Looking for a way to show more information about the OpenSSL FIPS provider being used by crypto

[mrmicahcooper]

Is your feature request related to a problem? Please describe.

Hi yal!
I have an OpenSSL build that’s using openSSL version 3.4.0 but a different version of the fips module (3.0.9) as this is the most recent “FIPS validated” version according to the openssl downloads page.

This is reflected on the system:

/ # openssl list -providers
Providers:
  default
    name: OpenSSL Default Provider
    version: 3.4.0
    status: active
  fips
    name: OpenSSL FIPS Provider
    version: 3.0.9
    status: active

But when looking at the available fips info from a running iex session, I see that it’s using 3.4.0 for the openssl library but I can’t find a way to show/prove from my running elixir application that it’s using the 3.0.9 fips module.

Interactive Elixir (1.18.1) - press Ctrl+C to exit (type h() ENTER for help)
iex(1)> :crypto.enable_fips_mode(true)
true
iex(2)> :crypto.info_fips()
:enabled
iex(3)> :crypto.info()
%{
  otp_crypto_version: ~c"5.5.2",
  compile_type: :normal,
  link_type: :dynamic,
  cryptolib_version_compiled: ~c"OpenSSL 3.4.0 22 Oct 2024",
  cryptolib_version_linked: ~c"OpenSSL 3.4.0 22 Oct 2024",
  fips_provider_available: true
}
iex(4)>

Is there any way from the erlang/elixir side to show/prove, through the crypto library, that its is using the correct fips module?

Describe the solution you'd like
A clear and concise description of what you want to happen.
It would be nice if there was a function in the crypto module provide more information about the fips provider it's using.
e.g.
crypto:info_fips_provider/0

Describe alternatives you've considered

I'd also be happy if there was a was to show the openssl path that the crypto library was using so I could system call and validate against the fips provider.

Thanks!