> 1> Can you please help to understand the differences in the FIPs algorithm implementation code vs default?
> Are there additional validations performed in FIPs code?
There are some additional validations, there are other differences. Grep
the source code for FIPS_MODULE to find all the code differences. There
are other differences. The FIPS provider offers a cut down selection of
algorithsm, look at providers/fips/fipsprov.c for these. The FIPS
provider also has to run power up selt tests, these are in the
> Can you point to any API (FIPs and non FIPs version) to make this clear?
One example is for AES XTS mode where the two keys are confirmed to be
Lines 54 - 63 of providers/implementations/ciphers/cipher_aes_xts.c.
There are plenty of others, grep for FIPS_MODULE.
> 2> In normal code, EVP_DigestFinal_ex->HASH_FINAL
> Which API is equivalent to HASH_FINAL in FIPs code? How can we navigate to the FIPs code path?
EVP_DisgestFinal_ex is the equivalent. The decision to use FIPS or not
is made when fetching the algorithm not when using it. In use FIPS and
non-FIPS algorithms are accessed identically.