1 ## Note: Need a snapshot in lib/fips140 to run this test.
2 ## For local testing, can run 'cd lib/fips140; make v0.0.1.test'
3 ## and then remove the skip.
4 env snap=v0.0.1
5 env alias=inprocess
6
7 skip 'no snapshots yet'
8 env GOFIPS140=$snap
9
10 # default GODEBUG includes fips140=on
11 go list -f '{{.DefaultGODEBUG}}'
12 stdout fips140=on
13
14 # std lists fips snapshot and not regular fips
15 go list std
16 stdout crypto/internal/fips140/$snap/sha256
17 ! stdout crypto/internal/fips140/sha256
18 ! stdout crypto/internal/fips140/check
19
20 # build does not use regular fips
21 go list -json -test
22 stdout crypto/internal/fips140/$snap/sha256
23 ! stdout crypto/internal/fips140/sha256
24 ! stdout crypto/internal/fips140/check
25
26 # again with GOFIPS140=$alias
27 env GOFIPS140=$alias
28
29 # default GODEBUG includes fips140=on
30 go list -f '{{.DefaultGODEBUG}}'
31 stdout fips140=on
32
33 # std lists fips snapshot and not regular fips
34 go list std
35 stdout crypto/internal/fips140/$snap/sha256
36 ! stdout crypto/internal/fips140/sha256
37 ! stdout crypto/internal/fips140/check
38
39 # build does not use regular fips
40 go list -json -test
41 stdout crypto/internal/fips140/$snap/sha256
42 ! stdout crypto/internal/fips140/sha256
43 ! stdout crypto/internal/fips140/check
44
45 [short] skip
46
47 # build with GOFIPS140=snap is NOT cached (need fipso)
48 go build -x -o x.exe
49 stderr link.*-fipso
50 go build -x -o x.exe
51 stderr link.*-fipso
52
53 # build test with GOFIPS140=snap is cached
54 go test -x -c
55 stderr link.*-fipso
56 go test -x -c
57 ! stderr link
58
59 -- go.mod --
60 module m
61 -- x.go --
62 package main
63 import _ "crypto/sha256"
64 func main() {
65 }
66 -- x_test.go --
67 package main
68 import "testing"
69 func Test(t *testing.T) {}
70
View as plain text