FIPS Client on Windows for 3.X

Robert Brown c-rbrown at versa-networks.com
Wed Aug 23 00:45:14 UTC 2023


Hi,

I'm working on a Windows Program that utilizes the OpenSSL libraries and DLLs. I'm looking to enable FIPS in some cases (where it is required by the user). Currently, I'm looking at restarting the program when the FIPS mode is changed and changing the loaded provider.

I've compiled and installed OpenSSL 3.1 with the enable-fips option, run the fips install, generated the .cnf file, and copied the FIPS module along with the .cnf to my program I'm following the code provided at https://wiki.openssl.org/index.php/OpenSSL_3.0 under the Programmatically loading the FIPS module (default library context) heading. I'm not able to load the FIPS module, the provider value is null.

Is there anything I'm missing here or pointers to reference material folks can provide me?

As a side not I'm wondering if anyone has tips for running the fips-install command on each client as it seems we can't copy config files between machines.

Thanks,

Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230823/e627b483/attachment.htm>


More information about the openssl-users mailing list