Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: test fips140=only mode #70514

Open
FiloSottile opened this issue Nov 22, 2024 · 2 comments
Open

crypto: test fips140=only mode #70514

FiloSottile opened this issue Nov 22, 2024 · 2 comments
Assignees
@FiloSottile
Labels
NeedsFix The path to resolution is known, but the work has not been done. Testing An issue that has been verified to require only test changes, not just a test failure.
Milestone
Go1.24

Comments

@FiloSottile
Copy link
Contributor

fips140=only from #70123 breaks any non-FIPS cryptography. Testing a mode designed to break things is tricky.

Running the whole test suite is prohibitive. Instead, we should probably write a dedicated test that goes through things that are expected to work, and things that are not expected to work.
@FiloSottile FiloSottile added the NeedsFix The path to resolution is known, but the work has not been done. label Nov 22, 2024
@FiloSottile FiloSottile added this to the Go1.24 milestone Nov 22, 2024
@FiloSottile FiloSottile self-assigned this Nov 22, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/631018 mentions this issue: crypto: implement fips140=only mode

@gabyhelp
Copy link

Related Code Changes

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@dmitshur dmitshur added the Testing An issue that has been verified to require only test changes, not just a test failure. label Nov 22, 2024
gopherbot pushed a commit that referenced this issue Nov 22, 2024
@FiloSottile @gopherbot
crypto: implement fips140=only mode
b299e9a 
Running the test suite in this mode is definitely not an option. Testing
this will probably look like a very long test that tries all functions.
Filed #70514 to track the tests.

For #70123

Change-Id: I6f67de83da37dd1e94e620b7f4f4f6aabe040c41
Reviewed-on: https://go-review.googlesource.com/c/go/+/631018
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FiloSottile FiloSottile

Labels
NeedsFix The path to resolution is known, but the work has not been done. Testing An issue that has been verified to require only test changes, not just a test failure.
Projects
None yet
Milestone
Go1.24
Development

No branches or pull requests
4 participants
@FiloSottile @dmitshur @gopherbot @gabyhelp