Doubts between libfips.a and in openssl3.0

Matt Caswell matt at
Thu Jan 2 09:57:52 UTC 2020

On 02/01/2020 04:11, Manish Patidar wrote:
> Hi
> What is the difference in libfips.a and 
> Selftest.c and fipsprov.c is extra in library compilation.  Does
> it mean that it just add provider entry function and self test, which is
> required for fips certification.? 

libfips.a is just an internal build artifact. The actual module itself

> Once openssl3.0 is fips certified,  can we use libfips.a directly ? 

No. Applications will use libcrypto/libssl, and OpenSSL will internally
load as required.
> My requirement is to use fips certified algorithm but environment may
> not have capability to load dynamic library, so just thinking how
> openssl3.0 should be used?

Unfortunately in the 3.0 design you *must* use dynamic libraries. Static
linking for fips usage will not be possible.


More information about the openssl-users mailing list