OpenSSL 3.0
Salz, Rich
rsalz at akamai.com
Wed Feb 26 19:43:59 UTC 2020
The 3.0 release is a work in progress and is not done yet.
FIPS 3.0 === OpenSSL 3.0, using a FIPS-validated crypto provider which will be part of OpenSSL 3.0.
The architecture documents are at https://www.openssl.org/docs
On 2/26/20, 2:40 PM, "Sam Roberts" <vieuxtech at gmail.com> wrote:
On Wed, Feb 26, 2020 at 8:36 AM Salz, Rich <rsalz at akamai.com> wrote:
>
> > I'd like to give this a spin, to get an idea what's going to be
> involved in porting from FIPS2.0 to 3.0, any pointers on where to
> start?
>
> Per the blog post, "most applications should just need to be recompiled." :)
>
> Get the source via instructions here: https://www.openssl.org/source/
I want to build against ***FIPS3.0***. I don't find any routes to
FIPS3.0 in the above link.
We've already ported to openssl 1.1.1, so the non-FIPS APIs should be
fine when compiled against openssl-3.0 (the promise was API
compatible).
My expectations based on the blog posts and arch/design docs is the
FIPS3.0 will be an OpenSSL 3.0 provider, and I am guessing it will be
necessary, somehow?, to tell OpenSSL which provider to use, either
programmatically or via openssl.cfg?
Or maybe I'm off track, and its a configure mode, and the provider
will be hard-coded in if openssl-3.0 is built with FIPS? But again,
how to do that?
I've spent some time poking around in the source and git logs, and
(again, could have missed it), I didn't see any FIPS specific doc
changes or hints as what to do for FIPS3.0, and it wasn't clear where
to start.
Sam
More information about the openssl-users
mailing list