crypto/fips140: add Version

Fixes #75301

Change-Id: If953b4382499570d5437491036f91cbe4fec7c01
Reviewed-on: https://go-review.googlesource.com/c/go/+/723101
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

api/next/75301.txt

@@ -0,0 +1 @@
+pkg crypto/fips140, func Version() string #75301

doc/next/6-stdlib/99-minor/crypto/fips140/75301.md

@@ -0,0 +1 @@
+[Version] returns the resolved FIPS 140-3 Go Cryptographic Module version when building against a frozen module with GOFIPS140.

src/crypto/fips140/fips140.go

@@ -23,3 +23,18 @@ func Enabled() bool {
 	}
 	return fips140.Enabled
 }
+
+// Version returns the FIPS 140-3 Go Cryptographic Module version (such as
+// "v1.0.0"), as referenced in the Security Policy for the module, if building
+// against a frozen module with GOFIPS140. Otherwise, it returns "latest". If an
+// alias is in use (such as "inprogress") the actual resolved version is
+// returned.
+//
+// The returned version may not uniquely identify the frozen module which was
+// used to build the program, if there are multiple copies of the frozen module
+// at the same version. The uniquely identifying version suffix can be found by
+// checking the value of the GOFIPS140 setting in
+// runtime/debug.BuildInfo.Settings.
+func Version() string {
+	return fips140.Version()
+}