From 9f806bb76c8eec08cad07a2e859c8dd35103432e Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Mon, 16 Dec 2024 15:52:47 +0100 Subject: [PATCH] go/build: streamline the crypto package graph in TestDependencies Change-Id: I975243b4897d5161b839f142afbd2a46bfa1fab0 Reviewed-on: https://go-review.googlesource.com/c/go/+/636555 Reviewed-by: Daniel McCarney Auto-Submit: Filippo Valsorda Reviewed-by: David Chase TryBot-Bypass: Filippo Valsorda Reviewed-by: Roland Shoemaker --- src/go/build/deps_test.go | 89 +++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 46 deletions(-) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 15e2f1bbbf..d9d985dca4 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -444,6 +444,10 @@ var depsRules = ` NET, log < net/mail; + # FIPS is the FIPS 140 module. + # It must not depend on external crypto packages. + # See also fips140deps.AllowedInternalPackages. + io, math/rand/v2 < crypto/internal/randutil; STR < crypto/internal/impl; @@ -455,8 +459,6 @@ var depsRules = ` internal/cpu, internal/goarch < crypto/internal/fips140deps/cpu; internal/godebug < crypto/internal/fips140deps/godebug; - # FIPS is the FIPS 140 module. - # It must not depend on external crypto packages. STR, crypto/internal/impl, crypto/internal/entropy, crypto/internal/randutil, @@ -491,63 +493,49 @@ var depsRules = ` < crypto/internal/fips140/rsa < FIPS; - FIPS < crypto/internal/fips140/check/checktest; + FIPS, internal/godebug < crypto/fips140; - FIPS, sync/atomic < crypto/tls/internal/fips140tls; + crypto, hash !< FIPS; - FIPS, internal/godebug, hash < crypto/fips140, crypto/internal/fips140only; + # CRYPTO is core crypto algorithms - no cgo, fmt, net. + # Mostly wrappers around the FIPS module. NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; sync/atomic < crypto/internal/boring/bcache; - crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly; - # CRYPTO is core crypto algorithms - no cgo, fmt, net. - FIPS, crypto/internal/fips140only, + FIPS, internal/godebug, hash, embed, crypto/internal/boring/sig, crypto/internal/boring/syso, - golang.org/x/sys/cpu, - hash, embed + crypto/internal/boring/bcache + < crypto/internal/fips140only < crypto < crypto/subtle < crypto/cipher - < crypto/sha3; - - crypto/cipher, - crypto/internal/boring/bcache < crypto/internal/boring - < crypto/boring; - - crypto/boring - < crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4, - crypto/sha1, crypto/sha256, crypto/sha512, crypto/hkdf; - - crypto/boring, crypto/internal/fips140/edwards25519/field - < crypto/ecdh; - - crypto/hmac < crypto/pbkdf2; - - crypto/internal/fips140/mlkem < crypto/mlkem; - - crypto/aes, - crypto/des, - crypto/ecdh, - crypto/hmac, - crypto/md5, - crypto/rc4, - crypto/sha1, - crypto/sha256, - crypto/sha512, - crypto/sha3, - crypto/hkdf + < crypto/boring + < crypto/aes, + crypto/des, + crypto/rc4, + crypto/md5, + crypto/sha1, + crypto/sha256, + crypto/sha512, + crypto/sha3, + crypto/hmac, + crypto/hkdf, + crypto/pbkdf2, + crypto/ecdh, + crypto/mlkem < CRYPTO; CGO, fmt, net !< CRYPTO; - # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. + # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. + CRYPTO, FMT, math/big < crypto/internal/boring/bbig < crypto/rand - < crypto/ed25519 + < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 < golang.org/x/crypto/cryptobyte/asn1 < golang.org/x/crypto/cryptobyte @@ -558,17 +546,23 @@ var depsRules = ` CGO, net !< CRYPTO-MATH; # TLS, Prince of Dependencies. - CRYPTO-MATH, NET, container/list, encoding/hex, encoding/pem + + FIPS, sync/atomic < crypto/tls/internal/fips140tls; + + crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly; + + CRYPTO, golang.org/x/sys/cpu, encoding/binary, reflect < golang.org/x/crypto/internal/alias < golang.org/x/crypto/internal/subtle < golang.org/x/crypto/chacha20 < golang.org/x/crypto/internal/poly1305 - < golang.org/x/crypto/chacha20poly1305 + < golang.org/x/crypto/chacha20poly1305; + + CRYPTO-MATH, NET, container/list, encoding/hex, encoding/pem, + golang.org/x/crypto/chacha20poly1305, crypto/tls/internal/fips140tls < crypto/internal/hpke < crypto/x509/internal/macos - < crypto/x509/pkix; - - crypto/tls/internal/fips140tls, crypto/x509/pkix + < crypto/x509/pkix < crypto/x509 < crypto/tls; @@ -666,7 +660,7 @@ var depsRules = ` < testing/slogtest; FMT, crypto/sha256, encoding/json, go/ast, go/parser, go/token, - internal/godebug, math/rand, encoding/hex, crypto/sha256 + internal/godebug, math/rand, encoding/hex < internal/fuzz; OS, flag, testing, internal/cfg, internal/platform, internal/goroot @@ -696,6 +690,9 @@ var depsRules = ` CGO, FMT < crypto/internal/sysrand/internal/seccomp; + FIPS + < crypto/internal/fips140/check/checktest; + # v2 execution trace parser. FMT < internal/trace/event; -- 2.48.1