如何验证在Golang Dev Boring Crypto分支中二进制文件是否启用了FIPS模式?除了内部Golang测试外,我没有看到其他简单的方法。
从这个文件开始:
https://go.googlesource.com/go/+/dev.boringcrypto/src/crypto/tls/fipsonly/fipsonly.go
// Package fipsonly restricts all TLS configuration to FIPS-approved settings.
//
// The effect is triggered by importing the package anywhere in a program, as in:
//
// import _ "crypto/tls/fipsonly"
//
// This package only exists in the dev.boringcrypto branch of Go.
如果您在程序中包含了该导入语句,只有在使用dev.boringcrypto分支时才会编译。
这是一个测试 main.go:
package main
import (
"fmt"
_ "crypto/tls/fipsonly"
)
func main() {
fmt.Println("Hello FIPS")
}
使用 Go 的 dev.boringcrypto 分支:
$ go version
go version go1.12.9b4 linux/amd64
$ go run main.go
Hello FIPS
使用正常版本的Go:
$ go version
go version go1.12.9 darwin/amd64
$ go run main.go
main.go:4:2: cannot find package "crypto/tls/fipsonly" in any of:
/Users/ray/.gimme/versions/go1.12.9.darwin.amd64/src/crypto/tls/fipsonly (from $GOROOT)
/Users/ray/go/src/crypto/tls/fipsonly (from $GOPATH)