Using openSSL 3.0.9 with fips (3.0.8)

Tathagata Chakraborty contact.tatha at gmail.com
Fri Jun 23 11:39:35 UTC 2023


Awesome, thanks for the info!
Thanks,
Tathagata Chakraborty
Mo: 9884869684


On Fri, Jun 23, 2023 at 12:59 PM Tomas Mraz <tomas at openssl.org> wrote:

> On Thu, 2023-06-22 at 16:53 +0530, Tathagata Chakraborty wrote:
> > Hi,
> >
> > I am planning to use openssl 3.0.9 as a static lib and use the Fips
> > provider from Openssl 3.0.8 with that.
>
> Hi,
>
> that should work just fine.
>
> > > > While building the 3.0.9 statically, do I need to use the enable-
> > > > fips flag?
>
> No, that is not necessary. Missing enable-fips just disables the build
> of the fips provider but otherwise it does not change anything in the
> libcrypto and libssl.
>
> > > > If I do use the enable fips flag in the build of 3.0.9, then do I
> > > > need to use the legacy.dylib (base provider) that is produced in
> > > > the build?. Note my project code will be linked using the static
> > > > libs (libcrypto.a and libssl.a) and my code also uses things that
> > > > are not provided by the fips module.
>
> The legacy.dylib is the legacy provider. That is needed only if you are
> using legacy crypto algorithms that are inside this provider. It has to
> be explictly loaded by API call or configuration, otherwise it is
> unused.
>
> --
> Tomáš Mráz, OpenSSL
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230623/1127e74f/attachment.htm>


More information about the openssl-users mailing list