This commit is contained in:
Wade Simmons
2026-06-01 10:51:31 -04:00
parent cfcdcb0546
commit dd081ffeb6
4 changed files with 15 additions and 42 deletions
+1 -8
View File
@@ -2,11 +2,4 @@
package nebula package nebula
import "crypto/boring" var boringEnabled = boring.Enabled
func getFIPS140() string {
if boring.Enabled() {
return "boringcrypto"
}
return "off"
}
+5 -1
View File
@@ -2,6 +2,7 @@ package nebula
import ( import (
"context" "context"
"crypto/fips140"
"errors" "errors"
"fmt" "fmt"
"io" "io"
@@ -234,7 +235,10 @@ func (f *Interface) activate() error {
"networks", f.myVpnNetworks, "networks", f.myVpnNetworks,
"build", f.version, "build", f.version,
"udpAddr", addr, "udpAddr", addr,
"fips140", getFIPS140(), "boringcrypto", boringEnabled(),
"fips140Version", fips140.Version(),
"fips140Enabled", fips140.Enabled(),
"fips140Enforced", fips140.Enforced(),
) )
if f.routines > 1 { if f.routines > 1 {
+1 -30
View File
@@ -2,33 +2,4 @@
package nebula package nebula
import ( var boringEnabled = func() bool { return false }
"crypto/fips140"
"runtime/debug"
)
func getFIPS140() string {
switch {
case fips140.Enabled():
return getFIPS140Version()
default:
return "off"
}
}
func getFIPS140Version() string {
// The docs for fips140.Version mention this is more accurate to
// get the exact version
// - https://pkg.go.dev/crypto/fips140#Version
info, ok := debug.ReadBuildInfo()
if ok {
for _, s := range info.Settings {
if s.Key == "GOFIPS140" {
return s.Value
}
}
}
// TODO: Add as a backup once we bump to go1.26+
// return fips140.Version()
return "on"
}
+6 -1
View File
@@ -2,12 +2,14 @@ package nebula
import ( import (
"context" "context"
"crypto/fips140"
"errors" "errors"
"fmt" "fmt"
"log/slog" "log/slog"
"net" "net"
"net/http" "net/http"
"runtime" "runtime"
"strconv"
"sync" "sync"
"sync/atomic" "sync/atomic"
"time" "time"
@@ -289,7 +291,10 @@ func (s *statsServer) buildRuntime(cfg statsConfig) ([]func(), *http.Server) {
ConstLabels: prometheus.Labels{ ConstLabels: prometheus.Labels{
"version": s.buildVersion, "version": s.buildVersion,
"goversion": runtime.Version(), "goversion": runtime.Version(),
"fips140": getFIPS140(), "boringcrypto": strconv.FormatBool(boringEnabled()),
"fips140Version": fips140.Version(),
"fips140Enabled": strconv.FormatBool(fips140.Enabled()),
"fips140Enforced": strconv.FormatBool(fips140.Enforced()),
}, },
}) })
pr.MustRegister(g) pr.MustRegister(g)