1 ## Note: Need a snapshot in lib/fips140 to run this test.
2 ## For local testing, can run 'cd lib/fips140; make v0.0.1.test'
3 ## and then remove the skip.
4 env snap=v0.0.1
5 env alias=inprocess
6
7 skip 'no snapshots yet'
8 env GOFIPS140=$snap
9
10 # Go+BoringCrypto conflicts with GOFIPS140.
11 [GOEXPERIMENT:boringcrypto] skip
12
13 # default GODEBUG includes fips140=on
14 go list -f '{{.DefaultGODEBUG}}'
15 stdout fips140=on
16
17 # std lists fips snapshot and not regular fips
18 go list std
19 stdout crypto/internal/fips140/$snap/sha256
20 ! stdout crypto/internal/fips140/sha256
21 ! stdout crypto/internal/fips140/check
22
23 # build does not use regular fips
24 go list -json -test
25 stdout crypto/internal/fips140/$snap/sha256
26 ! stdout crypto/internal/fips140/sha256
27 ! stdout crypto/internal/fips140/check
28
29 # again with GOFIPS140=$alias
30 env GOFIPS140=$alias
31
32 # default GODEBUG includes fips140=on
33 go list -f '{{.DefaultGODEBUG}}'
34 stdout fips140=on
35
36 # std lists fips snapshot and not regular fips
37 go list std
38 stdout crypto/internal/fips140/$snap/sha256
39 ! stdout crypto/internal/fips140/sha256
40 ! stdout crypto/internal/fips140/check
41
42 # build does not use regular fips
43 go list -json -test
44 stdout crypto/internal/fips140/$snap/sha256
45 ! stdout crypto/internal/fips140/sha256
46 ! stdout crypto/internal/fips140/check
47
48 [short] skip
49
50 # build with GOFIPS140=snap is cached
51 go build -x -o x.exe
52 stderr link.*-fipso
53 go build -x -o x.exe
54 ! stderr link.*-fipso
55
56 # build test with GOFIPS140=snap is cached
57 go test -x -c
58 stderr link.*-fipso
59 go test -x -c
60 ! stderr link
61
62 -- go.mod --
63 module m
64 -- x.go --
65 package main
66 import _ "crypto/sha256"
67 func main() {
68 }
69 -- x_test.go --
70 package main
71 import "testing"
72 func Test(t *testing.T) {}
73
View as plain text