Doubts between libfips.a and fips.so in openssl3.0

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Doubts between libfips.a and fips.so in openssl3.0

Manish Patidar
Hi

What is the difference in libfips.a and fips.so.? 
Selftest.c and fipsprov.c is extra in fips.so library compilation.  Does it mean that it just add provider entry function and self test, which is required for fips certification.? 

Once openssl3.0 is fips certified,  can we use libfips.a directly ? 

My requirement is to use fips certified algorithm but environment may not have capability to load dynamic library, so just thinking how openssl3.0 should be used?

Regards 
Manish 
Reply | Threaded
Open this post in threaded view
|

Re: Doubts between libfips.a and fips.so in openssl3.0

Matt Caswell-2


On 02/01/2020 04:11, Manish Patidar wrote:
> Hi
>
> What is the difference in libfips.a and fips.so.? 
> Selftest.c and fipsprov.c is extra in fips.so library compilation.  Does
> it mean that it just add provider entry function and self test, which is
> required for fips certification.?

libfips.a is just an internal build artifact. The actual module itself
is fips.so.

> Once openssl3.0 is fips certified,  can we use libfips.a directly ?

No. Applications will use libcrypto/libssl, and OpenSSL will internally
load fips.so as required.
> My requirement is to use fips certified algorithm but environment may
> not have capability to load dynamic library, so just thinking how
> openssl3.0 should be used?

Unfortunately in the 3.0 design you *must* use dynamic libraries. Static
linking for fips usage will not be possible.

Matt