.1.4.
Note: Elliptic curve cryptography (ECC) modes are now included as part of
the
R_MODE_FILTER_FIPS140 and R_MODE_FILTER_FIPS140_SSL
filters.
The
R_FIPS_* functions from Crypto-C ME 3.x were removed because the
functionality is now in the FIPS 140-2 provider and as a result of a global variable
cleanup. For more information about equivalent functionality for these functions, see
the RSA BSAFE Crypto-C Micro Edition Developers Guide.
PKCS #11 Provider
The PKCS #11 provider allows hardware devices that support the PKCS #11
interfaces to be used in conjunction with Crypto-C ME.
The functionality of a PKCS #11 driver is contained in an instance of a PKCS #11
provider object. If multiple PKCS #11 drivers are required, multiple instances of the
PKCS #11 provider can be created.
Table 5 FIPS 140-2 Modes
Crypto-C ME 3.x Crypto-C ME 4.1.4
PRODUCT_FIPS140_MODE_RESOURCE_LIST
PRODUCT_FIPS140_ECC_MODE_RESOURCE_LIST
R_LIB_CTX_set_mode(ctx,
&R_MODE_FILTER_FIPS140)
PRODUCT_FIPS140_SSL_MODE_RESOURCE_LIST
PRODUCT_FIPS140_SSL_ECC_MODE_RESOURCE
_LIST
R_LIB_CTX_set_mode(ctx,
&R_MODE_FILTER_FIPS140_SSL)
PRODUCT_NON_FIPS_140_MODE_RESOURCE_LIST
Default mode
R_LIB_CTX_set_mode(ctx, NULL);