openssl/openssl

Please design default-less build of libcrypto

Open

#28.778 aberto em 8 de out. de 2025

Ver no GitHub
 (2 comments) (0 reactions) (0 assignees)C (11.262 forks)batch import
help wantedtriaged: feature

Métricas do repositório

Stars
 (30.157 stars)
Métricas de merge de PR
 (Nenhuma PRs mesclada em 30d)

Description

When there is no intent to use default provider, presence of default provider is harmful. Harmful because libcrypto size is significant, and it can be accidently used as a fallback.

This is true when using OpenSSL originated providers, as well as foreign.

Examples:

  • openssl base + openssl FIPS provider
  • just symcrypt provider
  • just wolfcrypt provider
  • openssl base + (distro / consultancy) FIPS provider

In all of these cases it would help if default provider was default.so, or ability to build libcrypto without default provider at all.

A concrete example of such implementation is Ubuntu FIPS builds that remove loading default provider by default.

Guia do colaborador