Re: Static OpenSSL 3 library with FIPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 25/03/2022 20:59, Paul Spencer wrote:

Thanks for the info.

You mean both libssl.a and libcrypto.a static, and then dynamically loaded fips.so, correct?

Yes.

Unfortunately that gets away from the single-binary-executable model and so is a somewhat major change.

Yes. As noted this was a deliberate day 1 design decision.

Matt



-----Original Message-----
*From*: Matt Caswell <matt@xxxxxxxxxxx <mailto:Matt%20Caswell%20%3cmatt@xxxxxxxxxxx%3e>>
*To*: openssl-users@xxxxxxxxxxx <mailto:openssl-users@xxxxxxxxxxx>
*Subject*: [EXTERNAL] Re: Static OpenSSL 3 library with FIPS
*Date*: Fri, 25 Mar 2022 20:22:02 +0000


On 25/03/2022 18:33, Paul Spencer wrote:

Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support?

This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and
special linking in the Makefile). However, with SSL3, if I go

Configure no-module enable-fips

then it silently disables FIPS. Is there any way to do this?


You can have a static libcrypto (.a) with a dynamically loaded FIPS

module (i.e. using fips.so).


Configure no-shared enable-fips


You cannot have a statically linked FIPS module. It was a day 1 design

decision that we would no longer support this.


Matt




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux