if Snapshot() {
fsys.Bind(Dir(), filepath.Join(cfg.GOROOT, "src/crypto/internal/fips140"))
}
+
+ if cfg.Experiment.BoringCrypto && Enabled() {
+ base.Fatalf("go: cannot use GOFIPS140 with GOEXPERIMENT=boringcrypto")
+ }
}
var initDone bool
# Test query for non-defaults in the env
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
env GOROOT=./a
env GOTOOLCHAIN=local
env GOSUMDB=nodefault
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
# list with GOFIPS140=off
env GOFIPS140=off
go list -f '{{.DefaultGODEBUG}}'
skip 'no snapshots yet'
env GOFIPS140=$snap
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
# default GODEBUG includes fips140=on
go list -f '{{.DefaultGODEBUG}}'
stdout fips140=on
import (
"crypto/internal/boring/sig"
_ "crypto/internal/boring/syso"
+ "crypto/internal/fips140"
"internal/stringslite"
"math/bits"
"unsafe"
sig.BoringCrypto()
}
+func init() {
+ if fips140.Enabled {
+ panic("boringcrypto: cannot use GODEBUG=fips140 with GOEXPERIMENT=boringcrypto")
+ }
+}
+
// Unreachable marks code that should be unreachable
// when BoringCrypto is in use. It panics.
func Unreachable() {
package fipstest
import (
+ "crypto/internal/boring"
. "crypto/internal/fips140/check"
"crypto/internal/fips140/check/checktest"
"fmt"
const enableFIPSTest = true
func TestFIPSCheckVerify(t *testing.T) {
+ if boring.Enabled {
+ t.Skip("not testing fips140 with boringcrypto enabled")
+ }
+
if Verified {
t.Logf("verified")
return