https://github.com/acardace/fips-detect

Detect whether your system/container and your Golang binary are ready to run in FIPS mode.
https://github.com/acardace/fips-detect

containers fips golang openssl

Last synced: 11 months ago
JSON representation

Detect whether your system/container and your Golang binary are ready to run in FIPS mode.

• Host: GitHub
• URL: https://github.com/acardace/fips-detect
• Owner: acardace
• License: apache-2.0
• Created: 2021-06-11T08:12:32.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2023-03-09T08:34:06.000Z (over 3 years ago)
• Last Synced: 2025-06-24T23:06:09.187Z (about 1 year ago)
• Topics: containers, fips, golang, openssl
• Language: Go
• Homepage:
• Size: 1.56 MB
• Stars: 11
• Watchers: 1
• Forks: 7
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# fips-detect

Detect whether your system/container and your Golang binary are ready to run in FIPS mode.

# How it works

**fips-detect** does a couple of checks on the running system and the supplied binary to see if everything is in place to correctly run in FIPS mode*, these checks are:

- Checks if `/proc/sys/crypto/fips_enabled` is `1`

- Looks inside `/usr/lib[64]` and `/lib[64]` for a (OpenSSL lib) `libcrypto.so` that is FIPS-capable.

- Checks if the ELF binary has undefined references to FIPS symbols in `libcrypto.so` (which means it was compiled with [Red Hat's Go toolset] or that it's using goboring)

*the correct definitions is actually: if the binary has everything it should to run using a FIPS-capable cryptographic module.

# Install

Just `go get github.com/acardace/fips-detect`.

Run `go build fips-detect.go`

# Usage

Run `./fips-detect `

[Red Hat's Go toolset]: https://developers.redhat.com/blog/2019/06/24/go-and-fips-140-2-on-red-hat-enterprise-linux