fips140only.mx raw
1 // Copyright 2024 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
4
5 package fips140only
6
7 import (
8 "crypto/internal/fips140/drbg"
9 "crypto/internal/fips140/sha256"
10 "crypto/internal/fips140/sha3"
11 "crypto/internal/fips140/sha512"
12 "hash"
13 "internal/godebug"
14 "io"
15 )
16
17 // Enabled reports whether FIPS 140-only mode is enabled, in which non-approved
18 // cryptography returns an error or panics.
19 var Enabled = godebug.New("fips140").Value() == "only"
20
21 func ApprovedHash(h hash.Hash) bool {
22 switch h.(type) {
23 case *sha256.Digest, *sha512.Digest, *sha3.Digest:
24 return true
25 default:
26 return false
27 }
28 }
29
30 func ApprovedRandomReader(r io.Reader) bool {
31 _, ok := r.(drbg.DefaultReader)
32 return ok
33 }
34