OpenSSL 3.0 FIPS questions
Dr Paul Dale
pauli at openssl.org
Sun Oct 24 23:12:18 UTC 2021
The configuration shouldn't have much impact. You will need a fips
section specifying where the integrity check data are. You shouldn't
need base or default sections.
Pauli
On 25/10/21 5:23 am, Jason Schultz wrote:
> Thank you for your response. I think all of that makes sense, and
> seems to accomplish what I want programmatically, limiting it to my
> application. I guess the only question I have is what about the config
> files? Should they remain as they were installed, or do I need to
> provide sections for fips, base, default, etc?
>
> Regards,
>
> Jason
>
>
> ------------------------------------------------------------------------
> *From:* openssl-users <openssl-users-bounces at openssl.org> on behalf of
> Dr Paul Dale <pauli at openssl.org>
> *Sent:* Sunday, October 24, 2021 12:28 AM
> *To:* openssl-users at openssl.org <openssl-users at openssl.org>
> *Subject:* Re: OpenSSL 3.0 FIPS questions
> Oops, the second time this occurs "defp =
> OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp =
> OSSL_PROVIDER_load(NULL, "default");"
>
>
> Pauli
>
> On 24/10/21 10:06 am, Dr Paul Dale wrote:
>> defp = OSSL_PROVIDER_load(non_fips_libctx, "default");
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211025/f386574f/attachment.html>
More information about the openssl-users
mailing list