FIPS Client on Windows for 3.X

Bob Wilmes bobwilmes at gmail.com
Wed Aug 23 01:29:05 UTC 2023


Did you set the OPENSSL_FIPS environment variable to point to the FIPS dll ?

Sent from my iPhone

> On Aug 22, 2023, at 7:46 PM, Robert Brown via openssl-users <openssl-users at openssl.org> wrote:
> 
> 
> Hi,
> 
> I'm working on a Windows Program that utilizes the OpenSSL libraries and DLLs. I'm looking to enable FIPS in some cases (where it is required by the user). Currently, I'm looking at restarting the program when the FIPS mode is changed and changing the loaded provider.
> 
> I've compiled and installed OpenSSL 3.1 with the enable-fips option, run the fips install, generated the .cnf file, and copied the FIPS module along with the .cnf to my program I'm following the code provided at https://wiki.openssl.org/index.php/OpenSSL_3.0 under the Programmatically loading the FIPS module (default library context) heading. I'm not able to load the FIPS module, the provider value is null.
> 
> Is there anything I'm missing here or pointers to reference material folks can provide me?
> 
> As a side not I'm wondering if anyone has tips for running the fips-install command on each client as it seems we can't copy config files between machines.
> 
> Thanks,
> 
> Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230822/628103bd/attachment-0001.htm>


More information about the openssl-users mailing list