crypto/internal/cryptotest: add MustSupportFIPS140

Change-Id: Iccb3ffdb7c1e15f8f0d889fdc4a27e62870cd58e
Reviewed-on: https://go-review.googlesource.com/c/go/+/702776
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

diff --git a/src/crypto/internal/cryptotest/fips140.go b/src/crypto/internal/cryptotest/fips140.go
new file mode 100644 (file)
index 0000000..c24622c
--- /dev/null
+++ b/src/crypto/internal/cryptotest/fips140.go
@@ -0,0 +1,17 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptotest
+
+import (
+       "crypto/internal/fips140"
+       "testing"
+)
+
+func MustSupportFIPS140(t *testing.T) {
+       t.Helper()
+       if err := fips140.Supported(); err != nil {
+               t.Skipf("test requires FIPS 140 mode: %v", err)
+       }
+}

diff --git a/src/crypto/internal/fips140test/check_test.go b/src/crypto/internal/fips140test/check_test.go
index c4f6a95e3ecbe514eddb09e34e53680ef8ac1fbb..2ceef6dd883d0ab8244eb2254c62f04b44498e76 100644 (file)
--- a/src/crypto/internal/fips140test/check_test.go
+++ b/src/crypto/internal/fips140test/check_test.go
@@ -6,7 +6,7 @@ package fipstest
 
 import (
        "bytes"
-       "crypto/internal/fips140"
+       "crypto/internal/cryptotest"
        . "crypto/internal/fips140/check"
        "crypto/internal/fips140/check/checktest"
        "fmt"
@@ -31,9 +31,7 @@ func TestIntegrityCheck(t *testing.T) {
                t.Fatalf("GODEBUG=fips140=on but verification did not run")
        }
 
-       if err := fips140.Supported(); err != nil {
-               t.Skipf("skipping: %v", err)
-       }
+       cryptotest.MustSupportFIPS140(t)
 
        cmd := testenv.Command(t, testenv.Executable(t), "-test.v", "-test.run=^TestIntegrityCheck$")
        cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on")
@@ -47,9 +45,7 @@ func TestIntegrityCheck(t *testing.T) {
 func TestIntegrityCheckFailure(t *testing.T) {
        moduleStatus(t)
        testenv.MustHaveExec(t)
-       if err := fips140.Supported(); err != nil {
-               t.Skipf("skipping: %v", err)
-       }
+       cryptotest.MustSupportFIPS140(t)
 
        bin, err := os.ReadFile(os.Args[0])
        if err != nil {
@@ -90,9 +86,7 @@ func TestIntegrityCheckFailure(t *testing.T) {
 }
 
 func TestIntegrityCheckInfo(t *testing.T) {
-       if err := fips140.Supported(); err != nil {
-               t.Skipf("skipping: %v", err)
-       }
+       cryptotest.MustSupportFIPS140(t)
 
        // Check that the checktest symbols are initialized properly.
        if checktest.NOPTRDATA != 1 {