Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto/md5,crypto/sha1: apply fips140=only to Write and Sum, not New

Browse source 
New is called to get a Hash which can then be rejected with an error
(instead of a panic) from fips140only.ApprovedHash.

Also, it's reasonable to call New().Size() and then not use the hash.

Change-Id: I6a6a4656c43528d169c4b28c8b6de48448236d4f
Reviewed-on: https://go-review.googlesource.com/c/go/+/641317
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Filippo Valsorda 2025-01-06 18:49:45 +01:00 committed by Gopher Robot
parent 0cdf8c7a8c
commit 54693a81fd
2 changed files with 19 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/crypto/md5/md5.go
View file

@ -104,9 +104,6 @@ func consumeUint32(b []byte) ([]byte, uint32) {
// [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal
// state of the hash.
func New() hash.Hash {
if fips140only.Enabled {
panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode")
}
d := new(digest)
d.Reset()
return d
@ -117,6 +114,9 @@ func (d *digest) Size() int { return Size }
func (d *digest) BlockSize() int { return BlockSize }
func (d *digest) Write(p []byte) (nn int, err error) {
if fips140only.Enabled {
return 0, errors.New("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode")
}
// Note that we currently call block or blockGeneric
// directly (guarded using haveAsm) because this allows
// escape analysis to see that p and d don't escape.
@ -158,6 +158,10 @@ func (d *digest) Sum(in []byte) []byte {
}
func (d *digest) checkSum() [Size]byte {
if fips140only.Enabled {
panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode")
}
// Append 0x80 to the end of the message and then append zeros
// until the length is a multiple of 56 bytes. Finally append
// 8 bytes representing the message length in bits.
@ -184,9 +188,6 @@ func (d *digest) checkSum() [Size]byte {
// Sum returns the MD5 checksum of the data.
func Sum(data []byte) [Size]byte {
if fips140only.Enabled {
panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode")
}
var d digest
d.Reset()
d.Write(data)

16
src/crypto/sha1/sha1.go
View file

@ -111,9 +111,6 @@ func New() hash.Hash {
if boring.Enabled {
return boring.NewSHA1()
}
if fips140only.Enabled {
panic("crypto/sha1: use of weak SHA-1 is not allowed in FIPS 140-only mode")
}
d := new(digest)
d.Reset()
return d
@ -124,6 +121,9 @@ func (d *digest) Size() int { return Size }
func (d *digest) BlockSize() int { return BlockSize }
func (d *digest) Write(p []byte) (nn int, err error) {
if fips140only.Enabled {
return 0, errors.New("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
boring.Unreachable()
nn = len(p)
d.len += uint64(nn)
@ -156,6 +156,10 @@ func (d *digest) Sum(in []byte) []byte {
}
func (d *digest) checkSum() [Size]byte {
if fips140only.Enabled {
panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
len := d.len
// Padding. Add a 1 bit and 0 bits until 56 bytes mod 64.
var tmp [64 + 8]byte // padding + length buffer
@ -196,6 +200,10 @@ func (d *digest) ConstantTimeSum(in []byte) []byte {
}
func (d *digest) constSum() [Size]byte {
if fips140only.Enabled {
panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
var length [8]byte
l := d.len << 3
for i := uint(0); i < 8; i++ {
@ -262,7 +270,7 @@ func Sum(data []byte) [Size]byte {
return boring.SHA1(data)
}
if fips140only.Enabled {
panic("crypto/sha1: use of weak SHA-1 is not allowed in FIPS 140-only mode")
panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
var d digest
d.Reset()