enforce GODEBUG=fips140=only

This makes it much nicer to prove we are using the fips140 module for
all crypto.
This commit is contained in:
Wade Simmons
2026-06-02 16:36:58 -04:00
parent adb01f66a3
commit c7e035479c
3 changed files with 39 additions and 0 deletions
+13
View File
@@ -0,0 +1,13 @@
//go:build fips140v1.0 || fips140v1.26
package main
import (
"crypto/fips140"
)
func init() {
if !fips140.Enforced() {
panic("Nebula compiled with fips140 expects FIPS140 to be enforced. Do not set GODEBUG=fips140, or if you do it must be set as GODEBUG=fips140=only")
}
}
+13
View File
@@ -0,0 +1,13 @@
//go:build fips140v1.0 || fips140v1.26
package main
import (
"crypto/fips140"
)
func init() {
if !fips140.Enforced() {
panic("Nebula compiled with fips140 expects FIPS140 to be enforced. Do not set GODEBUG=fips140, or if you do it must be set as GODEBUG=fips140=only")
}
}
+13
View File
@@ -0,0 +1,13 @@
//go:build fips140v1.0 || fips140v1.26
package main
import (
"crypto/fips140"
)
func init() {
if !fips140.Enforced() {
panic("Nebula compiled with fips140 expects FIPS140 to be enforced. Do not set GODEBUG=fips140, or if you do it must be set as GODEBUG=fips140=only")
}
}