The configuration shouldn't have much impact. You will need a fips
section specifying where the integrity check data are. You shouldn't
need base or default sections.
Pauli
On 25/10/21 5:23 am, Jason Schultz wrote:
Thank you for your response. I think all of that makes sense, and
seems to accomplish what I want programmatically, limiting it to my
application. I guess the only question I have is what about the config
files? Should they remain as they were installed, or do I need to
provide sections for fips, base, default, etc?
Regards,
Jason
------------------------------------------------------------------------
*From:* openssl-users <openssl-users-boun...@openssl.org> on behalf of
Dr Paul Dale <pa...@openssl.org>
*Sent:* Sunday, October 24, 2021 12:28 AM
*To:* openssl-users@openssl.org <openssl-users@openssl.org>
*Subject:* Re: OpenSSL 3.0 FIPS questions
Oops, the second time this occurs "defp =
OSSL_PROVIDER_load(non_fips_libctx, "default");" it should be "defp =
OSSL_PROVIDER_load(NULL, "default");"
Pauli
On 24/10/21 10:06 am, Dr Paul Dale wrote:
defp = OSSL_PROVIDER_load(non_fips_libctx, "default");