fips 140-2 module conditions and compilation target app

Artem Goussev artem.goussev at
Mon Oct 4 19:42:25 UTC 2021

I develop my application and I need to use OpenSSL 1.0.2 with the OpenSSL
FIPS Object Module 2.0. I know that OpenSSL 3.0 was released, but
unfortunately I must use OpenSSL 1.0.2.

I have read   OpenSSL FIPS Object Module 2.0 documentation and I have one

*"note that as a condition of the FIPS 140-2 validation no other user
specified configuration options may be specified."*

Does it mean that I can't make any changes in the build configuration
files? For example, can I change some compilation flags(CFLAGS) or change
the list of linked libraries in makefile or others? If I do it will I lose
some FIPS-140-2 validation or as a result, will I get an incorrect FIPS
140-2 library or will I lose some FIPS 140-2 compliance ? Can you explain
it to me please ?

i already know that i can't change any configuration settings in make files.

it means that command
build fips module with CFLAG /MD

and I can't change it, corect? i can't build a fips module with option /MT,

So it means I can use openssl only in /MD mode, correct? so my target
windows console app\dll can be only in /MD mode, correct?

can you help me to understand plz?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list