| // Copyright 2024 The Go Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package fips140 |
| |
| import ( |
| "crypto/internal/fips140" |
| "crypto/internal/fips140/check" |
| ) |
| |
| // Enabled reports whether the cryptography libraries are operating in FIPS |
| // 140-3 mode. |
| // |
| // It can be controlled at runtime using the GODEBUG setting "fips140". If set |
| // to "on", FIPS 140-3 mode is enabled. If set to "only", non-approved |
| // cryptography functions will additionally return errors or panic. |
| // |
| // This can't be changed after the program has started. |
| func Enabled() bool { |
| if fips140.Enabled && !check.Verified { |
| panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass") |
| } |
| return fips140.Enabled |
| } |
| |
| // Version returns the FIPS 140-3 Go Cryptographic Module version (such as |
| // "v1.0.0"), as referenced in the Security Policy for the module, if building |
| // against a frozen module with GOFIPS140. Otherwise, it returns "latest". If an |
| // alias is in use (such as "inprogress") the actual resolved version is |
| // returned. |
| // |
| // The returned version may not uniquely identify the frozen module which was |
| // used to build the program, if there are multiple copies of the frozen module |
| // at the same version. The uniquely identifying version suffix can be found by |
| // checking the value of the GOFIPS140 setting in |
| // runtime/debug.BuildInfo.Settings. |
| func Version() string { |
| return fips140.Version() |
| } |
