如何验证golang dev无聊的加密分支中是否为二进制启用了fips模式? 除了内部golang测试之外,我看不到任何简便的方法
答案 0 :(得分:0)
来自此文件:
https://go.googlesource.com/go/+/dev.boringcrypto/src/crypto/tls/fipsonly/fipsonly.go
// Package fipsonly restricts all TLS configuration to FIPS-approved settings.
//
// The effect is triggered by importing the package anywhere in a program, as in:
//
// import _ "crypto/tls/fipsonly"
//
// This package only exists in the dev.boringcrypto branch of Go.
通过在程序中包含该import语句,只有在使用dev.boringcrypto分支时,它才会编译。
这是一个测试main.go:
package main
import (
"fmt"
_ "crypto/tls/fipsonly"
)
func main() {
fmt.Println("Hello FIPS")
}
使用Go的dev.boringcrypto分支:
$ go version
go version go1.12.9b4 linux/amd64
$ go run main.go
Hello FIPS
使用Go的正常发行版:
$ go version
go version go1.12.9 darwin/amd64
$ go run main.go
main.go:4:2: cannot find package "crypto/tls/fipsonly" in any of:
/Users/ray/.gimme/versions/go1.12.9.darwin.amd64/src/crypto/tls/fipsonly (from $GOROOT)
/Users/ray/go/src/crypto/tls/fipsonly (from $GOPATH)