OpenSSL 3.0 FIPS questions

Dr Paul Dale pauli at openssl.org
Sun Oct 24 23:12:18 UTC 2021


The configuration shouldn't have much impact.  You will need a fips 
section specifying where the integrity check data are.  You shouldn't 
need base or default sections.


Pauli

On 25/10/21 5:23 am, Jason Schultz wrote:
> Thank you for your response. I think all of that makes sense, and 
> seems to accomplish what I want programmatically, limiting it to my 
> application. I guess the only question I have is what about the config 
> files? Should they remain as they were installed, or do I need to 
> provide sections for fips, base, default, etc?
>
> Regards,
>
> Jason
>
>
> ------------------------------------------------------------------------
> *From:* openssl-users <openssl-users-bounces at openssl.org> on behalf of 
> Dr Paul Dale <pauli at openssl.org>
> *Sent:* Sunday, October 24, 2021 12:28 AM
> *To:* openssl-users at openssl.org <openssl-users at openssl.org>
> *Subject:* Re: OpenSSL 3.0 FIPS questions
> Oops, the second time this occurs "defp = 
> OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp = 
> OSSL_PROVIDER_load(NULL, "default");"
>
>
> Pauli
>
> On 24/10/21 10:06 am, Dr Paul Dale wrote:
>> defp = OSSL_PROVIDER_load(non_fips_libctx, "default");
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211025/f386574f/attachment.html>


More information about the openssl-users mailing list