Using openSSL 3.0.9 with fips (3.0.8)
contact.tatha at gmail.com
Fri Jun 23 11:39:35 UTC 2023
Awesome, thanks for the info!
On Fri, Jun 23, 2023 at 12:59 PM Tomas Mraz <tomas at openssl.org> wrote:
> On Thu, 2023-06-22 at 16:53 +0530, Tathagata Chakraborty wrote:
> > Hi,
> > I am planning to use openssl 3.0.9 as a static lib and use the Fips
> > provider from Openssl 3.0.8 with that.
> that should work just fine.
> > > > While building the 3.0.9 statically, do I need to use the enable-
> > > > fips flag?
> No, that is not necessary. Missing enable-fips just disables the build
> of the fips provider but otherwise it does not change anything in the
> libcrypto and libssl.
> > > > If I do use the enable fips flag in the build of 3.0.9, then do I
> > > > need to use the legacy.dylib (base provider) that is produced in
> > > > the build?. Note my project code will be linked using the static
> > > > libs (libcrypto.a and libssl.a) and my code also uses things that
> > > > are not provided by the fips module.
> The legacy.dylib is the legacy provider. That is needed only if you are
> using legacy crypto algorithms that are inside this provider. It has to
> be explictly loaded by API call or configuration, otherwise it is
> Tomáš Mráz, OpenSSL
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users