Doubts between libfips.a and fips.so in openssl3.0
Matt Caswell
matt at openssl.org
Thu Jan 2 09:57:52 UTC 2020
On 02/01/2020 04:11, Manish Patidar wrote:
> Hi
>
> What is the difference in libfips.a and fips.so.?
> Selftest.c and fipsprov.c is extra in fips.so library compilation. Does
> it mean that it just add provider entry function and self test, which is
> required for fips certification.?
libfips.a is just an internal build artifact. The actual module itself
is fips.so.
> Once openssl3.0 is fips certified, can we use libfips.a directly ?
No. Applications will use libcrypto/libssl, and OpenSSL will internally
load fips.so as required.
> My requirement is to use fips certified algorithm but environment may
> not have capability to load dynamic library, so just thinking how
> openssl3.0 should be used?
Unfortunately in the 3.0 design you *must* use dynamic libraries. Static
linking for fips usage will not be possible.
Matt
More information about the openssl-users
mailing list