Source file src/crypto/fips140/fips140.go

     1  // Copyright 2024 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package fips140
     6  
     7  import (
     8  	"crypto/internal/fips140"
     9  	"crypto/internal/fips140/check"
    10  	"internal/godebug"
    11  )
    12  
    13  var fips140GODEBUG = godebug.New("#fips140")
    14  
    15  // Enabled reports whether the cryptography libraries are operating in FIPS
    16  // 140-3 mode.
    17  //
    18  // It can be controlled at runtime using the GODEBUG setting "fips140". If set
    19  // to "on", FIPS 140-3 mode is enabled. If set to "only", non-approved
    20  // cryptography functions will additionally return errors or panic.
    21  //
    22  // This can't be changed after the program has started.
    23  func Enabled() bool {
    24  	godebug := fips140GODEBUG.Value()
    25  	currentlyEnabled := godebug == "on" || godebug == "only" || godebug == "debug"
    26  	if currentlyEnabled != fips140.Enabled {
    27  		panic("crypto/fips140: GODEBUG setting changed after program start")
    28  	}
    29  	if fips140.Enabled && !check.Verified {
    30  		panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass")
    31  	}
    32  	return fips140.Enabled
    33  }
    34  

View as plain text