-
Notifications
You must be signed in to change notification settings - Fork 17.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This package holds only the Enabled() function. Updates #70123 Change-Id: If0e731724d9997001fa52002fa6ae72df4eb16ff Reviewed-on: https://go-review.googlesource.com/c/go/+/631017 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
- Loading branch information
1 parent
918765b
commit b2f7a21
Showing
4 changed files
with
37 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| pkg crypto/fips140, func Enabled() bool #70123 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| <!-- FIPS 140 will be covered in its own section. --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| // Copyright 2024 The Go Authors. All rights reserved. | ||
| // Use of this source code is governed by a BSD-style | ||
| // license that can be found in the LICENSE file. | ||
|
|
||
| package fips140 | ||
|
|
||
| import ( | ||
| "crypto/internal/fips140" | ||
| "crypto/internal/fips140/check" | ||
| "internal/godebug" | ||
| ) | ||
|
|
||
| var fips140GODEBUG = godebug.New("#fips140") | ||
|
|
||
| // Enabled reports whether the cryptography libraries are operating in FIPS | ||
| // 140-3 mode. | ||
| // | ||
| // It can be controlled at runtime using the GODEBUG setting "fips140". If set | ||
| // to "on", FIPS 140-3 mode is enabled. If set to "only", non-approved | ||
| // cryptography functions will additionally return errors or panic. | ||
| // | ||
| // This can't be changed after the program has started. | ||
| func Enabled() bool { | ||
| godebug := fips140GODEBUG.Value() | ||
| currentlyEnabled := godebug == "on" || godebug == "only" || godebug == "debug" | ||
| if currentlyEnabled != fips140.Enabled { | ||
| panic("crypto/fips140: GODEBUG setting changed after program start") | ||
| } | ||
| if fips140.Enabled && !check.Enabled() { | ||
| panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass") | ||
| } | ||
| return fips140.Enabled | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters