<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
I think you've got the fist of the restriction. You cannot make any
changes to the source code, build files or the commands you use to
build the FOM. None are acceptable if you want a FIPS validate
outcome. I.e. you will lose the FIPS 140-2 validation state if you
change anything.<br>
<br>
<br>
Pauli<br>
<br>
<br>
<div class="moz-cite-prefix">On 5/10/21 5:42 am, Artem Goussev
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAKAm4YGmQKHUjWmZSKpxQ3kdOwrQzGoTBbY83F-CdGdrf1W--w@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr"> hi,<br>
I develop my application and I need to use OpenSSL 1.0.2 with
the OpenSSL FIPS Object Module 2.0. I know that OpenSSL 3.0 was
released, but unfortunately I must use OpenSSL 1.0.2. <br>
<br>
I have read OpenSSL FIPS Object Module 2.0 documentation and I
have one misunderstanding.
<div><br>
<b>"note that as a condition of the FIPS 140-2 validation no
other user specified configuration options may be
specified."</b>
<div><b><br>
</b>
<div>Does it mean that I can't make any changes in the build
configuration files? For example, can I change some
compilation flags(CFLAGS) or change the list of linked
libraries in makefile or others? If I do it will I lose
some FIPS-140-2 validation or as a result, will I get an
incorrect FIPS 140-2 library or will I lose some FIPS
140-2 compliance ? Can you explain it to me please ?<br>
<br>
i already know that i can't change any configuration
settings in make files.<br>
<br>
it means that command <br>
ms\do_fips
<div>build fips module with CFLAG /MD
<div><br>
</div>
<div><br>
and I can't change it, corect? i can't build a fips
module with option /MT, correct? <br>
<br>
<br>
</div>
</div>
<div>So it means I can use openssl only in /MD mode,
correct? so my target windows console app\dll can be
only in /MD mode, correct?<br>
<br>
can you help me to understand plz?<br>
<br>
thanks.</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>