Re: OpenSSL 3.0 FIPS questions

Dr Paul Dale <pauli@xxxxxxxxxxx> · Mon, 25 Oct 2021 09:12:18 +1000



    The configuration shouldn't have much impact.  You will need a fips
    section specifying where the integrity check data are.  You
    shouldn't need base or default sections.

    
    Pauli

    
    On 25/10/21 5:23 am, Jason Schultz
      wrote:

    
        Thank you for your
        response. I think all of that makes sense, and seems to
        accomplish what I want programmatically, limiting it to my
        application. I guess the only question I have is what about the
        config files? Should they remain as they were installed, or do I
        need to provide sections for fips, base, default, etc?
      
        
        Regards,
      
        
        Jason
      
        
        From:
            openssl-users <openssl-users-bounces@xxxxxxxxxxx> on
            behalf of Dr Paul Dale <pauli@xxxxxxxxxxx>

            Sent: Sunday, October 24, 2021 12:28 AM

            To: openssl-users@xxxxxxxxxxx
            <openssl-users@xxxxxxxxxxx>

            Subject: Re: OpenSSL 3.0 FIPS questions
           
        
        Oops, the second time this occurs "defp
            = OSSL_PROVIDER_load(non_fips_libctx,
            "default");" it should be "defp
            = OSSL_PROVIDER_load(NULL, "default");"

          
          Pauli

          
          On 24/10/21 10:06 am, Dr Paul
            Dale wrote:

          
          defp =
              OSSL_PROVIDER_load(non_fips_libctx,
              "default");