From 4f48ad5c6b2775ab295ea0062b93527cbf4ea9d0 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 29 Jan 2025 03:18:01 +0100
Subject: [PATCH] cmd/link/internal/loader: fix linknames from FIPS 140 frozen
 tree

blockedLinknames was updated in CL 635676 after the lib/fips140 zip
mechanism was last tested. linknames from crypto/internal/fips140/v1.0.0
need to be allowed if they'd be allowed from crypto/internal/fips140.

Change-Id: I6a6a4656022118d4739ae14831f2ad721951c192
Reviewed-on: https://go-review.googlesource.com/c/go/+/645195
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---
 src/cmd/link/internal/loader/loader.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/cmd/link/internal/loader/loader.go b/src/cmd/link/internal/loader/loader.go
index e7cc30ab07..0c234e8975 100644
--- a/src/cmd/link/internal/loader/loader.go
+++ b/src/cmd/link/internal/loader/loader.go
@@ -2394,6 +2394,16 @@ func (l *Loader) checkLinkname(pkg, name string, s Sym) {
 			if pkg == p {
 				return // pkg is allowed
 			}
+			// crypto/internal/fips140/vX.Y.Z/... is the frozen version of
+			// crypto/internal/fips140/... and is similarly allowed.
+			if strings.HasPrefix(pkg, "crypto/internal/fips140/v") {
+				parts := strings.Split(pkg, "/")
+				parts = append(parts[:3], parts[4:]...)
+				pkg := strings.Join(parts, "/")
+				if pkg == p {
+					return
+				}
+			}
 		}
 		error()
 	}
-- 
2.48.1