crypto/internal/fips140: mark OpenBSD unsupported

Since OpenBSD 7.3, external linking uses -fexecute-only, which breaks the integrity check. Since we are not validating on OpenBSD anyway, mark it as unsupported at least for now. Fixes #70880 Change-Id: I6a6a4656b6c7a97c0962b4158d920f9e6b19678e Reviewed-on: https://go-review.googlesource.com/c/go/+/639337 Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Joel Sing <joel@sing.id.au> Reviewed-by: صادق <sadq04724@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2025-12-08 06:10:04 +00:00 · 2025-01-01 15:08:28 +01:00 · 2025-01-01 15:08:28 +01:00 · 31cabcf084
commit 31cabcf084
parent eb0c2b2f96
2 changed files with 2 additions and 0 deletions
--- a/src/cmd/dist/test.go
+++ b/src/cmd/dist/test.go
@ -1812,6 +1812,7 @@ func (t *tester) fipsSupported() bool {
 	case goarch == "wasm",
 		goos == "windows" && goarch == "386",
 		goos == "windows" && goarch == "arm",
+		goos == "openbsd",
 		goos == "aix":
 		return false
 	}
--- a/src/crypto/internal/fips140/fips140.go
+++ b/src/crypto/internal/fips140/fips140.go
@ -46,6 +46,7 @@ func Supported() error {
 	case runtime.GOARCH == "wasm",
 		runtime.GOOS == "windows" && runtime.GOARCH == "386",
 		runtime.GOOS == "windows" && runtime.GOARCH == "arm",
+		runtime.GOOS == "openbsd", // due to -fexecute-only, see #70880
 		runtime.GOOS == "aix":
 		return errors.New("FIPS 140-3 mode is not supported on " + runtime.GOOS + "-" + runtime.GOARCH)
 	}