I have not found this to be the case in a linux environment. You might want to perform the following experiment:
Create a small text file and call it test1.pt, say something like: 01 The quick brown fox jumps over the lazy dog 02 The quick brown fox jumps over the lazy dog 03 The quick brown fox jumps over the lazy dog 04 The quick brown fox jumps over the lazy dog 05 The quick brown fox jumps over the lazy dog Then create a script with the following commands (or execute them manually: #!/bin/bash export OPENSSL_FIPS=1 openssl enc -e -aes-256-cbc -k etaonrishdlcupfm -in test1.pt -out test1.ct export OPENSSL_FIPS=0 openssl enc -d -aes-256-cbc -k etaonrishdlcupfm -in test1.ct -out test2.pt openssl enc -e -aes-256-cbc -k etaonrishdlcupfm -in test2.pt -out test2.ct export OPENSSL_FIPS=1 openssl enc -d -aes-256-cbc -k etaonrishdlcupfm -in test2.ct -out test3.pt ### end of scipt You should see that each of the pt files are the same and the ct files are different. Bill -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Elia, Leonard F. Sent: August 10, 2007 3:29 PM To: openssl-users@openssl.org Subject: OpenSSL fips mode fails to decrypt on windows I have a question about OpenSSL FIPS mode. I created openssl using the FIPS module, openssl 0.9.7m, and mingw on windows. It works cross platform with openssl FIPS created on Linux; my Solaris 10 version has been shelved for now. I can encrypt and decrypt out of FIPS mode. I cannot decrypt a file encrypted in FIPS mode when I am not in FIPS mode; I cannot decrypt a file not encrypted in FIPS mode when I am in FIPS mode. likewise, vanilla openssl does not decrypt a file created with openssl FIPS in FIPS mode. I thought FIPS mode just disabled ciphers. Is this the expected and normal behavior? I have verified this on Linux and on Windows, and the same holds for cross-platform encryption/decryption. Thank you -- Leonard F. Elia III, CISSP Sr. System Administrator ConITS - NASA Langley Research Center NCI Information Systems, Inc., Hampton VA ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
