1 // Copyright 2024 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package fips140 provides information about the FIPS 140-3 Go Cryptographic 6 // Module and FIPS 140-3 mode. 7 // 8 // For more details, see the [FIPS 140-3 documentation]. 9 // 10 // [FIPS 140-3 documentation]: https://go.dev/doc/security/fips140 11 package fips140 12 13 import ( 14 "crypto/internal/fips140" 15 "crypto/internal/fips140/check" 16 ) 17 18 // Enabled reports whether the cryptography libraries are operating in FIPS 19 // 140-3 mode. 20 // 21 // It can be controlled at runtime using the GODEBUG setting "fips140". If set 22 // to "on", FIPS 140-3 mode is enabled. If set to "only", non-approved 23 // cryptography functions will additionally return errors or panic. 24 // 25 // This can't be changed after the program has started. 26 func Enabled() bool { 27 if fips140.Enabled && !check.Verified { 28 panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass") 29 } 30 return fips140.Enabled 31 } 32 33 // Version returns the FIPS 140-3 Go Cryptographic Module version (such as 34 // "v1.0.0"), as referenced in the Security Policy for the module, if building 35 // against a frozen module with GOFIPS140. Otherwise, it returns "latest". If an 36 // alias is in use (such as "inprogress") the actual resolved version is 37 // returned. 38 // 39 // The returned version may not uniquely identify the frozen module which was 40 // used to build the program, if there are multiple copies of the frozen module 41 // at the same version. The uniquely identifying version suffix can be found by 42 // checking the value of the GOFIPS140 setting in 43 // runtime/debug.BuildInfo.Settings. 44 func Version() string { 45 return fips140.Version() 46 } 47