From 5e72cd7b41f4808abf57ff36799445e65fae4e79 Mon Sep 17 00:00:00 2001 From: Vincent Batts Date: Tue, 17 Dec 2013 23:31:26 -0500 Subject: [PATCH] initial commit of a fips build tag enabled link to openssl --- fips.go | 25 +++++++++++++++++++++++++ fips_off.go | 15 +++++++++++++++ fips_on.go | 38 ++++++++++++++++++++++++++++++++++++++ fips_test.go | 10 ++++++++++ 4 files changed, 88 insertions(+) create mode 100644 fips.go create mode 100644 fips_off.go create mode 100644 fips_on.go create mode 100644 fips_test.go diff --git a/fips.go b/fips.go new file mode 100644 index 0000000..a35afd0 --- /dev/null +++ b/fips.go @@ -0,0 +1,25 @@ +/* +see http://www.openssl.org/docs/fips/UserGuide-2.0.pdf +to set up an environment where fips mode can be enabled +*/ +package fips + +import ( + "errors" +) + +var ErrFipsDisabled = errors.New("not built with fips tags") + +const ( + OFF ONOFF = iota + ON +) + +type ONOFF int + +func (oo ONOFF) String() string { + if oo == ON { + return "ON" + } + return "OFF" +} diff --git a/fips_off.go b/fips_off.go new file mode 100644 index 0000000..2500a44 --- /dev/null +++ b/fips_off.go @@ -0,0 +1,15 @@ +// +build !fips + +package fips + +func Mode() (ONOFF, error) { + return OFF, ErrFipsDisabled +} + +func ModeSet(mode ONOFF) (ONOFF, error) { + return OFF, ErrFipsDisabled +} + +func LastError() string { + return "" +} diff --git a/fips_on.go b/fips_on.go new file mode 100644 index 0000000..c86e0c1 --- /dev/null +++ b/fips_on.go @@ -0,0 +1,38 @@ +// +build fips + +package fips + +/* +#include +#include +#include +#cgo LDFLAGS: -lcrypto +*/ +import "C" +import "errors" + +// Check whether is FIPS mode is on +func Mode() (ONOFF, error) { + return ONOFF(C.FIPS_mode()), nil +} + +// Attempt to turn on FIPS for the context of this executable +func ModeSet(mode ONOFF) (ONOFF, error) { + o := ONOFF(C.FIPS_mode_set(C.int(mode))) + if o != mode { + return o, errors.New(LastError()) + } + return o, nil +} + +// returns error:[error code]:[library name]:[function name]:[reason string] +// this error code can also be read with `openssl errstr ` +func LastError() string { + buf := C.malloc(1024) + e := C.ERR_get_error() // a C.ulong + C.ERR_load_crypto_strings() + defer C.ERR_free_strings() + C.ERR_error_string_n(e, (*C.char)(buf), 1024) + defer C.free(buf) + return C.GoString((*C.char)(buf)) +} diff --git a/fips_test.go b/fips_test.go new file mode 100644 index 0000000..bb0693f --- /dev/null +++ b/fips_test.go @@ -0,0 +1,10 @@ +package fips + +import ( + "fmt" + "testing" +) + +func TestTest(t *testing.T) { + fmt.Println(ModeSet(ON)) +}