From dd081ffeb6146bb9a7d97a9cf680c075ef8439ce Mon Sep 17 00:00:00 2001 From: Wade Simmons Date: Mon, 1 Jun 2026 10:51:31 -0400 Subject: [PATCH] cleanup --- boring.go | 9 +-------- interface.go | 6 +++++- notboring.go | 31 +------------------------------ stats.go | 11 ++++++++--- 4 files changed, 15 insertions(+), 42 deletions(-) diff --git a/boring.go b/boring.go index 1969bfc7..93f78c33 100644 --- a/boring.go +++ b/boring.go @@ -2,11 +2,4 @@ package nebula -import "crypto/boring" - -func getFIPS140() string { - if boring.Enabled() { - return "boringcrypto" - } - return "off" -} +var boringEnabled = boring.Enabled diff --git a/interface.go b/interface.go index b5d78c36..2aef678a 100644 --- a/interface.go +++ b/interface.go @@ -2,6 +2,7 @@ package nebula import ( "context" + "crypto/fips140" "errors" "fmt" "io" @@ -234,7 +235,10 @@ func (f *Interface) activate() error { "networks", f.myVpnNetworks, "build", f.version, "udpAddr", addr, - "fips140", getFIPS140(), + "boringcrypto", boringEnabled(), + "fips140Version", fips140.Version(), + "fips140Enabled", fips140.Enabled(), + "fips140Enforced", fips140.Enforced(), ) if f.routines > 1 { diff --git a/notboring.go b/notboring.go index 2402544d..f138a0a6 100644 --- a/notboring.go +++ b/notboring.go @@ -2,33 +2,4 @@ package nebula -import ( - "crypto/fips140" - "runtime/debug" -) - -func getFIPS140() string { - switch { - case fips140.Enabled(): - return getFIPS140Version() - default: - return "off" - } -} - -func getFIPS140Version() string { - // The docs for fips140.Version mention this is more accurate to - // get the exact version - // - https://pkg.go.dev/crypto/fips140#Version - info, ok := debug.ReadBuildInfo() - if ok { - for _, s := range info.Settings { - if s.Key == "GOFIPS140" { - return s.Value - } - } - } - // TODO: Add as a backup once we bump to go1.26+ - // return fips140.Version() - return "on" -} +var boringEnabled = func() bool { return false } diff --git a/stats.go b/stats.go index 19d1a0a1..688dc242 100644 --- a/stats.go +++ b/stats.go @@ -2,12 +2,14 @@ package nebula import ( "context" + "crypto/fips140" "errors" "fmt" "log/slog" "net" "net/http" "runtime" + "strconv" "sync" "sync/atomic" "time" @@ -287,9 +289,12 @@ func (s *statsServer) buildRuntime(cfg statsConfig) ([]func(), *http.Server) { Name: "info", Help: "Version information for the Nebula binary", ConstLabels: prometheus.Labels{ - "version": s.buildVersion, - "goversion": runtime.Version(), - "fips140": getFIPS140(), + "version": s.buildVersion, + "goversion": runtime.Version(), + "boringcrypto": strconv.FormatBool(boringEnabled()), + "fips140Version": fips140.Version(), + "fips140Enabled": strconv.FormatBool(fips140.Enabled()), + "fips140Enforced": strconv.FormatBool(fips140.Enforced()), }, }) pr.MustRegister(g)