Akshay Khurd
Reputation: 69
Verify FIPS mode in golang boringssl
how to verify if fips mode is enabled for binary in golang dev boring crypto branch ? I dont see an easy way apart from internal golang tests
Upvotes: 4
Views: 4424
Answers (1)
rharris
Reputation: 131
From this file:
https://go.googlesource.com/go/+/dev.boringcrypto/src/crypto/tls/fipsonly/fipsonly.go
// Package fipsonly restricts all TLS configuration to FIPS-approved settings.
//
// The effect is triggered by importing the package anywhere in a program, as in:
//
// import _ "crypto/tls/fipsonly"
//
// This package only exists in the dev.boringcrypto branch of Go.
By including that import statement in your program, it will only compile if you're using the dev.boringcrypto branch.
Here's a test main.go:
package main
import (
"fmt"
_ "crypto/tls/fipsonly"
)
func main() {
fmt.Println("Hello FIPS")
}
Using the dev.boringcrypto branch of Go:
$ go version
go version go1.12.9b4 linux/amd64
$ go run main.go
Hello FIPS
Using the normal release of Go:
$ go version
go version go1.12.9 darwin/amd64
$ go run main.go
main.go:4:2: cannot find package "crypto/tls/fipsonly" in any of:
/Users/ray/.gimme/versions/go1.12.9.darwin.amd64/src/crypto/tls/fipsonly (from $GOROOT)
/Users/ray/go/src/crypto/tls/fipsonly (from $GOPATH)
Upvotes: 10
Related Questions
- Golang Fuzzing: Mismatched types in corpus entry
- Golang field type validation
- How can I emulate `fmap` in Go?
- Go dev.boringcrypto branch - x/crypto library FIPS 140-2 compliance
- Golang plugin type assertion
- Functional testing with Golang
- Golang test for go-routine with channel
- Golang type assertion
- How to test Golang channels / go-routines
- Golang how to do type assertion for unknown interface?