blob: 10e07e583f98e02cdeab1ac59f319d3ae82d25c4 [file] [log] [blame]
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
//go:build (!fips && (fips_140_2 || fips_140_3)) || (fips && !fips_140_2 && !fips_140_3) || (fips_140_2 && fips_140_3)
package constants
import "C"
// This function is the equivalent of an external (CGo) function definition,
// without implementation in any imported or built library. This results in
// a linker err if the above build constraints are satisfied:
// /home/cipherboy/GitHub/cipherboy/vault-enterprise/helper/constants/fips_build_check.go:10: undefined reference to `'
// This indicates that a build error has occurred due to mismatched tags.
// In particular, we use this to enforce the following restrictions on build
// tags:
// - If a versioned fips_140_* tag is specified, the unversioned tag must
// also be.
// - If the unversioned tag is specified, a versioned tag must be.
// - Both versioned flags cannot be specified at the same time.
// In the unlikely event that a FFI implementation for this function exists
// in the future, it should be renamed to a new function which does not
// exist.
// This approach was chosen above the other implementation in fips_cgo_check.go
// because this version does not break static analysis tools: most tools do not
// cross the CGo boundary and thus do not know that the below function is
// missing an implementation. However, in the other file, the function call is
// not marked as CGo (in part large because the lack of a cgo build tag
// prohibits us from using the same technique) and thus it must be a Go
// declaration, that is missing.
func VaultFIPSBuildRequiresVersionAgnosticTagAndOneVersionTag()
func init() {