Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/ecdsa: apply fips140=only to deterministic ECDSA hash

Browse source 
Change-Id: I6a6a46567b1eaaef080ac0994afa83db2624a75a
Reviewed-on: https://go-review.googlesource.com/c/go/+/641316
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
This commit is contained in:
Filippo Valsorda 2025-01-06 21:12:03 +01:00 committed by Gopher Robot
parent 4640e92af7
commit 0cdf8c7a8c
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/ecdsa/ecdsa.go
View file

@ -281,6 +281,9 @@ func signFIPSDeterministic[P ecdsa.Point[P]](c *ecdsa.Curve[P], hashFunc crypto.
if err != nil { if err != nil {
return nil, err return nil, err
} }
if fips140only.Enabled && !fips140only.ApprovedHash(hashFunc.New()) {
return nil, errors.New("crypto/ecdsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
sig, err := ecdsa.SignDeterministic(c, hashFunc.New, k, hash) sig, err := ecdsa.SignDeterministic(c, hashFunc.New, k, hash)
if err != nil { if err != nil {
return nil, err return nil, err