[openssl-users] How do I verify the FIPS mode

[Steve Marquess]

On 02/10/2016 02:56 PM, Lesley Kimmel wrote:
> Actuall, I may have steered you wrong. It appears that OPENSSL_FIPS may
> have no affect against a non-FIPS enabled OpenSSL. According to some
> posts you can do 'OPENSSL_FIPS=1 openssl md5' which should return an
> error as md5 is not an enabled cipher in FIPS mode.

It depends on the version. Recent versions of OpenSSL will give a "FIPS
mode not supported" error for

  env OPENSSL_FIPS=1 openssl md5 ...

Whereas that command for a properly built FIPS-enabled OpenSSL will give
a "not permitted in FIPS mode" error.

-Steve M.

-- 
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD  21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc