libcrypto.a and FIPs module in OpenSSL 3.0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

libcrypto.a and FIPs module in OpenSSL 3.0

OpenSSL - User mailing list
Hi All,

We build the "crypto" code in OpenSSL to generate "libcrypto.a" for MIPs platform.

Our application links statically with "libcrypto.a" and uses the OpenSSL crypto API's accordingly.

With this compilation model, will it be feasible to integrate with the FIPs object module in OpenSSL 3.0?

How can we load the FIPS provider in our application?

(I have gone through the section about the FIPs module installation in https://wiki.openssl.org/index.php/OpenSSL_3.0#Platforms)

Any insight will be helpful to me.

Thanks
Bala
Reply | Threaded
Open this post in threaded view
|

Re: libcrypto.a and FIPs module in OpenSSL 3.0

Matt Caswell-2


On 26/03/2021 10:47, Bala Duvvuri via openssl-users wrote:

> Hi All,
>
> We build the "crypto" code in OpenSSL to generate "libcrypto.a" for MIPs platform.
>
> Our application links statically with "libcrypto.a" and uses the OpenSSL crypto API's accordingly.
>
> With this compilation model, will it be feasible to integrate with the FIPs object module in OpenSSL 3.0?
>
> How can we load the FIPS provider in our application?
>
> (I have gone through the section about the FIPs module installation in https://wiki.openssl.org/index.php/OpenSSL_3.0#Platforms)
>
> Any insight will be helpful to me.

It is still possible to use the 3.0 FIPS module even if you use static
linking to link to libcrypto. However the FIPS module itself is always a
dynamically loaded shared object (i.e. a .so file).

So, you statically link your application to libcrypto.a. When needed
(either as a result of config, or an explicit call to
OSSL_PROVIDER_load()), then the FIPS module fips.so file will be
dynamically loaded at runtime by libcrypto. How libcrypto is linked to
the application does not impact its ability to dynamically load the FIPS
module at runtime.

Matt