Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/internal/fips140/aes: set FIPS 140 service indicator for CTR and CBC

Browse source 
This is a very late Go 1.24 change, but it is necessary for the frozen
FIPS module, and doesn't impact anything else than the FIPS status
indicator value.

Change-Id: I6a6a4656f1ac94ac46d631c90a206ac8b6ddcf4c
Reviewed-on: https://go-review.googlesource.com/c/go/+/644635
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
This commit is contained in:
Filippo Valsorda 2025-01-27 14:18:02 +01:00 committed by Gopher Robot
parent e0aeee82f3
commit 3f791c8dfb
2 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/internal/fips140/aes/cbc.go
View file

@ -5,6 +5,7 @@
package aes
import (
"crypto/internal/fips140"
"crypto/internal/fips140/alias"
"crypto/internal/fips140/subtle"
)
@ -32,6 +33,7 @@ func (c *CBCEncrypter) CryptBlocks(dst, src []byte) {
if alias.InexactOverlap(dst[:len(src)], src) {
panic("crypto/cipher: invalid buffer overlap")
}
fips140.RecordApproved()
if len(src) == 0 {
return
}
@ -85,6 +87,7 @@ func (c *CBCDecrypter) CryptBlocks(dst, src []byte) {
if alias.InexactOverlap(dst[:len(src)], src) {
panic("crypto/cipher: invalid buffer overlap")
}
fips140.RecordApproved()
if len(src) == 0 {
return
}

2
src/crypto/internal/fips140/aes/ctr.go
View file

@ -5,6 +5,7 @@
package aes
import (
"crypto/internal/fips140"
"crypto/internal/fips140/alias"
"crypto/internal/fips140/subtle"
"crypto/internal/fips140deps/byteorder"
@ -71,6 +72,7 @@ func (c *CTR) XORKeyStreamAt(dst, src []byte, offset uint64) {
if alias.InexactOverlap(dst, src) {
panic("crypto/aes: invalid buffer overlap")
}
fips140.RecordApproved()
ivlo, ivhi := add128(c.ivlo, c.ivhi, offset/BlockSize)