// resources (with delta updates), or on-demand and only get responses for specifically subscribed resources.
//
// Incoming requests may be for VIP or Pod IP addresses. However, all responses are Workload resources, which are pod based.
// This means subscribing to a VIP may end up pushing many resources of different name than the request.

func TestLibraryCoverage(t *testing.T) {
	vops := make([]VersionedOptions, len(baseOpts))
	copy(vops, baseOpts)
	sort.SliceStable(vops, func(i, j int) bool {
		return vops[i].IntroducedVersion.LessThan(vops[j].IntroducedVersion)
	})

	tracked := map[string]*versionTracker{}

	for _, vop := range vops {
		if vop.RemovedVersion != nil {
			if vop.IntroducedVersion == nil {

//go:build fips
// +build fips

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful

	// nolint: revive, stylecheck
	FIPS_140_2 = "fips-140-2"
)

// Define common security feature flags shared among the Istio components.
var (
	CompliancePolicy = env.Register("COMPLIANCE_POLICY", "",
		`If set, applies policy-specific restrictions over all existing TLS
settings, including in-mesh mTLS and external TLS. Valid values are:

* '' or unset places no additional restrictions.

	tests := []struct {
		name string
		ips  []string
		ipv4 []string
		ipv6 []string
	}{
		{
			name: "include valid and invalid ip addresses",
			ips:  []string{"1.0.0.0", "256.255.255.255", "localhost", "::1", "2001:db8:::1"},
			ipv4: []string{"1.0.0.0"},
			ipv6: []string{"::1"},
		},
		{
			name: "two ipv4 and one ipv6",
			ips:  []string{"1.0.0.0", "255.255.255.255", "::1"},

// Package fipstls allows control over whether crypto/tls requires FIPS-approved settings.
// This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent
// of the use of BoringCrypto.
package fipstls

import (
	"internal/stringslite"
	"sync/atomic"
)

var required atomic.Bool

// Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings.

	-f Dockerfile.release.old_cpu .

docker buildx prune -f

docker buildx build --push --no-cache \
	--build-arg RELEASE="${release}" \
	-t "minio/minio:${release}.fips" \
	-t "quay.io/minio/minio:${release}.fips" \
	--platform=linux/amd64 -f Dockerfile.release.fips .

docker buildx prune -f

			}
			w = w<<24 | w>>8
		}
	}
}

// Test vectors are from FIPS 197:
//	https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

// Appendix A of FIPS 197: Key expansion examples
type KeyTest struct {
	key []byte
	enc []uint32
	dec []uint32 // decryption expansion; not in FIPS 197, computed from C implementation.
}

var keyTests = []KeyTest{
	{

	// arm64:"FSQRTD"
	// arm/7:"SQRTD"
	// mips/hardfloat:"SQRTD" mips/softfloat:-"SQRTD"
	// mips64/hardfloat:"SQRTD" mips64/softfloat:-"SQRTD"
	// wasm:"F64Sqrt"
	// ppc64x:"FSQRT"
	// riscv64: "FSQRTD"
	return math.Sqrt(x)
}

func sqrt32(x float32) float32 {
	// amd64:"SQRTSS"
	// 386/sse2:"SQRTSS" 386/softfloat:-"SQRTS"
	// arm64:"FSQRTS"
	// arm/7:"SQRTF"
	// mips/hardfloat:"SQRTF" mips/softfloat:-"SQRTF"

	json := jsoniter.ConfigCompatibleWithStandardLibrary
	if err := json.Unmarshal(metadataBuffer, &metadata); err != nil {
		return nil, err
	}
	if fips.Enabled && metadata.Algorithm != sio.AES_256_GCM {
		return nil, fmt.Errorf("config: unsupported encryption algorithm: %q is not supported in FIPS mode", metadata.Algorithm)
	}

	key, err := k.Decrypt(context.TODO(), &kms.DecryptRequest{
		Name:           metadata.KeyID,