From f105dfd048ce6ca9a8115d7fdd7a4cb60e84ba40 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 10 Dec 2025 22:49:31 +0100
Subject: lib/fips140: freeze v1.1.0-rc1 FIPS 140 module zip file

Fixes #76769

Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest
Change-Id: I16b0e9463e2e10ee5a6f20967fb6377b6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/729180
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: David Chase <drchase@google.com>
---
 src/internal/buildcfg/cfg.go | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

(limited to 'src/internal')

diff --git a/src/internal/buildcfg/cfg.go b/src/internal/buildcfg/cfg.go
index a75960b8e6..89fd74eb82 100644
--- a/src/internal/buildcfg/cfg.go
+++ b/src/internal/buildcfg/cfg.go
@@ -80,32 +80,42 @@ func gofips140() string {
 	if isFIPSVersion(v) {
 		return v
 	}
-	Error = fmt.Errorf("invalid GOFIPS140: must be off, latest, inprocess, certified, or vX.Y.Z")
+	Error = fmt.Errorf("invalid GOFIPS140: must be off, latest, inprocess, certified, or v1.Y.Z")
 	return DefaultGOFIPS140
 }
 
 // isFIPSVersion reports whether v is a valid FIPS version,
-// of the form vX.Y.Z or vX.Y.Z-hash.
+// of the form v1.Y.Z or v1.Y.Z-hhhhhhhh or v1.Y.Z-rcN.
 func isFIPSVersion(v string) bool {
-	if !strings.HasPrefix(v, "v") {
+	v, ok := strings.CutPrefix(v, "v1.")
+	if !ok {
 		return false
 	}
-	v, ok := skipNum(v[len("v"):])
-	if !ok || !strings.HasPrefix(v, ".") {
+	if v, ok = cutNum(v); !ok {
 		return false
 	}
-	v, ok = skipNum(v[len("."):])
-	if !ok || !strings.HasPrefix(v, ".") {
+	if v, ok = strings.CutPrefix(v, "."); !ok {
 		return false
 	}
-	v, ok = skipNum(v[len("."):])
-	hasHash := strings.HasPrefix(v, "-") && len(v) == len("-")+8
-	return ok && (v == "" || hasHash)
+	if v, ok = cutNum(v); !ok {
+		return false
+	}
+	if v == "" {
+		return true
+	}
+	if v, ok = strings.CutPrefix(v, "-rc"); ok {
+		v, ok = cutNum(v)
+		return ok && v == ""
+	}
+	if v, ok = strings.CutPrefix(v, "-"); ok {
+		return len(v) == 8
+	}
+	return false
 }
 
-// skipNum skips the leading text matching [0-9]+
+// cutNum skips the leading text matching [0-9]+
 // in s, returning the rest and whether such text was found.
-func skipNum(s string) (rest string, ok bool) {
+func cutNum(s string) (rest string, ok bool) {
 	i := 0
 	for i < len(s) && '0' <= s[i] && s[i] <= '9' {
 		i++
-- 
cgit v1.3