Will SQLCipher utilize the FIPS support in OpenSSL 3.0 if the FIPS provider has been loaded and is the default OpenSSL provider?
I have built OpenSSL to use the FIPS provider and can tell it is being used when calling OpenSSL crypto apis directly. I just can’t tell if SQLCipher is using it or using Android native apis instead.
I noticed there is an SQLCipher build flag - SQLCIPHER_FIPS - but it appears to be specific for OpenSSL 1.1.0 FIPS support.
Hello @jmm09312 - SQLCipher community edition doesn’t include FIPS support. You should be able to build against OpenSSL 3.0 from source if you so desire. We also offer some turnkey FIPS options under the SQLCipher Enterprise Program.
Hi sjlombardo, Hope you don’t mind a follow up question. Is there anything preventing SQLCipher from using OpenSSL with FIPS support?
The reason I ask is that I have modified the SQLCipher build to build OpenSSL with FIPS support. Since FIPS is now a “provider” it is loaded by OpenSSL itself via a config file. So calls to OpenSSL will default to calling the FIPS provider (in this situation). I have validated that calls to OpenSSL directly from the app are using the FIPS provider, but I have not confirmed that SQLCipher is yet. I have assumed it would since SQLCipher is calling OpenSSL without knowledge if FIPS is the provider or not.
Anyways, thought I would ask. Thanks.