crypto/internal/fips140/check: remove Enabled

check.Enabled, internal/fips140.Enabled, and crypto/fips140.Enabled were
redundant. Package check can just use internal/fips140.Enabled.

check.Verified is still there for the tests and belt-and-suspenders
assurance in crypto/fips140.Enabled, although it's implied by Enabled.

For #69536

Change-Id: I83921cc925da841aba4da79a9a5e9ac526a3f2bf
Reviewed-on: https://go-review.googlesource.com/c/go/+/638855
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>

src/crypto/fips140/fips140.go

@@ -26,7 +26,7 @@ func Enabled() bool {
 	if currentlyEnabled != fips140.Enabled {
 		panic("crypto/fips140: GODEBUG setting changed after program start")
 	}
-	if fips140.Enabled && !check.Enabled() {
+	if fips140.Enabled && !check.Verified {
 		panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass")
 	}
 	return fips140.Enabled

src/crypto/internal/fips140/check/check.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package check implements the FIPS-140 load-time code+data verification.
+// Package check implements the FIPS 140 load-time code+data verification.
 // Every FIPS package providing cryptographic functionality except hmac and sha256
 // must import crypto/internal/fips140/check, so that the verification happens
 // before initialization of package global variables.
@@ -13,6 +13,7 @@
 package check
 
 import (
+	"crypto/internal/fips140"
 	"crypto/internal/fips140/hmac"
 	"crypto/internal/fips140/sha256"
 	"crypto/internal/fips140deps/byteorder"
@@ -22,15 +23,9 @@ import (
 	"unsafe"
 )
 
-// Enabled reports whether verification was enabled.
-// If Enabled returns true, then verification succeeded,
-// because if it failed the binary would have panicked at init time.
-func Enabled() bool {
-	return enabled
-}
-
-var enabled bool  // set when verification is enabled
-var Verified bool // set when verification succeeds, for testing
+// Verified is set when verification succeeded. It can be expected to always be
+// true when [fips140.Enabled] is true, or init would have panicked.
+var Verified bool
 
 // Supported reports whether the current GOOS/GOARCH is Supported at all.
 func Supported() bool {
@@ -71,9 +66,7 @@ const fipsMagic = " Go fipsinfo \xff\x00"
 var zeroSum [32]byte
 
 func init() {
-	v := godebug.Value("#fips140")
-	enabled = v != "" && v != "off"
-	if !enabled {
+	if !fips140.Enabled {
 		return
 	}
 
@@ -88,13 +81,6 @@ func init() {
 		panic("fips140: cannot verify in asan mode")
 	}
 
-	switch v {
-	case "on", "only", "debug":
-		// ok
-	default:
-		panic("fips140: unknown GODEBUG setting fips140=" + v)
-	}
-
 	if !Supported() {
 		panic("fips140: unavailable on " + runtime.GOOS + "-" + runtime.GOARCH)
 	}
@@ -132,7 +118,7 @@ func init() {
 		panic("fips140: verification mismatch")
 	}
 
-	if v == "debug" {
+	if godebug.Value("#fips140") == "debug" {
 		println("fips140: verified code+data")
 	}
 

src/crypto/internal/fips140/fips140.go

@@ -11,12 +11,16 @@ var Enabled bool
 var debug bool
 
 func init() {
-	switch godebug.Value("#fips140") {
+	v := godebug.Value("#fips140")
+	switch v {
 	case "on", "only":
 		Enabled = true
 	case "debug":
 		Enabled = true
 		debug = true
+	case "off", "":
+	default:
+		panic("fips140: unknown GODEBUG setting fips140=" + v)
 	}
 }