fips 140-2 module conditions and compilation target app
Artem Goussev
artem.goussev at gmail.com
Mon Oct 4 19:42:25 UTC 2021
hi,
I develop my application and I need to use OpenSSL 1.0.2 with the OpenSSL
FIPS Object Module 2.0. I know that OpenSSL 3.0 was released, but
unfortunately I must use OpenSSL 1.0.2.
I have read OpenSSL FIPS Object Module 2.0 documentation and I have one
misunderstanding.
*"note that as a condition of the FIPS 140-2 validation no other user
specified configuration options may be specified."*
Does it mean that I can't make any changes in the build configuration
files? For example, can I change some compilation flags(CFLAGS) or change
the list of linked libraries in makefile or others? If I do it will I lose
some FIPS-140-2 validation or as a result, will I get an incorrect FIPS
140-2 library or will I lose some FIPS 140-2 compliance ? Can you explain
it to me please ?
i already know that i can't change any configuration settings in make files.
it means that command
ms\do_fips
build fips module with CFLAG /MD
and I can't change it, corect? i can't build a fips module with option /MT,
correct?
So it means I can use openssl only in /MD mode, correct? so my target
windows console app\dll can be only in /MD mode, correct?
can you help me to understand plz?
thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20211004/92dfaa4a/attachment-0001.html>
More information about the openssl-users
mailing list