Skip to content

[fips140][configtls.TestTPM_tpmCertificate_errors] Skip test if GODEBUG=fips140=only is set #14255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ycombinator wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[fips140][configtls.TestTPM_tpmCertificate_errors] Skip test if GODEBUG=fips140=only is set #14255

ycombinator wants to merge 2 commits into from
+1 −0

Conversation

@ycombinator
Copy link
Contributor

@ycombinator ycombinator commented Dec 3, 2025
edited
Loading

Description

In #14225, we skipped the configtls.TestTPM_loadCertificate unit test if the tests were run with GODEBUG=fips140=only. Otherwise, the unit test failed with a panic: crypto/cipher: use of CFB is not allowed in FIPS 140-only mode error.

Turns out there was a second unit test in the same package that needed skipping for the same reason: configtls.TestTPM_tpmCertificate_errors. This PR skips it too.

Link to tracking issue

Follow up to #14225

@ycombinator ycombinator requested a review from a team as a code owner December 3, 2025 20:21
@ycombinator ycombinator mentioned this pull request Dec 3, 2025
Draft
@codspeed-hq
Copy link

codspeed-hq bot commented Dec 3, 2025
edited
Loading

CodSpeed Performance Report

Merging #14255 will not alter performance

Comparing ycombinator:fips-tpm-unit-tests-fix (26220bd) with main (b2aeb62)

⚠️ Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

Summary

✅ 59 untouched
⏩ 20 skipped1

Footnotes

  1. 20 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports.

@codecov
Copy link

codecov bot commented Dec 3, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.13%. Comparing base (b2aeb62) to head (26220bd).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14255      +/-   ##
==========================================
- Coverage   92.15%   92.13%   -0.03%     
==========================================
  Files         668      668              
  Lines       41492    41492              
==========================================
- Hits        38239    38227      -12     
- Misses       2218     2226       +8     
- Partials     1035     1039       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dmathieu
dmathieu reviewed Dec 4, 2025
View reviewed changes
Copy link
Member

@dmathieu dmathieu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know about this. It silently skips tests, and seeing which test is being skipped could be unclear.
I think it would be clearer (though more verbose) to explicitly skip within eaach test rather than within an helper.

@ycombinator
Copy link
Contributor Author

ycombinator commented Dec 5, 2025
edited
Loading

I don't know about this. It silently skips tests, and seeing which test is being skipped could be unclear. I think it would be clearer (though more verbose) to explicitly skip within eaach test rather than within an helper.

Makes sense. Updated in d0cff30.

@ycombinator ycombinator requested a review from dmathieu December 5, 2025 03:44
@ycombinator ycombinator force-pushed the fips-tpm-unit-tests-fix branch from 560225c to d0cff30 Compare December 5, 2025 03:56
@dmathieu dmathieu added the Skip Changelog PRs that do not require a CHANGELOG.md entry label Dec 5, 2025
@ycombinator ycombinator force-pushed the fips-tpm-unit-tests-fix branch 2 times, most recently from 63d509b to 8a96420 Compare December 9, 2025 15:21
@ycombinator ycombinator force-pushed the fips-tpm-unit-tests-fix branch from 8a96420 to 26220bd Compare December 9, 2025 17:55
@ycombinator
Copy link
Contributor Author

ycombinator commented Dec 9, 2025

Hi @dmathieu @bogdandrutu, the CI failures in this PR seem unrelated to the changes in this PR. I've tried rebasing on the latest main a few times over the past week but that doesn't seem to help. Could you please guide me on how to proceed? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmathieu dmathieu dmathieu approved these changes

@bogdandrutu bogdandrutu Awaiting requested review from bogdandrutu bogdandrutu is a code owner automatically assigned from open-telemetry/collector-approvers

Assignees

No one assigned

Labels

Skip Changelog PRs that do not require a CHANGELOG.md entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ycombinator @dmathieu