The current FIPS User Guide mentions: "3.3 Creation of Shared Libraries The FIPS Object Module is not directly usable as a shared library, but it can be linked into an application that is a shared library. A “FIPS compatible” OpenSSL distribution will automatically incorporate an available FIPS Object Module into the libcrypto shared library when built using the fips option (see §4.2.3)."
Does the first sentence mean that there should be an intermediate, user created, .so that itself uses libcrypto.a ? What does the second part mean ? The FOM will be included in the shared library (assuming the libcrypto.so file) ? If so, then why wouldn't it be available directly ? A clarification in perhaps simpler terms over what seems to be an explanation in the User Guide would be much appreciated. In practical terms, is it possible for an application to link against a libcrypto.so that provides all needed FIPS symbols ? If it's not, can you give an example overview in which an application already using OpenSSL (libcrypto.so) but now supporting FIPS, can still use libcrypto.so with full FIPS support ? Is the only answer to now have the application linked against libcrypto.a ? Thanks ! -- View this message in context: http://openssl.6102.n7.nabble.com/FIPS-using-libcrypto-so-tp67694.html Sent from the OpenSSL - User mailing list archive at Nabble.com. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
