On 02/01/2020 04:11, Manish Patidar wrote: > Hi > > What is the difference in libfips.a and fips.so.? > Selftest.c and fipsprov.c is extra in fips.so library compilation. Does > it mean that it just add provider entry function and self test, which is > required for fips certification.? libfips.a is just an internal build artifact. The actual module itself is fips.so. > Once openssl3.0 is fips certified, can we use libfips.a directly ? No. Applications will use libcrypto/libssl, and OpenSSL will internally load fips.so as required. > My requirement is to use fips certified algorithm but environment may > not have capability to load dynamic library, so just thinking how > openssl3.0 should be used? Unfortunately in the 3.0 design you *must* use dynamic libraries. Static linking for fips usage will not be possible. Matt
