[release-branch.go1.24] internal/godebugs: add fips140 as an opaque godebug setting

This permits using "godebug fips140=on" in go.mod and
using "//go:debug fips140=on" in the main package.

Change code references to the godebug setting to remove the #
which is no longer required.

For #71666
Fixes #71745

Change-Id: I3a60ecc55b03848dadd6d431eb43137b6df6568b
Reviewed-on: https://go-review.googlesource.com/c/go/+/649495
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
(cherry picked from commit 2b43ce0a9d5825d66aa42a6fa9076f2fb9c181ea)
Reviewed-on: https://go-review.googlesource.com/c/go/+/650675
Commit-Queue: Ian Lance Taylor <iant@google.com>

diff --git a/src/crypto/fips140/fips140.go b/src/crypto/fips140/fips140.go
index 41d0d170cf9fc8f320c50b398bc8b4c490456750..1c4036d5e7473573cc1e5ee7f55044cf11984b93 100644 (file)
--- a/src/crypto/fips140/fips140.go
+++ b/src/crypto/fips140/fips140.go
@@ -10,7 +10,7 @@ import (
        "internal/godebug"
 )
 
-var fips140GODEBUG = godebug.New("#fips140")
+var fips140GODEBUG = godebug.New("fips140")
 
 // Enabled reports whether the cryptography libraries are operating in FIPS
 // 140-3 mode.

diff --git a/src/crypto/internal/fips140/check/check.go b/src/crypto/internal/fips140/check/check.go
index f8a5d7a41e982e7a4d334d19961181dabb603926..454cd6c738b1afd99eecf621eef696b3da4faf5c 100644 (file)
--- a/src/crypto/internal/fips140/check/check.go
+++ b/src/crypto/internal/fips140/check/check.go
@@ -100,7 +100,7 @@ func init() {
        clear(nbuf[:])
        h.Reset()
 
-       if godebug.Value("#fips140") == "debug" {
+       if godebug.Value("fips140") == "debug" {
                println("fips140: verified code+data")
        }
 

diff --git a/src/crypto/internal/fips140only/fips140only.go b/src/crypto/internal/fips140only/fips140only.go
index 7126781af0d8bc64516464eb201bcd846b7bd683..147877a34fcb5fab8b5db371f046d0e362609395 100644 (file)
--- a/src/crypto/internal/fips140only/fips140only.go
+++ b/src/crypto/internal/fips140only/fips140only.go
@@ -16,7 +16,7 @@ import (
 
 // Enabled reports whether FIPS 140-only mode is enabled, in which non-approved
 // cryptography returns an error or panics.
-var Enabled = godebug.New("#fips140").Value() == "only"
+var Enabled = godebug.New("fips140").Value() == "only"
 
 func ApprovedHash(h hash.Hash) bool {
        switch h.(type) {

diff --git a/src/crypto/internal/fips140test/check_test.go b/src/crypto/internal/fips140test/check_test.go
index 6b0cd3f39e1695cfaefc964a6102e1fe07c34118..e635a2480967838c6e25fe9a4ba046806f702873 100644 (file)
--- a/src/crypto/internal/fips140test/check_test.go
+++ b/src/crypto/internal/fips140test/check_test.go
@@ -26,7 +26,7 @@ func TestFIPSCheckVerify(t *testing.T) {
                return
        }
 
-       if godebug.New("#fips140").Value() == "on" {
+       if godebug.New("fips140").Value() == "on" {
                t.Fatalf("GODEBUG=fips140=on but verification did not run")
        }
 

diff --git a/src/internal/godebugs/table.go b/src/internal/godebugs/table.go
index 9c48a923f032c35c918dfe50d598856fdb39b603..e0fde01f09d9bb40f06e3d724c61b793278a7fc9 100644 (file)
--- a/src/internal/godebugs/table.go
+++ b/src/internal/godebugs/table.go
@@ -28,6 +28,7 @@ var All = []Info{
        {Name: "asynctimerchan", Package: "time", Changed: 23, Old: "1"},
        {Name: "dataindependenttiming", Package: "crypto/subtle", Opaque: true},
        {Name: "execerrdot", Package: "os/exec"},
+       {Name: "fips140", Package: "crypto/fips140", Opaque: true},
        {Name: "gocachehash", Package: "cmd/go"},
        {Name: "gocachetest", Package: "cmd/go"},
        {Name: "gocacheverify", Package: "cmd/go"},