Description
Is your feature request related to a problem? Please describe.
Hi yal!
I have an OpenSSL build that’s using openSSL version 3.4.0 but a different version of the fips module (3.0.9) as this is the most recent “FIPS validated” version according to the openssl downloads page.
This is reflected on the system:
/ # openssl list -providers
Providers:
default
name: OpenSSL Default Provider
version: 3.4.0
status: active
fips
name: OpenSSL FIPS Provider
version: 3.0.9
status: activeBut when looking at the available fips info from a running iex session, I see that it’s using 3.4.0 for the openssl library but I can’t find a way to show/prove from my running elixir application that it’s using the 3.0.9 fips module.
Interactive Elixir (1.18.1) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> :crypto.enable_fips_mode(true)
true
iex(2)> :crypto.info_fips()
:enabled
iex(3)> :crypto.info()
%{
otp_crypto_version: ~c"5.5.2",
compile_type: :normal,
link_type: :dynamic,
cryptolib_version_compiled: ~c"OpenSSL 3.4.0 22 Oct 2024",
cryptolib_version_linked: ~c"OpenSSL 3.4.0 22 Oct 2024",
fips_provider_available: true
}
iex(4)>
Is there any way from the erlang/elixir side to show/prove, through the crypto library, that its is using the correct fips module?
Describe the solution you'd like
A clear and concise description of what you want to happen.
It would be nice if there was a function in the crypto module provide more information about the fips provider it's using.
e.g.
crypto:info_fips_provider/0
Describe alternatives you've considered
I'd also be happy if there was a was to show the openssl path that the crypto library was using so I could system call and validate against the fips provider.
Thanks!
Activity