libcrypto.a and FIPs module in OpenSSL 3.0
matt at openssl.org
Fri Mar 26 11:01:35 UTC 2021
On 26/03/2021 10:47, Bala Duvvuri via openssl-users wrote:
> Hi All,
> We build the "crypto" code in OpenSSL to generate "libcrypto.a" for MIPs platform.
> Our application links statically with "libcrypto.a" and uses the OpenSSL crypto API's accordingly.
> With this compilation model, will it be feasible to integrate with the FIPs object module in OpenSSL 3.0?
> How can we load the FIPS provider in our application?
> (I have gone through the section about the FIPs module installation in https://wiki.openssl.org/index.php/OpenSSL_3.0#Platforms)
> Any insight will be helpful to me.
It is still possible to use the 3.0 FIPS module even if you use static
linking to link to libcrypto. However the FIPS module itself is always a
dynamically loaded shared object (i.e. a .so file).
So, you statically link your application to libcrypto.a. When needed
(either as a result of config, or an explicit call to
OSSL_PROVIDER_load()), then the FIPS module fips.so file will be
dynamically loaded at runtime by libcrypto. How libcrypto is linked to
the application does not impact its ability to dynamically load the FIPS
module at runtime.
More information about the openssl-users