This commit is contained in:
Wade Simmons
2026-06-01 10:51:31 -04:00
parent cfcdcb0546
commit dd081ffeb6
4 changed files with 15 additions and 42 deletions
+1 -8
View File
@@ -2,11 +2,4 @@
package nebula
import "crypto/boring"
func getFIPS140() string {
if boring.Enabled() {
return "boringcrypto"
}
return "off"
}
var boringEnabled = boring.Enabled
+5 -1
View File
@@ -2,6 +2,7 @@ package nebula
import (
"context"
"crypto/fips140"
"errors"
"fmt"
"io"
@@ -234,7 +235,10 @@ func (f *Interface) activate() error {
"networks", f.myVpnNetworks,
"build", f.version,
"udpAddr", addr,
"fips140", getFIPS140(),
"boringcrypto", boringEnabled(),
"fips140Version", fips140.Version(),
"fips140Enabled", fips140.Enabled(),
"fips140Enforced", fips140.Enforced(),
)
if f.routines > 1 {
+1 -30
View File
@@ -2,33 +2,4 @@
package nebula
import (
"crypto/fips140"
"runtime/debug"
)
func getFIPS140() string {
switch {
case fips140.Enabled():
return getFIPS140Version()
default:
return "off"
}
}
func getFIPS140Version() string {
// The docs for fips140.Version mention this is more accurate to
// get the exact version
// - https://pkg.go.dev/crypto/fips140#Version
info, ok := debug.ReadBuildInfo()
if ok {
for _, s := range info.Settings {
if s.Key == "GOFIPS140" {
return s.Value
}
}
}
// TODO: Add as a backup once we bump to go1.26+
// return fips140.Version()
return "on"
}
var boringEnabled = func() bool { return false }
+8 -3
View File
@@ -2,12 +2,14 @@ package nebula
import (
"context"
"crypto/fips140"
"errors"
"fmt"
"log/slog"
"net"
"net/http"
"runtime"
"strconv"
"sync"
"sync/atomic"
"time"
@@ -287,9 +289,12 @@ func (s *statsServer) buildRuntime(cfg statsConfig) ([]func(), *http.Server) {
Name: "info",
Help: "Version information for the Nebula binary",
ConstLabels: prometheus.Labels{
"version": s.buildVersion,
"goversion": runtime.Version(),
"fips140": getFIPS140(),
"version": s.buildVersion,
"goversion": runtime.Version(),
"boringcrypto": strconv.FormatBool(boringEnabled()),
"fips140Version": fips140.Version(),
"fips140Enabled": strconv.FormatBool(fips140.Enabled()),
"fips140Enforced": strconv.FormatBool(fips140.Enforced()),
},
})
pr.MustRegister(g)