cmd/go,crypto: reject using Go+BoringCrypto and fips140 together

The combination is untested and nonsensical. Both are solutions to the same problem. For #69536 Change-Id: I95cc3baaf03b64ce08096e304e311a29e9577385 Reviewed-on: https://go-review.googlesource.com/c/go/+/637177 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com>
2025-12-08 06:10:04 +00:00 · 2024-12-17 19:57:54 +01:00 · 2024-12-17 19:57:54 +01:00 · 8ff4cee564
commit 8ff4cee564
parent 971448ddf8
6 changed files with 25 additions and 0 deletions
--- a/src/cmd/go/internal/fips140/fips140.go
+++ b/src/cmd/go/internal/fips140/fips140.go
@ -119,6 +119,10 @@ func Init() {
 	if Snapshot() {
 		fsys.Bind(Dir(), filepath.Join(cfg.GOROOT, "src/crypto/internal/fips140"))
 	}
+
+	if cfg.Experiment.BoringCrypto && Enabled() {
+		base.Fatalf("go: cannot use GOFIPS140 with GOEXPERIMENT=boringcrypto")
+	}
 }

 var initDone bool
--- a/src/cmd/go/testdata/script/env_changed.txt
+++ b/src/cmd/go/testdata/script/env_changed.txt
@ -1,5 +1,8 @@
 # Test query for non-defaults in the env

+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
 env GOROOT=./a
 env GOTOOLCHAIN=local
 env GOSUMDB=nodefault
--- a/src/cmd/go/testdata/script/fips.txt
+++ b/src/cmd/go/testdata/script/fips.txt
@ -1,3 +1,6 @@
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
 # list with GOFIPS140=off
 env GOFIPS140=off
 go list -f '{{.DefaultGODEBUG}}'
--- a/src/cmd/go/testdata/script/fipssnap.txt
+++ b/src/cmd/go/testdata/script/fipssnap.txt
@ -7,6 +7,9 @@ env alias=inprocess
 skip 'no snapshots yet'
 env GOFIPS140=$snap

+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
 # default GODEBUG includes fips140=on
 go list -f '{{.DefaultGODEBUG}}'
 stdout fips140=on
--- a/src/crypto/internal/boring/boring.go
+++ b/src/crypto/internal/boring/boring.go
@ -16,6 +16,7 @@ import "C"
 import (
 	"crypto/internal/boring/sig"
 	_ "crypto/internal/boring/syso"
+	"crypto/internal/fips140"
 	"internal/stringslite"
 	"math/bits"
 	"unsafe"
@ -31,6 +32,12 @@ func init() {
 	sig.BoringCrypto()
 }

+func init() {
+	if fips140.Enabled {
+		panic("boringcrypto: cannot use GODEBUG=fips140 with GOEXPERIMENT=boringcrypto")
+	}
+}
+
 // Unreachable marks code that should be unreachable
 // when BoringCrypto is in use. It panics.
 func Unreachable() {
--- a/src/crypto/internal/fips140test/check_test.go
+++ b/src/crypto/internal/fips140test/check_test.go
@ -5,6 +5,7 @@
 package fipstest

 import (
+	"crypto/internal/boring"
 	. "crypto/internal/fips140/check"
 	"crypto/internal/fips140/check/checktest"
 	"fmt"
@ -22,6 +23,10 @@ import (
 const enableFIPSTest = true

 func TestFIPSCheckVerify(t *testing.T) {
+	if boring.Enabled {
+		t.Skip("not testing fips140 with boringcrypto enabled")
+	}
+
 	if Verified {
 		t.Logf("verified")
 		return