mirror of
https://github.com/slackhq/nebula.git
synced 2026-07-02 03:20:29 +02:00
more cleanup
This commit is contained in:
@@ -284,7 +284,10 @@ endif
|
|||||||
# Use `release-fips140` or `bin-fips140` to build release binaries
|
# Use `release-fips140` or `bin-fips140` to build release binaries
|
||||||
fips140:
|
fips140:
|
||||||
@echo > $(NULL_FILE)
|
@echo > $(NULL_FILE)
|
||||||
$(eval GOENV += GOFIPS140=v1.0.0)
|
ifeq ($(strip $(GOFIPS140)),)
|
||||||
|
$(eval GOFIPS140 = v1.0.0)
|
||||||
|
endif
|
||||||
|
$(eval GOENV += GOFIPS140=$(GOFIPS140))
|
||||||
$(eval LDFLAGS += -X runtime.godebugDefault=fips140=only)
|
$(eval LDFLAGS += -X runtime.godebugDefault=fips140=only)
|
||||||
# To enforce fips140.Enforced()
|
# To enforce fips140.Enforced()
|
||||||
$(eval BUILD_ARGS += -tags fips140)
|
$(eval BUILD_ARGS += -tags fips140)
|
||||||
@@ -292,9 +295,15 @@ fips140:
|
|||||||
# For smoke-docker
|
# For smoke-docker
|
||||||
$(eval CURVE = P256)
|
$(eval CURVE = P256)
|
||||||
ifeq ($(words $(MAKECMDGOALS)),1)
|
ifeq ($(words $(MAKECMDGOALS)),1)
|
||||||
@$(MAKE) fips140 ${.DEFAULT_GOAL} --no-print-directory
|
@$(MAKE) fips140 GOFIPS140=$(GOFIPS140) ${.DEFAULT_GOAL} --no-print-directory
|
||||||
endif
|
endif
|
||||||
|
|
||||||
|
# To test the future pending module
|
||||||
|
fips140-v1.26.0: GOFIPS140 = v1.26.0
|
||||||
|
fips140-v1.26.0: fips140
|
||||||
|
fips140-latest: GOFIPS140 = latest
|
||||||
|
fips140-latest: fips140
|
||||||
|
|
||||||
# Useful to chain together, like:
|
# Useful to chain together, like:
|
||||||
# - make boringcrypto e2evv
|
# - make boringcrypto e2evv
|
||||||
# - make boringcrypto smoke-docker
|
# - make boringcrypto smoke-docker
|
||||||
|
|||||||
@@ -33,10 +33,13 @@ func TestNewAESGCM(t *testing.T) {
|
|||||||
assert.Equal(t, expected, dst)
|
assert.Equal(t, expected, dst)
|
||||||
|
|
||||||
// We expect this to fail since we are re-encrypting with a repeat IV
|
// We expect this to fail since we are re-encrypting with a repeat IV
|
||||||
// TODO: the error message has changed between fips module versions, best way to verify it?
|
if fips140.Version() == "v1.0.0" {
|
||||||
// assert.PanicsWithValue(t, "crypto/cipher: counter decreased", func() {
|
assert.PanicsWithValue(t, "crypto/cipher: counter decreased", func() {
|
||||||
// assert.PanicsWithValue(t, "crypto/cipher: counter decreased or remained the same", func() {
|
|
||||||
assert.Panics(t, func() {
|
|
||||||
dst = aead.Seal([]byte{}, iv, plaintext, aad)
|
dst = aead.Seal([]byte{}, iv, plaintext, aad)
|
||||||
})
|
})
|
||||||
|
} else {
|
||||||
|
assert.PanicsWithValue(t, "crypto/cipher: counter decreased or remained the same", func() {
|
||||||
|
dst = aead.Seal([]byte{}, iv, plaintext, aad)
|
||||||
|
})
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user