You are contradicting yourself. If you link against the openssl-fips-1.1.1library, and are in FIPS_mode, then you have FIPS functionality. If you are not in FIPS mode, then the fips library trivially behaves as the traditional openssl (with all functionalities). The former is called FIPS-validated App and latter is FIPS-capable App.
On Nov 29, 2007 4:22 PM, Brendan Simon <[EMAIL PROTECTED]> wrote: > Hi, > > I require FIPS functionality in OpenSSL but I do NOT have a requirement > to run in FIPS mode. > > What I would like is to build OpenSSL and have ALL functions available > to me so I can choose which ones I want to use. At the moment there are > some functions that are only available if the -fips configure switch is > used in both the openssl-fips module and openssl itself. Unfortunately > I can't get OpenSSL to build with shared libraries if -fips is specified. > > My logic is just because -fips is not specified, should not mean that I > can't have access those functions. To me the -fips means to use the > fips module which has been fips140-2 certified. > > Should -fips enable fips approved algorithms/methods or should it > disable use of non-fips approved algorithm/methods ??? > > Is there a way to build OpenSSL and have ALL functions available (fips > or otherwise) so that my application can use any of the functions I > require. > > Cheers, Brendan. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
