cmd/internal/obj: exclude external test packages from FIPS scope

Excluding external test packages allows them to use
//go:embed, which requires data relocations in data.
(Obviously the external test code is testing the FIPS module,
not part of it, so this is reasonable.)

Change-Id: I4bae71320ccb5faf718c045540a9ba6dd93e378f
Reviewed-on: https://go-review.googlesource.com/c/go/+/628735
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>

diff --git a/src/cmd/internal/obj/fips.go b/src/cmd/internal/obj/fips.go
index acf74691f663bad039e3145491de22b2f92b95e1..978028f70a892dfe36f2c03f247f7d098e8ae5b1 100644 (file)
--- a/src/cmd/internal/obj/fips.go
+++ b/src/cmd/internal/obj/fips.go
@@ -148,6 +148,12 @@ const enableFIPS = true
 
 // IsFIPS reports whether we are compiling one of the crypto/internal/fips/... packages.
 func (ctxt *Link) IsFIPS() bool {
+       if strings.HasSuffix(ctxt.Pkgpath, "_test") {
+               // External test packages are outside the FIPS hash scope.
+               // This allows them to use //go:embed, which would otherwise
+               // emit absolute relocations in the global data.
+               return false
+       }
        return ctxt.Pkgpath == "crypto/internal/fips" || strings.HasPrefix(ctxt.Pkgpath, "crypto/internal/fips/")
 }
 
@@ -225,6 +231,11 @@ func (s *LSym) setFIPSType(ctxt *Link) {
                return
        }
 
+       if strings.Contains(name, "_test.") {
+               // External test packages are not in the scope.
+               return
+       }
+
        // Now we're at least handling a FIPS symbol.
        // It's okay to be slower now, since this code only runs when compiling a few packages.