I need to verify that hostapd is using OpenSSL version that is FIPS 140-2 compliant.
From examining the code, it appears to be using the correct version of OpenSSL but cannot verify if it is built per the instructions in the FIPS certificate for OpenSSL.
Does any documentation exist on how I can verify that the FIPS modules are built properly and are being used?
If this does not exist, is it possible to configure hostapd to use an OpenSSL version that is FIPS compliant?
Examining the build system and build artifacts are perhaps your best route. Enabling logs during the build process (can be done within make menuconfig or the like) and/or building on a single thread with V=s may be helpful to you as well.
Looking at a recent build with logs enabled
logs/package/libs/openssl/compile.txt
as well as the build dir
build_dir/target-arm_cortex-a7+neon-vfpv4_musl_eabi/openssl-1.1.1b/
The kinds of certification you are looking for are typically not performed by volunteer organizations.