> Maybe I should add that I've verified that FIPS_mode is turned on right before > my failing MD4 calls (think OpenSSLDie()), and I didn't do anything special > to compile or turn on the MD4 algorithm.....could that be where I'm missing a > step?
Ah yes, now I see that what I am trying to do is perhaps impossible: "Other non-FIPS approved algorithms such a Blowfish, MD5, IDEA, RC4, etc. are disabled in FIPS mode." OK. Here is where I'm coming from: - I have a new version of a product that needs to use CMAC and CCM - but it also has to support older versions of a protocol that call for things like... MD4 - as far as I know, CMAC and CCM can only be used through validated fips code (right?)... - but if fips mode is turned on, MD4 is not available because it's not a validated algorithm. Steve, if you are there, do you have advice on what library I should have used to achieve these requirements? Or if I am to toggle between fips and not fips mode during run time? I was under the impression that moving the new openssl library into my product source would offer all of the old functionality I needed, as well as the new fips functionality. Is this not true? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org