mirror of
https://github.com/slackhq/nebula.git
synced 2026-07-01 02:50:29 +02:00
more cleanup
This commit is contained in:
@@ -284,7 +284,10 @@ endif
|
||||
# Use `release-fips140` or `bin-fips140` to build release binaries
|
||||
fips140:
|
||||
@echo > $(NULL_FILE)
|
||||
$(eval GOENV += GOFIPS140=v1.0.0)
|
||||
ifeq ($(strip $(GOFIPS140)),)
|
||||
$(eval GOFIPS140 = v1.0.0)
|
||||
endif
|
||||
$(eval GOENV += GOFIPS140=$(GOFIPS140))
|
||||
$(eval LDFLAGS += -X runtime.godebugDefault=fips140=only)
|
||||
# To enforce fips140.Enforced()
|
||||
$(eval BUILD_ARGS += -tags fips140)
|
||||
@@ -292,9 +295,15 @@ fips140:
|
||||
# For smoke-docker
|
||||
$(eval CURVE = P256)
|
||||
ifeq ($(words $(MAKECMDGOALS)),1)
|
||||
@$(MAKE) fips140 ${.DEFAULT_GOAL} --no-print-directory
|
||||
@$(MAKE) fips140 GOFIPS140=$(GOFIPS140) ${.DEFAULT_GOAL} --no-print-directory
|
||||
endif
|
||||
|
||||
# To test the future pending module
|
||||
fips140-v1.26.0: GOFIPS140 = v1.26.0
|
||||
fips140-v1.26.0: fips140
|
||||
fips140-latest: GOFIPS140 = latest
|
||||
fips140-latest: fips140
|
||||
|
||||
# Useful to chain together, like:
|
||||
# - make boringcrypto e2evv
|
||||
# - make boringcrypto smoke-docker
|
||||
|
||||
@@ -33,10 +33,13 @@ func TestNewAESGCM(t *testing.T) {
|
||||
assert.Equal(t, expected, dst)
|
||||
|
||||
// We expect this to fail since we are re-encrypting with a repeat IV
|
||||
// TODO: the error message has changed between fips module versions, best way to verify it?
|
||||
// assert.PanicsWithValue(t, "crypto/cipher: counter decreased", func() {
|
||||
// assert.PanicsWithValue(t, "crypto/cipher: counter decreased or remained the same", func() {
|
||||
assert.Panics(t, func() {
|
||||
dst = aead.Seal([]byte{}, iv, plaintext, aad)
|
||||
})
|
||||
if fips140.Version() == "v1.0.0" {
|
||||
assert.PanicsWithValue(t, "crypto/cipher: counter decreased", func() {
|
||||
dst = aead.Seal([]byte{}, iv, plaintext, aad)
|
||||
})
|
||||
} else {
|
||||
assert.PanicsWithValue(t, "crypto/cipher: counter decreased or remained the same", func() {
|
||||
dst = aead.Seal([]byte{}, iv, plaintext, aad)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user