cmd/link/internal/loader: fix linknames from FIPS 140 frozen tree

blockedLinknames was updated in CL 635676 after the lib/fips140 zip mechanism was last tested. linknames from crypto/internal/fips140/v1.0.0 need to be allowed if they'd be allowed from crypto/internal/fips140. Change-Id: I6a6a4656022118d4739ae14831f2ad721951c192 Reviewed-on: https://go-review.googlesource.com/c/go/+/645195 Reviewed-by: Michael Pratt <[email protected]> Auto-Submit: Filippo Valsorda <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Roland Shoemaker <[email protected]>
golang · Jan 29, 2025 · 4f48ad5 · 4f48ad5
1 parent 1f58ad5
commit 4f48ad5
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/src/cmd/link/internal/loader/loader.go b/src/cmd/link/internal/loader/loader.go
@@ -2394,6 +2394,16 @@ func (l *Loader) checkLinkname(pkg, name string, s Sym) {
 			if pkg == p {
 				return // pkg is allowed
 			}
+			// crypto/internal/fips140/vX.Y.Z/... is the frozen version of
+			// crypto/internal/fips140/... and is similarly allowed.
+			if strings.HasPrefix(pkg, "crypto/internal/fips140/v") {
+				parts := strings.Split(pkg, "/")
+				parts = append(parts[:3], parts[4:]...)
+				pkg := strings.Join(parts, "/")
+				if pkg == p {
+					return
+				}
+			}
 		}
 		error()
 	}