I am working with legacy code of a Broker that has 1.1.0e openssl version. I have to integrate a FIPS compliant openssl library to the Broker. So I have downloaded "openssl-fips-2.0.16" from OpenSSL web site . When I check the size of 2.0.16 version, I have been in doubt because the 1.1.0e size is nearly 5 times bigger. My questions are;
I am newbie at security, many thanks for your helps from now on.
Is it enough to change the libs instead of one another?
The openssl-fips-2.0.16 is not a FIPS certified version of OpenSSL but the FIPS module which need to be used together with the OpenSSL source code. In other words: this is not a replacement for OpenSSL.
how to upgrade openssl 1.1.0e to openssl fips 2.0.x version in linux?
From the documentation:
The 2.0 FIPS module is compatible with OpenSSL releases 1.0.1 and 1.0.2, and no others. The extensive internal structural changes for OpenSSL 1.1 preclude the use of the 2.0 FIPS module with that release.
Thus, no way to use the current FIPS module with your OpenSSL 1.1.0e.