Detect whether your system/container and your Golang binary are ready to run in FIPS mode.
fips-detect does a couple of checks on the running system and the supplied binary to see if everything is in place to correctly run in FIPS mode*, these checks are:
- Checks if
/proc/sys/crypto/fips_enabledis1 - Looks inside
/usr/lib[64]and/lib[64]for a (OpenSSL lib)libcrypto.sothat is FIPS-capable. - Checks if the ELF binary has undefined references to FIPS symbols in
libcrypto.so(which means it was compiled with Red Hat's Go toolset or that it's using goboring)
*the correct definitions is actually: if the binary has everything it should to run using a FIPS-capable cryptographic module.
Just go get github.com/acardace/fips-detect.
Run go build fips-detect.go
Run ./fips-detect <executable>