On Thu, Jan 10, 2013 at 3:07 AM, Nayna Jain <naynj...@in.ibm.com> wrote: > > Hi, > > I want to use FIPS compliant algorithms and keys. For that I understand, I > need to have Openssl FIPS object library along with default openssl. > > However, I am not understanding how to install them. My questions are : > > 1. Both are tar.gz. Should I run ./Configure, make and make install for > both of them and that is done. No.
The FIPS Object Module (openssl-fips-2.0.N/ directory) uses: `./config fipscanisterbuild` The FIPS Capable library uses (openssl-1.0.x/ directory): `./config fips <options>` > If this is the case, how does openssl links > with FIPS object module. Nothing special is required. You use the FIPS Capable library (libcrypto.a and libssl.a), the FIPS Capable library uses the FIPS Object Module (fipscanister.o). Its all transparent to the user. > 2. While compiling or building openssl lib itself I need to link it to FIPS > object module. If that is the case, where and how do I have to set that > linking option while building. Nothing special is required (Chapter 2 of the User Guide 2.0 is a bit misleading, IIRC). Just link against libcrypto.a, and act like fipscanister.o does not exist. > Please guide. As requested: openssl.org/docs/fips/UserGuide-2.0.pdf. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
