fips140.go

     1  // Copyright 2024 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package fips140
     6  
     7  import (
     8  	"crypto/internal/fips140"
     9  	"crypto/internal/fips140/check"
    10  )
    11  
    12  // Enabled reports whether the cryptography libraries are operating in FIPS
    13  // 140-3 mode.
    14  //
    15  // It can be controlled at runtime using the GODEBUG setting "fips140". If set
    16  // to "on", FIPS 140-3 mode is enabled. If set to "only", non-approved
    17  // cryptography functions will additionally return errors or panic.
    18  //
    19  // This can't be changed after the program has started.
    20  func Enabled() bool {
    21  	if fips140.Enabled && !check.Verified {
    22  		panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass")
    23  	}
    24  	return fips140.Enabled
    25  }
    26  
    27  // Version returns the FIPS 140-3 Go Cryptographic Module version (such as
    28  // "v1.0.0"), as referenced in the Security Policy for the module, if building
    29  // against a frozen module with GOFIPS140. Otherwise, it returns "latest". If an
    30  // alias is in use (such as "inprogress") the actual resolved version is
    31  // returned.
    32  //
    33  // The returned version may not uniquely identify the frozen module which was
    34  // used to build the program, if there are multiple copies of the frozen module
    35  // at the same version. The uniquely identifying version suffix can be found by
    36  // checking the value of the GOFIPS140 setting in
    37  // runtime/debug.BuildInfo.Settings.
    38  func Version() string {
    39  	return fips140.Version()
    40  }
    41
View as plain text