fips 140-2 module conditions and compilation target app
artem.goussev at gmail.com
Mon Oct 4 19:42:25 UTC 2021
I develop my application and I need to use OpenSSL 1.0.2 with the OpenSSL
FIPS Object Module 2.0. I know that OpenSSL 3.0 was released, but
unfortunately I must use OpenSSL 1.0.2.
I have read OpenSSL FIPS Object Module 2.0 documentation and I have one
*"note that as a condition of the FIPS 140-2 validation no other user
specified configuration options may be specified."*
Does it mean that I can't make any changes in the build configuration
files? For example, can I change some compilation flags(CFLAGS) or change
the list of linked libraries in makefile or others? If I do it will I lose
some FIPS-140-2 validation or as a result, will I get an incorrect FIPS
140-2 library or will I lose some FIPS 140-2 compliance ? Can you explain
it to me please ?
i already know that i can't change any configuration settings in make files.
it means that command
build fips module with CFLAG /MD
and I can't change it, corect? i can't build a fips module with option /MT,
So it means I can use openssl only in /MD mode, correct? so my target
windows console app\dll can be only in /MD mode, correct?
can you help me to understand plz?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users