[openssl-users] FIPS: using libcrypto.so ?

jonetsu jonetsu at teksavvy.com
Tue Aug 2 17:59:43 UTC 2016

The current FIPS User Guide mentions:

  "3.3 Creation of Shared Libraries
  The FIPS Object Module is not directly usable as a shared
  library, but it can be linked into an application that is a
  shared library. A “FIPS compatible” OpenSSL distribution will
  automatically incorporate an available FIPS Object Module into
  the libcrypto shared library when built using the fips
  option (see §4.2.3)."

Does the first sentence mean that there should be an intermediate, user
created, .so that itself uses libcrypto.a ?

What does the second part mean ?  The FOM will be included in the shared
library (assuming the libcrypto.so file) ?  If so, then why wouldn't it be
available directly ?  A clarification in perhaps simpler terms over what
seems to be an explanation in the User Guide would be much appreciated.

In practical terms, is it possible for an application to link against a
libcrypto.so that provides all needed FIPS symbols ?  If it's not, can you
give an example overview in which an application already using OpenSSL
(libcrypto.so) but now supporting FIPS, can still use libcrypto.so with full
FIPS support ?  Is the only answer to now have the application linked
against libcrypto.a ?

Thanks !

View this message in context: http://openssl.6102.n7.nabble.com/FIPS-using-libcrypto-so-tp67694.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list