more cleanup

This commit is contained in:
Wade Simmons
2026-06-09 10:55:57 -04:00
parent d725e53072
commit f437c7d372
2 changed files with 20 additions and 8 deletions
+11 -2
View File
@@ -284,7 +284,10 @@ endif
# Use `release-fips140` or `bin-fips140` to build release binaries
fips140:
@echo > $(NULL_FILE)
$(eval GOENV += GOFIPS140=v1.0.0)
ifeq ($(strip $(GOFIPS140)),)
$(eval GOFIPS140 = v1.0.0)
endif
$(eval GOENV += GOFIPS140=$(GOFIPS140))
$(eval LDFLAGS += -X runtime.godebugDefault=fips140=only)
# To enforce fips140.Enforced()
$(eval BUILD_ARGS += -tags fips140)
@@ -292,9 +295,15 @@ fips140:
# For smoke-docker
$(eval CURVE = P256)
ifeq ($(words $(MAKECMDGOALS)),1)
@$(MAKE) fips140 ${.DEFAULT_GOAL} --no-print-directory
@$(MAKE) fips140 GOFIPS140=$(GOFIPS140) ${.DEFAULT_GOAL} --no-print-directory
endif
# To test the future pending module
fips140-v1.26.0: GOFIPS140 = v1.26.0
fips140-v1.26.0: fips140
fips140-latest: GOFIPS140 = latest
fips140-latest: fips140
# Useful to chain together, like:
# - make boringcrypto e2evv
# - make boringcrypto smoke-docker
+9 -6
View File
@@ -33,10 +33,13 @@ func TestNewAESGCM(t *testing.T) {
assert.Equal(t, expected, dst)
// We expect this to fail since we are re-encrypting with a repeat IV
// TODO: the error message has changed between fips module versions, best way to verify it?
// assert.PanicsWithValue(t, "crypto/cipher: counter decreased", func() {
// assert.PanicsWithValue(t, "crypto/cipher: counter decreased or remained the same", func() {
assert.Panics(t, func() {
dst = aead.Seal([]byte{}, iv, plaintext, aad)
})
if fips140.Version() == "v1.0.0" {
assert.PanicsWithValue(t, "crypto/cipher: counter decreased", func() {
dst = aead.Seal([]byte{}, iv, plaintext, aad)
})
} else {
assert.PanicsWithValue(t, "crypto/cipher: counter decreased or remained the same", func() {
dst = aead.Seal([]byte{}, iv, plaintext, aad)
})
}
}