Obtain module MAC for the FIPS module without using "openssl fipsinstall"
Warsier
787012293john at gmail.com
Fri Mar 29 06:24:09 UTC 2024
Hi all,
I am recently working on a C/C++ project that involves loading the
FIPS provider, and it seems that loading the cnf file with
OSSL_LIB_CTX_load_config() is required.
For a new fips.so, I need to run:
openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
to generate the fips.cnf, or more specifically, the module-mac before
I can use it.
Does OpenSSL3 provide any API that can generate the module-mac so that
I don't have to execute "openssl fipsinstall" from within a C++
program? Or is there a way to totally avoid using the cnf file, since
all I need is just the default configuration?
I am pretty new to the OpenSSL3 repo so any help would really be appreciated.
Warsier
More information about the openssl-users
mailing list