Q. Is there an openssl command to print the the status of the fips enabled?
Jun Aruga
jun.aruga at gmail.com
Thu Jul 27 14:50:28 UTC 2023
Hello openssl-users community,
I am curious to know if there is an `openssl` command to print the
status of the "default_properties = fips=yes" that is equivalent with
the C API `EVP_default_properties_is_fips_enabled` when running
OpenSSL with a FIPS OpenSSL configuration file below. Is there a
command for that?
```
$ cat openssl_fips.cnf
config_diagnostics = 1
openssl_conf = openssl_init
.include /home/jaruga/.local/openssl-3.2.0.dev-fips-debug-06a0d40322/ssl/fipsmodule.cnf
[openssl_init]
providers = provider_sect
alg_section = algorithm_sect
[provider_sect]
fips = fips_sect
base = base_sect
[base_sect]
activate = 1
[algorithm_sect]
default_properties = fips=yes
```
As a note, I found a command to print the list of the providers. That
is also important to know if the FIPS configuration is properly set.
```
$ OPENSSL_CONF=$(pwd)/openssl_fips.cnf \
LD_LIBRARY_PATH=/home/jaruga/.local/openssl-3.2.0.dev-fips-debug-06a0d40322/lib
\
/home/jaruga/.local/openssl-3.2.0.dev-fips-debug-06a0d40322/bin/openssl
list -providers
Providers:
base
name: OpenSSL Base Provider
version: 3.2.0
status: active
fips
name: OpenSSL FIPS Provider
version: 3.2.0
status: active
```
Thanks for your help!
Jun
More information about the openssl-users
mailing list