help wantedtriaged: feature
Repository metrics
- Stars
- (30,157 stars)
- PR merge metrics
- (30d に merged PR はありません)
説明
When there is no intent to use default provider, presence of default provider is harmful. Harmful because libcrypto size is significant, and it can be accidently used as a fallback.
This is true when using OpenSSL originated providers, as well as foreign.
Examples:
- openssl base + openssl FIPS provider
- just symcrypt provider
- just wolfcrypt provider
- openssl base + (distro / consultancy) FIPS provider
In all of these cases it would help if default provider was default.so, or ability to build libcrypto without default provider at all.
A concrete example of such implementation is Ubuntu FIPS builds that remove loading default provider by default.