[release-branch.go1.26] all: merge master (2baa1d1) into release-branch.go1.26

For #76474.

Change-Id: Ic50e288f99b731b62af9aa73ce6721f0f2f3596d

8 files changed, 49 insertions, 20 deletions

diff --git a/src/crypto/internal/fips140test/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go
index e94bab74fd..6a0b46af2b 100644
--- a/src/crypto/internal/fips140test/acvp_test.go
+++ b/src/crypto/internal/fips140test/acvp_test.go
@@ -2146,7 +2146,7 @@ func TestACVP(t *testing.T) {
 	}
 	configPath := filepath.Join(cwd, testConfigFile)
 	t.Logf("running check_expected.go\ncwd: %q\ndata_dir: %q\nconfig: %q\ntool: %q\nmodule-wrapper: %q\n",
-		cwd, dataDir, configPath, toolPath, os.Args[0])
+		cwd, dataDir, configPath, toolPath, testenv.Executable(t))
 
 	// Run the check_expected test driver using the acvptool we built, and this test binary as the
 	// module wrapper. The file paths in the config file are specified relative to the dataDir root
@@ -2157,7 +2157,7 @@ func TestACVP(t *testing.T) {
 		"-tool",
 		toolPath,
 		// Note: module prefix must match Wrapper value in testConfigFile.
-		"-module-wrappers", "go:" + os.Args[0],
+		"-module-wrappers", "go:" + testenv.Executable(t),
 		"-tests", configPath,
 	}
 	cmd = testenv.Command(t, testenv.GoToolPath(t), args...)
diff --git a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go b/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
deleted file mode 100644
index ef79068c38..0000000000
--- a/src/crypto/internal/fips140test/cast_fips140v1.26_test.go
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright 2024 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build !fips140v1.0
-
-package fipstest
-
-import "crypto/internal/fips140/mldsa"
-
-func fips140v126Conditionals() {
-	// ML-DSA sign and verify PCT
-	kMLDSA := mldsa.GenerateKey44()
-	// ML-DSA-44
-	mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
-}
diff --git a/src/crypto/internal/fips140test/check_test.go b/src/crypto/internal/fips140test/check_test.go
index 8aef1f9b9b..d70ffbb77f 100644
--- a/src/crypto/internal/fips140test/check_test.go
+++ b/src/crypto/internal/fips140test/check_test.go
@@ -46,7 +46,7 @@ func TestIntegrityCheckFailure(t *testing.T) {
 	moduleStatus(t)
 	cryptotest.MustSupportFIPS140(t)
 
-	bin, err := os.ReadFile(os.Args[0])
+	bin, err := os.ReadFile(testenv.Executable(t))
 	if err != nil {
 		t.Fatal(err)
 	}
diff --git a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go b/src/crypto/internal/fips140test/fips140v1.0_test.go
index b9ddfe4d8b..262ef61d5c 100644
--- a/src/crypto/internal/fips140test/cast_fips140v1.0_test.go
+++ b/src/crypto/internal/fips140test/fips140v1.0_test.go
@@ -6,4 +6,8 @@
 
 package fipstest
 
+import "testing"
+
 func fips140v126Conditionals() {}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {}
diff --git a/src/crypto/internal/fips140test/fips140v1.26_test.go b/src/crypto/internal/fips140test/fips140v1.26_test.go
new file mode 100644
index 0000000000..6cd9f4fe40
--- /dev/null
+++ b/src/crypto/internal/fips140test/fips140v1.26_test.go
@@ -0,0 +1,33 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !fips140v1.0
+
+package fipstest
+
+import (
+	"crypto/internal/fips140/mldsa"
+	"testing"
+)
+
+func fips140v126Conditionals() {
+	// ML-DSA sign and verify PCT
+	kMLDSA := mldsa.GenerateKey44()
+	// ML-DSA-44
+	mldsa.SignDeterministic(kMLDSA, make([]byte, 32), "")
+}
+
+func testFIPS140v126(t *testing.T, plaintext []byte) {
+	t.Run("ML-DSA KeyGen, SigGen, SigVer", func(t *testing.T) {
+		ensureServiceIndicator(t)
+		k := mldsa.GenerateKey44()
+
+		sig, err := mldsa.SignDeterministic(k, plaintext, "")
+		fatalIfErr(t, err)
+		t.Logf("ML-DSA signature: %x", sig)
+
+		err = mldsa.Verify(k.PublicKey(), plaintext, sig, "")
+		fatalIfErr(t, err)
+	})
+}
diff --git a/src/crypto/internal/fips140test/fips_test.go b/src/crypto/internal/fips140test/fips_test.go
index 52fc9d3488..7f2824ca9a 100644
--- a/src/crypto/internal/fips140test/fips_test.go
+++ b/src/crypto/internal/fips140test/fips_test.go
@@ -101,6 +101,8 @@ func TestFIPS140(t *testing.T) {
 	aesBlock, err := aes.New(aesKey)
 	fatalIfErr(t, err)
 
+	testFIPS140v126(t, plaintext)
+
 	t.Run("AES-CTR", func(t *testing.T) {
 		ensureServiceIndicator(t)
 		ctr := aes.NewCTR(aesBlock, aesIV)
diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
index 5ae4c1dd20..124fba1e8a 100644
--- a/src/crypto/rsa/rsa_test.go
+++ b/src/crypto/rsa/rsa_test.go
@@ -145,6 +145,12 @@ d8Y7
 }
 
 func testKeyBasics(t *testing.T, priv *PrivateKey) {
+	defer func() {
+		if t.Failed() {
+			t.Logf("failed key: %#v", priv)
+		}
+	}()
+
 	if err := priv.Validate(); err != nil {
 		t.Errorf("Validate() failed: %s", err)
 	}
diff --git a/src/crypto/tls/bogo_shim_test.go b/src/crypto/tls/bogo_shim_test.go
index 1b5fc49c4f..ccac47c271 100644
--- a/src/crypto/tls/bogo_shim_test.go
+++ b/src/crypto/tls/bogo_shim_test.go
@@ -577,7 +577,7 @@ func TestBogoSuite(t *testing.T) {
 		"test",
 		".",
 		fmt.Sprintf("-shim-config=%s", filepath.Join(cwd, "bogo_config.json")),
-		fmt.Sprintf("-shim-path=%s", os.Args[0]),
+		fmt.Sprintf("-shim-path=%s", testenv.Executable(t)),
 		"-shim-extra-flags=-bogo-mode",
 		"-allow-unimplemented",
 		"-loose-errors", // TODO(roland): this should be removed eventually