Disable default GSKit FIPS mode when FIPS is not required

Author: arthurbarr

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Change log
 
+## 9.4.0.0-r3 (2024-07)
+
+* Fix to diable FIPS mode for `runmqakm` key store generation, when FIPS is not enabled
+
 ## 9.4.0.0 (2024-06)
 
 * Updated to MQ version 9.4.0.0

internal/keystore/keystore.go

@@ -245,16 +245,13 @@ func (ks *KeyStore) IsFIPSEnabled() bool {
 	return ks.fipsEnabled
 }
 
-// Returns -fips option if FIPS is enabled otherwise empty string. Return value is used
-// when running runmqakm/runmqckm commands.
+// getFipsEnabledFlag returns the appropriate flag for runmqakm/runmqckm commands
+// to enable or disable FIPS.
 func (ks *KeyStore) getFipsEnabledFlag() string {
-	var fipsEnabled string
-
 	if ks.fipsEnabled {
-		fipsEnabled = "-fips"
+		return "-fips"
 	} else {
-		fipsEnabled = ""
+		// In the GSKit command line, FIPS mode is enabled by default, so explicitly disable it
+		return "-fips false"
 	}
-
-	return fipsEnabled
 }