RE: Static OpenSSL 3 library with FIPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Thanks for the info.

You mean both libssl.a and libcrypto.a static, and then dynamically loaded fips.so, correct? Unfortunately that gets away from the single-binary-executable model and so is a somewhat major change.


-----Original Message-----
From: Matt Caswell <matt@xxxxxxxxxxx>
Subject: [EXTERNAL] Re: Static OpenSSL 3 library with FIPS
Date: Fri, 25 Mar 2022 20:22:02 +0000


On 25/03/2022 18:33, Paul Spencer wrote:
Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support?

This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and 
special linking in the Makefile). However, with SSL3, if I go

Configure no-module enable-fips

then it silently disables FIPS. Is there any way to do this?


You can have a static libcrypto (.a) with a dynamically loaded FIPS 
module (i.e. using fips.so).

Configure no-shared enable-fips

You cannot have a statically linked FIPS module. It was a day 1 design 
decision that we would no longer support this.

Matt
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux