gitlab.com/gitlab-org/labkit@v1.21.0/fips/fips.go

gitlab.com/gitlab-org/labkit@v1.21.0/fips/fips.go (about)

     1  //go:build fips
     2  // +build fips
     3  
     4  package fips
     5  
     6  import (
     7  	"crypto/boring"
     8  
     9  	"gitlab.com/gitlab-org/labkit/log"
    10  )
    11  
    12  // Check logs a message to indicate whether FIPS is enabled.
    13  // The return value is deprecated; if you need it use Enabled() instead.
    14  func Check() bool {
    15  	if Enabled() {
    16  		log.Info("FIPS mode is enabled. Using an external SSL library.")
    17  		return true
    18  	}
    19  
    20  	log.Info("Binary was compiled with FIPS mode, but an external SSL library was not enabled.")
    21  	return false
    22  }
    23  
    24  // Enabled returns true if FIPS crypto has been enabled. For the FIPS Go
    25  // compiler in https://github.com/golang-fips/go, this requires that:
    26  //
    27  // 1. The binary has been compiled with CGO_ENABLED=1.
    28  // 2. The platform is amd64 running on a Linux runtime.
    29  // 3. The kernel has FIPS enabled (e.g. `/proc/sys/crypto/fips_enabled` is 1).
    30  // 4. A system OpenSSL can be dynamically loaded via ldopen().
    31  func Enabled() bool {
    32  	return boring.Enabled()
    33  }