On 01/04/2013 11:21 AM, Jeffrey Walton wrote: > ... > > In my final application, I always link against libcrypto.a. Period. I > never link against fipscanister.o. Period.
That is as it should be. In general the application developer should not be referencing fipscanister.o, only the sysadmin building and installing the OpenSSL libraries. The exceptions we've seen are some very specialized and limited embedded devices performing limited cryptographic functions, where the pain of coding to the naked FIPS module interface was justified. For the typical general purpose computer there is nothing to be gained, and much to be lost, by attempting to reference the FIPS module directly. > If its not intended to be used, why is it present? So that you can build the "FIPS capable" OpenSSL. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
