How to verify if the application is using fips provider from openssl-3.0.0 ( similar to fips_mode() api in openssl-fips-2.0.16) and does fips provider do run time check and through error if application using non fips ciphers.
There are a number of ways to ensure that you are always using the FIPS
provider (for example by ensuring that that is the only provider that is
loaded). It's also possible to have multiple providers loaded but using
properties to ensure that only FIPS algorithms are ever selected.
If you use properties to control this then you can use
EVP_default_properties_enable_fips() to set the default global
properties to "fips=yes". You can then also use
EVP_default_properties_is_fips_enabled() to check whether the default
properties are set to "fips=yes".
> does fips provider do run time check and through error if application
> using non fips ciphers.
When you attempt to use a cipher then libcrypto will attempt to find a
suitable one from the available providers that have been loaded based on
any property query string that is being used. As long as you configure
things in the right way (as per the various options described in the
wiki page above) then you will only have fips validated ciphers loaded
and that match the property query. If you attempt to use some other
non-validated cipher then libcrypto would throw and error because it is
unable to find a matching cipher.