From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 5 Feb 2025 12:51:26 +0000 (+0100)
Subject: crypto/internal/fips140test: support disabling PAA/PAI
X-Git-Tag: go1.25rc1~1055
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=4ffa9a8305ddca86813cda356ddf1529b8054601;p=gostls13.git

crypto/internal/fips140test: support disabling PAA/PAI

FIPS 140-3 testing requires testing the module both with and without
platform hardware acceleration.

Change-Id: I6a6a4656faad883062d64bc8e2363d4c59bd8cce
Reviewed-on: https://go-review.googlesource.com/c/go/+/648817
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---

diff --git a/src/crypto/internal/fips140test/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go
index f25f3d4f0f..a0ad7b27df 100644
--- a/src/crypto/internal/fips140test/acvp_test.go
+++ b/src/crypto/internal/fips140test/acvp_test.go
@@ -44,6 +44,7 @@ import (
 	"crypto/internal/fips140/subtle"
 	"crypto/internal/fips140/tls12"
 	"crypto/internal/fips140/tls13"
+	"crypto/internal/impl"
 	"crypto/rand"
 	_ "embed"
 	"encoding/binary"
@@ -58,7 +59,14 @@ import (
 	"testing"
 )
 
+var noPAAPAI = os.Getenv("GONOPAAPAI") == "1"
+
 func TestMain(m *testing.M) {
+	if noPAAPAI {
+		for _, p := range impl.Packages() {
+			impl.Select(p, "")
+		}
+	}
 	if os.Getenv("ACVP_WRAPPER") == "1" {
 		wrapperMain()
 	} else {
diff --git a/src/crypto/internal/fips140test/fips_test.go b/src/crypto/internal/fips140test/fips_test.go
index 1dd8aa21a9..81ccd0cf7f 100644
--- a/src/crypto/internal/fips140test/fips_test.go
+++ b/src/crypto/internal/fips140test/fips_test.go
@@ -50,6 +50,12 @@ func moduleStatus(t *testing.T) {
 	t.Logf("Module name: %s", fips140.Name())
 	t.Logf("Module version: %s", fips140.Version())
 
+	if noPAAPAI {
+		t.Log("PAA/PAI disabled")
+	} else {
+		t.Log("PAA/PAI enabled")
+	}
+
 	if check.Verified {
 		t.Log("FIPS 140-3 integrity self-check succeeded")
 	} else {
diff --git a/src/crypto/internal/impl/impl.go b/src/crypto/internal/impl/impl.go
index 524db45d74..193839f1f1 100644
--- a/src/crypto/internal/impl/impl.go
+++ b/src/crypto/internal/impl/impl.go
@@ -38,6 +38,20 @@ func Register(pkg, name string, available *bool) {
 	})
 }
 
+// Packages returns the list of all packages for which alternative
+// implementations are registered.
+func Packages() []string {
+	var pkgs []string
+	seen := make(map[string]bool)
+	for _, i := range allImplementations {
+		if !seen[i.Package] {
+			pkgs = append(pkgs, i.Package)
+			seen[i.Package] = true
+		}
+	}
+	return pkgs
+}
+
 // List returns the names of all alternative implementations registered for the
 // given package, whether available or not. The implicit base implementation is
 // not included.