diff --git a/cmd/nebula-cert/fips140.go b/cmd/nebula-cert/fips140.go new file mode 100644 index 00000000..80f33773 --- /dev/null +++ b/cmd/nebula-cert/fips140.go @@ -0,0 +1,13 @@ +//go:build fips140v1.0 || fips140v1.26 + +package main + +import ( + "crypto/fips140" +) + +func init() { + if !fips140.Enforced() { + panic("Nebula compiled with fips140 expects FIPS140 to be enforced. Do not set GODEBUG=fips140, or if you do it must be set as GODEBUG=fips140=only") + } +} diff --git a/cmd/nebula-service/fips140.go b/cmd/nebula-service/fips140.go new file mode 100644 index 00000000..80f33773 --- /dev/null +++ b/cmd/nebula-service/fips140.go @@ -0,0 +1,13 @@ +//go:build fips140v1.0 || fips140v1.26 + +package main + +import ( + "crypto/fips140" +) + +func init() { + if !fips140.Enforced() { + panic("Nebula compiled with fips140 expects FIPS140 to be enforced. Do not set GODEBUG=fips140, or if you do it must be set as GODEBUG=fips140=only") + } +} diff --git a/cmd/nebula/fips140.go b/cmd/nebula/fips140.go new file mode 100644 index 00000000..80f33773 --- /dev/null +++ b/cmd/nebula/fips140.go @@ -0,0 +1,13 @@ +//go:build fips140v1.0 || fips140v1.26 + +package main + +import ( + "crypto/fips140" +) + +func init() { + if !fips140.Enforced() { + panic("Nebula compiled with fips140 expects FIPS140 to be enforced. Do not set GODEBUG=fips140, or if you do it must be set as GODEBUG=fips140=only") + } +}