On Wed, Jul 09, 2008, Jan F. Schnellbaecher wrote:

> Hello list,
> I am unsure how OpenSSL FIPS 1.2 can be deployed. I read that it can be
> linked static but also loaded dynamically, but I also read that it can only
> be linked static (as FIPS 1.1.2)

Well it can't be deployed at all yet because it has not been validated. It can
be tested however.

> 1) Can it be linked dynamically?

Yes it can.

> 2) If I would like to link it dynamically when/where do I link the
> fipscanister.o?

You build and install fipscanister.o from the FIPS 1.2 test source.

Then obtain the 0.9.8-fips source with shared build options. This will create
libcrypto with fipscanister.o included and linked in the correct manner.

At an application level you just need to link against the OpenSSL shared

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org