No. The OpenSSL FIPS Module is not written that way. It should not be permitting any non-FIPS implementations (see Rich's email regarding a bug). You could write your own engine, get that FIPS certified, and run it with plain, vanilla OpenSSL. There's a design spec out for OpenSSL 3.0.0 that may allow you to have your own FIPS provider, which, I believe, would be the closest thing to what you want. -- -Todd Short // Sent from my iPhone // "One if by land, two if by sea, three if by the Internet." > On Feb 27, 2019, at 6:45 AM, suji <sujiknair@xxxxxxxxx> wrote: > > Thanks for the reply. > > With non-fips openssl, it is possible to write my own fips-module. I > understood. > > But, is it possible for me to write a fips-compliant/fips validated "dynamic > engine" with openssl-fips? Which allows me to offload "fips-compilant" > functions to my engine "dynamically"? > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
