[openssl-users] FIPS: using libcrypto.so ?

jonetsu jonetsu at teksavvy.com
Wed Aug 3 14:27:16 UTC 2016


Thanks for the explanation.

> Just link against the library produced by the FIPS capable
> OpenSSL build.  If, for some reason, that only produced
> libcrypto.a, then you need to investigate why — perhaps you
> passed “no-shared” when running the config script?

The confusion came from trying to use methods such as FIPS_evp_sha1,
FIPS_evp_sha224, FIPS_evp_sha256.  As Steve replied yesterday, these should
not be used (is there any case in which they would ?) as the EVP_sha*
methods will automatically use the FIPS enabled ones when FIPS mode is
active.

For instance doing an 'objdump -T' on libcrypto.so.1.0.0 will show some
FIPS* methods, but not the sha* for instance.  Which now I see is a normal
thing since they are not to be used.

Thanks.




--
View this message in context: http://openssl.6102.n7.nabble.com/FIPS-using-libcrypto-so-tp67694p67705.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.


More information about the openssl-users mailing list