Skip to content
/ fips-detect Public

Detect whether your system/container and your Golang binary are ready to run in FIPS mode.

License

Apache-2.0 license
9 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

acardace/fips-detect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
cmd
cmd
 
 
pkg/fips
pkg/fips
 
 
vendor
vendor
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
fips-detect.go
fips-detect.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

fips-detect

Detect whether your system/container and your Golang binary are ready to run in FIPS mode.

How it works

fips-detect does a couple of checks on the running system and the supplied binary to see if everything is in place to correctly run in FIPS mode*, these checks are:

  • Checks if /proc/sys/crypto/fips_enabled is 1
  • Looks inside /usr/lib[64] and /lib[64] for a (OpenSSL lib) libcrypto.so that is FIPS-capable.
  • Checks if the ELF binary has undefined references to FIPS symbols in libcrypto.so (which means it was compiled with Red Hat's Go toolset or that it's using goboring)

*the correct definitions is actually: if the binary has everything it should to run using a FIPS-capable cryptographic module.

Install

Just go get github.com/acardace/fips-detect.

Run go build fips-detect.go

Usage

Run ./fips-detect <executable>

About

Detect whether your system/container and your Golang binary are ready to run in FIPS mode.

Topics

golang openssl containers fips

Resources

Readme

License

Apache-2.0 license
Activity

Stars

9 stars

Watchers

1 watching

Forks

5 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages