// testingOnlyCASTHook is called during tests with each CAST name.
var testingOnlyCASTHook func(string)
-// CAST runs the named Cryptographic Algorithm Self-Test (if compiled and
-// operated in FIPS mode) and aborts the program (stopping the module
-// input/output and entering the "error state") if the self-test fails.
+// CAST runs the named Cryptographic Algorithm Self-Test (if operated in FIPS
+// mode) and aborts the program (stopping the module input/output and entering
+// the "error state") if the self-test fails.
//
// These are mandatory self-checks that must be performed by FIPS 140-3 modules
// before the algorithm is used. See Implementation Guidance 10.3.A.
if testingOnlyCASTHook != nil {
testingOnlyCASTHook(name)
}
+ if !Enabled {
+ return
+ }
err := f()
if failfipscast.Value() != "" && strings.Contains(name, failfipscast.Value()) {
t.Errorf("no CASTs to test")
}
- for _, name := range fips.AllCASTs {
- t.Logf("CAST %s completed successfully", name)
+ if fips.Enabled {
+ for _, name := range fips.AllCASTs {
+ t.Logf("CAST %s completed successfully", name)
+ }
}
t.Run("SimulateFailures", func(t *testing.T) {
t.Parallel()
cmd := testenv.Command(t, testenv.Executable(t), "-test.run=TestCAST", "-test.v")
cmd = testenv.CleanCmdEnv(cmd)
- cmd.Env = append(cmd.Env, fmt.Sprintf("GODEBUG=failfipscast=%s", name))
+ cmd.Env = append(cmd.Env, fmt.Sprintf("GODEBUG=failfipscast=%s,fips140=on", name))
out, err := cmd.CombinedOutput()
if err == nil {
t.Error(err)
import "internal/godebug"
-var Enabled = godebug.New("#fips140").Value() == "on"
+var Enabled bool
+
+func init() {
+ switch godebug.New("#fips140").Value() {
+ case "on", "debug", "only":
+ Enabled = true
+ }
+}