go/build: streamline the crypto package graph in TestDependencies

author Filippo Valsorda <filippo@golang.org>

Mon, 16 Dec 2024 14:52:47 +0000 (15:52 +0100)

committer Gopher Robot <gobot@golang.org>

Tue, 17 Dec 2024 16:07:47 +0000 (08:07 -0800)
author Filippo Valsorda <filippo@golang.org>
Mon, 16 Dec 2024 14:52:47 +0000 (15:52 +0100)
committer Gopher Robot <gobot@golang.org>
Tue, 17 Dec 2024 16:07:47 +0000 (08:07 -0800)
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go

index 15e2f1bbbf3ad3ea5456d0f5472351bcb3546cd9..d9d985dca4ade4148900e1117388e8d373ed840a 100644 (file)
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -444,6 +444,10 @@ var depsRules = `
         NET, log
         < net/mail;
  
+       # FIPS is the FIPS 140 module.
+       # It must not depend on external crypto packages.
+       # See also fips140deps.AllowedInternalPackages.
+
         io, math/rand/v2 < crypto/internal/randutil;
  
         STR < crypto/internal/impl;
@@ -455,8 +459,6 @@ var depsRules = `
         internal/cpu, internal/goarch < crypto/internal/fips140deps/cpu;
         internal/godebug < crypto/internal/fips140deps/godebug;
  
-       # FIPS is the FIPS 140 module.
-       # It must not depend on external crypto packages.
         STR, crypto/internal/impl,
         crypto/internal/entropy,
         crypto/internal/randutil,
@@ -491,63 +493,49 @@ var depsRules = `
         < crypto/internal/fips140/rsa
         < FIPS;
  
-       FIPS < crypto/internal/fips140/check/checktest;
+       FIPS, internal/godebug < crypto/fips140;
  
-       FIPS, sync/atomic < crypto/tls/internal/fips140tls;
+       crypto, hash !< FIPS;
  
-       FIPS, internal/godebug, hash < crypto/fips140, crypto/internal/fips140only;
+       # CRYPTO is core crypto algorithms - no cgo, fmt, net.
+       # Mostly wrappers around the FIPS module.
  
         NONE < crypto/internal/boring/sig, crypto/internal/boring/syso;
         sync/atomic < crypto/internal/boring/bcache;
-       crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly;
  
-       # CRYPTO is core crypto algorithms - no cgo, fmt, net.
-       FIPS, crypto/internal/fips140only,
+       FIPS, internal/godebug, hash, embed,
         crypto/internal/boring/sig,
         crypto/internal/boring/syso,
-       golang.org/x/sys/cpu,
-       hash, embed
+       crypto/internal/boring/bcache
+       < crypto/internal/fips140only
         < crypto
         < crypto/subtle
         < crypto/cipher
-       < crypto/sha3;
-
-       crypto/cipher,
-       crypto/internal/boring/bcache
         < crypto/internal/boring
-       < crypto/boring;
-
-       crypto/boring
-       < crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4,
-         crypto/sha1, crypto/sha256, crypto/sha512, crypto/hkdf;
-
-       crypto/boring, crypto/internal/fips140/edwards25519/field
-       < crypto/ecdh;
-
-       crypto/hmac < crypto/pbkdf2;
-
-       crypto/internal/fips140/mlkem < crypto/mlkem;
-
-       crypto/aes,
-       crypto/des,
-       crypto/ecdh,
-       crypto/hmac,
-       crypto/md5,
-       crypto/rc4,
-       crypto/sha1,
-       crypto/sha256,
-       crypto/sha512,
-       crypto/sha3,
-       crypto/hkdf
+       < crypto/boring
+       < crypto/aes,
+         crypto/des,
+         crypto/rc4,
+         crypto/md5,
+         crypto/sha1,
+         crypto/sha256,
+         crypto/sha512,
+         crypto/sha3,
+         crypto/hmac,
+         crypto/hkdf,
+         crypto/pbkdf2,
+         crypto/ecdh,
+         crypto/mlkem
         < CRYPTO;
  
         CGO, fmt, net !< CRYPTO;
  
-       # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
+       # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok.
+
         CRYPTO, FMT, math/big
         < crypto/internal/boring/bbig
         < crypto/rand
-       < crypto/ed25519
+       < crypto/ed25519 # depends on crypto/rand.Reader
         < encoding/asn1
         < golang.org/x/crypto/cryptobyte/asn1
         < golang.org/x/crypto/cryptobyte
@@ -558,17 +546,23 @@ var depsRules = `
         CGO, net !< CRYPTO-MATH;
  
         # TLS, Prince of Dependencies.
-       CRYPTO-MATH, NET, container/list, encoding/hex, encoding/pem
+
+       FIPS, sync/atomic < crypto/tls/internal/fips140tls;
+
+       crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly;
+
+       CRYPTO, golang.org/x/sys/cpu, encoding/binary, reflect
         < golang.org/x/crypto/internal/alias
         < golang.org/x/crypto/internal/subtle
         < golang.org/x/crypto/chacha20
         < golang.org/x/crypto/internal/poly1305
-       < golang.org/x/crypto/chacha20poly1305
+       < golang.org/x/crypto/chacha20poly1305;
+
+       CRYPTO-MATH, NET, container/list, encoding/hex, encoding/pem,
+       golang.org/x/crypto/chacha20poly1305, crypto/tls/internal/fips140tls
         < crypto/internal/hpke
         < crypto/x509/internal/macos
-       < crypto/x509/pkix;
-
-       crypto/tls/internal/fips140tls, crypto/x509/pkix
+       < crypto/x509/pkix
         < crypto/x509
         < crypto/tls;
  
@@ -666,7 +660,7 @@ var depsRules = `
         < testing/slogtest;
  
         FMT, crypto/sha256, encoding/json, go/ast, go/parser, go/token,
-       internal/godebug, math/rand, encoding/hex, crypto/sha256
+       internal/godebug, math/rand, encoding/hex
         < internal/fuzz;
  
         OS, flag, testing, internal/cfg, internal/platform, internal/goroot
@@ -696,6 +690,9 @@ var depsRules = `
         CGO, FMT
         < crypto/internal/sysrand/internal/seccomp;
  
+       FIPS
+       < crypto/internal/fips140/check/checktest;
+
         # v2 execution trace parser.
         FMT
         < internal/trace/event;
author	Filippo Valsorda <filippo@golang.org>
	Mon, 16 Dec 2024 14:52:47 +0000 (15:52 +0100)
committer	Gopher Robot <gobot@golang.org>
	Tue, 17 Dec 2024 16:07:47 +0000 (08:07 -0800)