[openssl-users] FIPS: using libcrypto.so ?
jonetsu at teksavvy.com
Wed Aug 3 14:27:16 UTC 2016
Thanks for the explanation.
> Just link against the library produced by the FIPS capable
> OpenSSL build. If, for some reason, that only produced
> libcrypto.a, then you need to investigate why — perhaps you
> passed “no-shared” when running the config script?
The confusion came from trying to use methods such as FIPS_evp_sha1,
FIPS_evp_sha224, FIPS_evp_sha256. As Steve replied yesterday, these should
not be used (is there any case in which they would ?) as the EVP_sha*
methods will automatically use the FIPS enabled ones when FIPS mode is
For instance doing an 'objdump -T' on libcrypto.so.1.0.0 will show some
FIPS* methods, but not the sha* for instance. Which now I see is a normal
thing since they are not to be used.
View this message in context: http://openssl.6102.n7.nabble.com/FIPS-using-libcrypto-so-tp67694p67705.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
More information about the openssl-users