mirror of https://github.com/portainer/portainer
40 lines
723 B
Go
40 lines
723 B
Go
package fips
|
|
|
|
import (
|
|
"crypto/fips140"
|
|
"sync"
|
|
|
|
"github.com/rs/zerolog/log"
|
|
)
|
|
|
|
var fipsMode, isInitialised bool
|
|
|
|
var once sync.Once
|
|
|
|
func InitFIPS(enabled bool) {
|
|
once.Do(func() {
|
|
isInitialised = true
|
|
fipsMode = enabled
|
|
|
|
if enabled && !fips140.Enabled() {
|
|
log.Fatal().Msg("If FIPS mode is enabled then the fips140 GODEBUG environment variable must be set")
|
|
}
|
|
})
|
|
}
|
|
|
|
func FIPSMode() bool {
|
|
if !isInitialised {
|
|
log.Fatal().Msg("Could not determine if FIPS mode is enabled because InitFIPS was never called")
|
|
}
|
|
|
|
return fipsMode
|
|
}
|
|
|
|
func CanTLSSkipVerify() bool {
|
|
if !isInitialised {
|
|
log.Fatal().Msg("Could not determine if FIPS mode is enabled because InitFIPS was never called")
|
|
}
|
|
|
|
return !fipsMode
|
|
}
|