On 26/03/2021 10:47, Bala Duvvuri via openssl-users wrote:
Hi All, We build the "crypto" code in OpenSSL to generate "libcrypto.a" for MIPs platform. Our application links statically with "libcrypto.a" and uses the OpenSSL crypto API's accordingly. With this compilation model, will it be feasible to integrate with the FIPs object module in OpenSSL 3.0? How can we load the FIPS provider in our application? (I have gone through the section about the FIPs module installation in https://wiki.openssl.org/index.php/OpenSSL_3.0#Platforms) Any insight will be helpful to me.
It is still possible to use the 3.0 FIPS module even if you use static linking to link to libcrypto. However the FIPS module itself is always a dynamically loaded shared object (i.e. a .so file).
So, you statically link your application to libcrypto.a. When needed (either as a result of config, or an explicit call to OSSL_PROVIDER_load()), then the FIPS module fips.so file will be dynamically loaded at runtime by libcrypto. How libcrypto is linked to the application does not impact its ability to dynamically load the FIPS module at runtime.
Matt
