Hi All,
I have a few questions regarding fips provider, I'm aware of the answers for some of them but still would like to confirm.
1) Is there a way to static link FIPS? I see at many places that fips cannot be statically linked but would like to know if we have any other ways to do that.
2) If it is dynamic linking then does FIPS has any integrity check to make sure fips.so/fips.dll is the right one? and not some thing tampered by some body(as per my findings we have some check in configuration file as mentioned in the below attached snapshot 3rd line)
3) can both legacy and fips providers be loaded and used?
4) Is it possible If i have built openssl with no-module configure option (to statically link legacy provider) and also wanted to
use openssl-3.0.8 built fips module here? If yes then in what way can it be done?
5) Is it possible to load multiple providers like default, leacy and also fips programmatically using OSSL_PROVIDER_load function ?
6) When multiple providers like for ex: FIPS and default provider are enabled and when an encryption function is called, then algorithm from which provider is picked(from my findings it can use any of the loaded provider implementations )? assumption that we have not used property query string during algorithm fetches to specify which implementation to be used.
