Static OpenSSL 3 library with FIPS
Paul Spencer
pspence at us.ibm.com
Fri Mar 25 20:59:33 UTC 2022
Thanks for the info.
You mean both libssl.a and libcrypto.a static, and then dynamically loaded fips.so, correct? Unfortunately that gets away from the single-binary-executable model and so is a somewhat major change.
-----Original Message-----
From: Matt Caswell <matt at openssl.org<mailto:Matt%20Caswell%20%3cmatt at openssl.org%3e>>
To: openssl-users at openssl.org<mailto:openssl-users at openssl.org>
Subject: [EXTERNAL] Re: Static OpenSSL 3 library with FIPS
Date: Fri, 25 Mar 2022 20:22:02 +0000
On 25/03/2022 18:33, Paul Spencer wrote:
Q: Is it possible to have a static (.a) OpenSSL 3 library with FIPS support?
This was possible with OpenSSL 1.0.2 and the FIPS 2.0.x module (and
special linking in the Makefile). However, with SSL3, if I go
Configure no-module enable-fips
then it silently disables FIPS. Is there any way to do this?
You can have a static libcrypto (.a) with a dynamically loaded FIPS
module (i.e. using fips.so).
Configure no-shared enable-fips
You cannot have a statically linked FIPS module. It was a day 1 design
decision that we would no longer support this.
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220325/52fd156d/attachment-0001.htm>
More information about the openssl-users
mailing list