I think you've got the fist of the restriction. You cannot make any
changes to the source code, build files or the commands you use to build
the FOM. None are acceptable if you want a FIPS validate outcome. I.e.
you will lose the FIPS 140-2 validation state if you change anything.
Pauli
On 5/10/21 5:42 am, Artem Goussev wrote:
hi,
I develop my application and I need to use OpenSSL 1.0.2 with the
OpenSSL FIPS Object Module 2.0. I know that OpenSSL 3.0 was
released, but unfortunately I must use OpenSSL 1.0.2.
I have read OpenSSL FIPS Object Module 2.0 documentation and I have
one misunderstanding.
*"note that as a condition of the FIPS 140-2 validation no other user
specified configuration options may be specified."*
*
*
Does it mean that I can't make any changes in the build configuration
files? For example, can I change some compilation flags(CFLAGS) or
change the list of linked libraries in makefile or others? If I do it
will I lose some FIPS-140-2 validation or as a result, will I get an
incorrect FIPS 140-2 library or will I lose some FIPS 140-2 compliance
? Can you explain it to me please ?
i already know that i can't change any configuration settings in make
files.
it means that command
ms\do_fips
build fips module with CFLAG /MD
and I can't change it, corect? i can't build a fips module with option
/MT, correct?
So it means I can use openssl only in /MD mode, correct? so my target
windows console app\dll can be only in /MD mode, correct?
can you help me to understand plz?
thanks.
