Remove references to the ms_tls13kdf build tag

Author: ycombinator

docs/fips.md

@@ -12,12 +12,12 @@ This toolchain must be present for local compilation.
 
 As we are using micrsoft/go as a base we follow their conventions.
 
-Our FIPS changes require the `requirefips` and `ms_tls13kdf` buildtags.
+Our FIPS changes require the `requirefips` build tag.
 When compiling `GOEXPERIMENT=systemcrypto` and `CGO_ENABLED=1` must be set.
 Additionally the `MS_GOTOOLCHAIN_TELEMETRY_ENABLED=0` env var is set to disable telemetry for [microsoft/go](https://github.com/microsoft/go).
 
 The `FIPS=true` env var is used by our magefile as the FIPS toggle.
-This env var applies to all targets, at a minimum the `requirefips` and `ms_tls13kdf` tags will be set.
+This env var applies to all targets, at a minimum the `requirefips` tag will be set.
 For targets that compile binaries, the `GOEXPERIMENT=systemcrypto` and `CGO_ENABLED=1` env vars are set.
 
 For developer conveniance, running `FIPS=true mage multipass` will provision a multipass VM with the Microsoft/go toolchain.

magefile.go

@@ -326,7 +326,7 @@ var (
 			tags = append(tags, "snapshot")
 		}
 		if isFIPS() {
-			tags = append(tags, "requirefips", "ms_tls13kdf")
+			tags = append(tags, "requirefips")
 		}
 		return strings.Join(tags, ",")
 	})
@@ -486,7 +486,7 @@ func (Check) Notice() {
 // DetectFIPSCryptoImports will do a best effort attempt to ensure that the imports list for FIPS compatible artifacts does not contain any external crypto libraries.
 // Specifically it will fail if the modules list contains an entry with: "crypto", "gokrb5", or "pbkdf2"
 func (Check) DetectFIPSCryptoImports() error {
-	tags := []string{"requirefips", "ms_tls13kdf"}
+	tags := []string{"requirefips"}
 	mods, err := getModules(tags...)
 	if err != nil {
 		return err
@@ -514,7 +514,7 @@ func genNotice(fips bool) error {
 	outFile := "NOTICE.txt"
 	if fips {
 		log.Println("Generating NOTICE-fips.txt.")
-		tags = append(tags, "requirefips", "ms_tls13kdf")
+		tags = append(tags, "requirefips")
 		outFile = "NOTICE-fips.txt"
 	} else {
 		log.Println("Generating NOTICE.txt.")
@@ -1202,7 +1202,7 @@ func (Docker) CustomAgentImage() error {
 // Unit runs unit tests.
 // Produces a unit test output file, and test coverage file in the build directory.
 // SNAPSHOT adds the snapshot build tag.
-// FIPS adds the requirefips and ms_tls13kdf build tags.
+// FIPS adds the requirefips build tag.
 func (Test) Unit() error {
 	mg.Deps(mg.F(mkDir, "build"))
 	output, err := teeCommand(environMap(), "go", "test", "-tags="+getTagsString(), "-v", "-race", "-coverprofile="+filepath.Join("build", "coverage-"+runtime.GOOS+".out"), "./...")
@@ -1214,7 +1214,7 @@ func (Test) Unit() error {
 // This is done because mage may have issues when running with fips140=only set.
 // Produces a unit test output file, and test coverage file in the build directory.
 // SNAPSHOT adds the snapshot build tag.
-// FIPS adds the requirefips and ms_tls13kdf build tags.
+// FIPS adds the requirefips build tag.
 func (Test) UnitFIPSOnly() error {
 	mg.Deps(mg.F(mkDir, "build"))
 	env := environMap()
@@ -1226,7 +1226,7 @@ func (Test) UnitFIPSOnly() error {
 
 // Integration provisions the integration test environment with docker compose, runs the integration tests, then destroys the environment.
 // SNAPSHOT runs integration tests with the snapshot build tag.
-// FIPS runs the integration tests the requirefips and ms_tls13kdf build tags.
+// FIPS runs the integration tests the requirefips build tag.
 func (Test) Integration() {
 	mg.SerialDeps(mg.F(mkDir, "build"), Test.IntegrationUp, Test.IntegrationRun, Test.IntegrationDown)
 }
@@ -1240,7 +1240,7 @@ func (Test) IntegrationUp() error {
 // Assumes that the integration test environment is up.
 // Produces an integration test output file in the build directory.
 // SNAPSHOT runs integration tests with the snapshot build tag.
-// FIPS runs the integration tests the requirefips and ms_tls13kdf build tags.
+// FIPS runs the integration tests the requirefips build tag.
 func (Test) IntegrationRun(ctx context.Context) error {
 	env, err := readEnvFile(filepath.Join("dev-tools", "integration", ".env"))
 	if err != nil {
@@ -1592,9 +1592,6 @@ func checkFIPSBinary(path string) error {
 			if !strings.Contains(setting.Value, "requirefips") {
 				return fmt.Errorf("requirefips tag not found in %s", setting.Value)
 			}
-			if !strings.Contains(setting.Value, "ms_tls13kdf") {
-				return fmt.Errorf("requirefips tag not found in %s", setting.Value)
-			}
 			continue
 		case "GOEXPERIMENT":
 			foundExperiment = true
@@ -1665,15 +1662,15 @@ func (Test) JunitReport() error {
 
 // All runs unit and integration tests and produces junit reports for all the tests.
 // SNAPSHOT adds the snapshot build tag.
-// FIPS adds the requirefips and ms_tls13kdf build tags.
+// FIPS adds the requirefips build tag.
 func (Test) All() {
 	mg.SerialDeps(mg.F(mkDir, "build"), Test.Unit, Test.Integration, Test.JunitReport)
 }
 
 // Benchmark runs the included benchmarks
 // Produces a benchmark file in the build directory.
 // SNAPSHOT adds the snapshot build tag.
-// FIPS adds the requirefips and ms_tls13kdf build tags.
+// FIPS adds the requirefips build tag.
 // BENCHMARK_FILTER can be used to filter what benchmarks run.
 // BENCHMARK_ARGS can be used to change what is being benchmarked. Default: -count=10 -benchtime=3s -benchmem.
 // BENCH_BASE can be used to change the output file name.