Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/internal/fips140: zeroise integrity test temporary values

Browse source 
There is no point to zeroise anything here because there are no secrets,
but there is a strict FIPS 140-3 test requirement for it.

> TE05.08.02 (Levels 1, 2, 3, and 4): verify that any temporary values
> generated during the integrity test are zeroised upon completion of
> the integrity test

Change-Id: I7b0db075dae9910f8e825a22ca2caa2b4c918980
Reviewed-on: https://go-review.googlesource.com/c/go/+/636556
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
Filippo Valsorda 2024-12-16 17:20:46 +01:00 committed by Gopher Robot
parent d8ad4af78b
commit 27c5164374
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/crypto/internal/fips140/check/check.go
View file

@ -93,6 +93,13 @@ func init() {
panic("fips140: verification mismatch") panic("fips140: verification mismatch")
} }
// "The temporary value(s) generated during the integrity test of the
// modules software or firmware shall [05.10] be zeroised from the module
// upon completion of the integrity test"
clear(sum)
clear(nbuf[:])
h.Reset()
if godebug.Value("#fips140") == "debug" { if godebug.Value("#fips140") == "debug" {
println("fips140: verified code+data") println("fips140: verified code+data")
} }