questions on fips provider

Ishani 18r01a05n6 at
Fri Jun 30 06:51:03 UTC 2023

Hi All,

      I have a few questions regarding fips provider, I'm aware of the
answers for some of them but still would like to confirm.

1) Is there a way to static link FIPS? I see at many places that fips
cannot be statically linked but would like to know if we have any other
ways to do that.
2) If it is dynamic linking then does FIPS has any integrity check to make
sure is the right one? and not some thing tampered by some
body(as per my findings we have some check in configuration file as
mentioned in the below attached snapshot 3rd line)
[image: image.png]
3) can both legacy and fips providers be loaded and used?
4) Is it possible If i have built openssl with no-module configure option
(to statically link legacy provider) and also wanted to use  openssl-3.0.8
built fips module here? If yes then in what way can it be done?
5) Is it possible to load multiple providers like default, leacy and also
fips programmatically using  OSSL_PROVIDER_load function ?
6) When multiple providers like for ex:  FIPS and default provider are
enabled and when an encryption function is called, then algorithm from
which provider is picked(from my findings it can use any of the loaded
provider implementations )? assumption that we have *not* used property
query string during algorithm fetches to specify which implementation to be
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 34952 bytes
Desc: not available
URL: <>

More information about the openssl-users mailing list