]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2eac154)
all: enable FIPS verification code
authorRuss Cox <rsc@golang.org>
Wed, 6 Nov 2024 16:30:25 +0000 (11:30 -0500)
committerRuss Cox <rsc@golang.org>
Thu, 14 Nov 2024 05:50:37 +0000 (05:50 +0000)
Previous CLs committed changes to cmd/compile, cmd/link,
and crypto/internal/fips/check behind boolean flags.
Turn those flags on, to enable the CLs.

This is a separate, trivial CL for easier rollback.

For #69536.

Change-Id: I68206bae0b7d7ad5c8758267d1a2e68853b63644
Reviewed-on: https://go-review.googlesource.com/c/go/+/626000
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
src/cmd/internal/obj/fips.go patch | blob | history
src/cmd/link/internal/ld/fips.go patch | blob | history
src/crypto/internal/fips/check/check.go patch | blob | history
src/crypto/internal/fips/check/check_test.go patch | blob | history

diff --git a/src/cmd/internal/obj/fips.go b/src/cmd/internal/obj/fips.go
index 11028ce60291bdcfd48ef8772041800b2755c30c..6505ce79ee1bba946cc0eb807404f18ad05ce49c 100644 (file)
--- a/src/cmd/internal/obj/fips.go
+++ b/src/cmd/internal/obj/fips.go
@@ -144,7 +144,7 @@ import (
        "strings"
 )
 
-const enableFIPS = false
+const enableFIPS = true
 
 // IsFIPS reports whether we are compiling one of the crypto/internal/fips/... packages.
 func (ctxt *Link) IsFIPS() bool {
@@ -201,6 +201,11 @@ func EnableFIPS() bool {
                }
        }
 
+       // AIX doesn't just work, and it's not worth fixing.
+       if buildcfg.GOOS == "aix" {
+               return false
+       }
+
        return enableFIPS
 }
 
diff --git a/src/cmd/link/internal/ld/fips.go b/src/cmd/link/internal/ld/fips.go
index 8223da49d78c4f791cb2c0c703bdd29afb54d503..a88fdd822ddb54ac68ec6b4ea7ba2d4ed514b8d1 100644 (file)
--- a/src/cmd/link/internal/ld/fips.go
+++ b/src/cmd/link/internal/ld/fips.go
@@ -115,7 +115,7 @@ import (
        "os"
 )
 
-const enableFIPS = false
+const enableFIPS = true
 
 // fipsSyms are the special FIPS section bracketing symbols.
 var fipsSyms = []struct {
diff --git a/src/crypto/internal/fips/check/check.go b/src/crypto/internal/fips/check/check.go
index 7c1d78843769971d9df0213c97ecc71af6681902..ac64697f3f6229d5923a1d94e1c84fef9e935128 100644 (file)
--- a/src/crypto/internal/fips/check/check.go
+++ b/src/crypto/internal/fips/check/check.go
@@ -39,7 +39,8 @@ func supported() bool {
        case runtime.GOARCH == "wasm",
                runtime.GOOS == "windows" && runtime.GOARCH == "386",
                runtime.GOOS == "windows" && runtime.GOARCH == "arm",
-               runtime.GOOS == "windows" && runtime.GOARCH == "arm64":
+               runtime.GOOS == "windows" && runtime.GOARCH == "arm64",
+               runtime.GOOS == "aix":
                return false
        }
        return true
diff --git a/src/crypto/internal/fips/check/check_test.go b/src/crypto/internal/fips/check/check_test.go
index a551f7c8657e1f42de22d5007e446b07dafc4e51..56d7a1950326b0c9949a90e5de05fd6269af242d 100644 (file)
--- a/src/crypto/internal/fips/check/check_test.go
+++ b/src/crypto/internal/fips/check/check_test.go
@@ -18,7 +18,7 @@ import (
        "unsafe"
 )
 
-const enableFIPSTest = false
+const enableFIPSTest = true
 
 func TestVerify(t *testing.T) {
        if *Verified {
Go GOST TLS 1.3