From 2e4b84b6ac95087b96e346916b3ced662269b15d Mon Sep 17 00:00:00 2001
From: Vishal Tak <vtak@gitlab.com>
Date: Mon, 28 Mar 2022 11:52:05 +0530
Subject: Add FIPS support

Changelog: added
---
 internal/boring/boring.go    | 10 ++++++++++
 internal/boring/notboring.go |  7 +++++++
 2 files changed, 17 insertions(+)
 create mode 100644 internal/boring/boring.go
 create mode 100644 internal/boring/notboring.go

(limited to 'internal')

diff --git a/internal/boring/boring.go b/internal/boring/boring.go
new file mode 100644
index 00000000..6e125210
--- /dev/null
+++ b/internal/boring/boring.go
@@ -0,0 +1,10 @@
+//go:build boringcrypto
+// +build boringcrypto
+
+package boring
+
+import "gitlab.com/gitlab-org/labkit/log"
+
+func CheckBoring() {
+	log.Info("FIPS mode is enabled. Using BoringSSL.")
+}
diff --git a/internal/boring/notboring.go b/internal/boring/notboring.go
new file mode 100644
index 00000000..6dbf3c39
--- /dev/null
+++ b/internal/boring/notboring.go
@@ -0,0 +1,7 @@
+//go:build !boringcrypto
+// +build !boringcrypto
+
+package boring
+
+func CheckBoring() {
+}
-- 
cgit v1.2.3


From 9fdda41eedbcb91c1d06c01d72f9d915934735b7 Mon Sep 17 00:00:00 2001
From: Vishal Tak <vtak@gitlab.com>
Date: Thu, 31 Mar 2022 13:28:20 +0530
Subject: Clean makefile and add runtime check for fips

---
 internal/boring/boring.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'internal')

diff --git a/internal/boring/boring.go b/internal/boring/boring.go
index 6e125210..0a59ec4a 100644
--- a/internal/boring/boring.go
+++ b/internal/boring/boring.go
@@ -3,8 +3,16 @@
 
 package boring
 
-import "gitlab.com/gitlab-org/labkit/log"
+import (
+	"crypto/boring"
+
+	"gitlab.com/gitlab-org/labkit/log"
+)
 
 func CheckBoring() {
-	log.Info("FIPS mode is enabled. Using BoringSSL.")
+	if boring.Enabled() {
+		log.Info("FIPS mode is enabled. Using BoringSSL.")
+		return
+	}
+	log.Info("GitLab Pages was compiled with FIPS mode but BoringSSL is not enabled.")
 }
-- 
cgit v1.2.3