From fb5719cbda01c64f2f8d2eeed8592a494de59d65 Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@golang.org>
Date: Sun, 7 Sep 2025 16:44:43 +0200
Subject: [PATCH] crypto/internal/fips140/ecdsa: make TestingOnlyNewDRBG
 generic

We are re-sealing the .zip file anyway for another reason, might as well
take the opportunity to remove the fips140.Hash type indirection.

Change-Id: I6a6a6964fdb312cc2c64e327f845c398c0f6279b
Reviewed-on: https://go-review.googlesource.com/c/go/+/701519
Reviewed-by: Michael Pratt <mpratt@google.com>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Mark Freeman <markfreeman@google.com>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
---
 src/crypto/internal/fips140/ecdsa/hmacdrbg.go | 2 +-
 src/crypto/internal/fips140/fips140.go        | 7 -------
 src/crypto/internal/fips140test/acvp_test.go  | 2 +-
 3 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
index fa82ce39f9..698c23bcda 100644
--- a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
+++ b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
@@ -122,7 +122,7 @@ func newDRBG[H hash.Hash](hash func() H, entropy, nonce []byte, s personalizatio
 //
 // This should only be used for ACVP testing. hmacDRBG is not intended to be
 // used directly.
-func TestingOnlyNewDRBG(hash func() hash.Hash, entropy, nonce []byte, s []byte) *hmacDRBG {
+func TestingOnlyNewDRBG[H hash.Hash](hash func() H, entropy, nonce []byte, s []byte) *hmacDRBG {
 	return newDRBG(hash, entropy, nonce, plainPersonalizationString(s))
 }
 
diff --git a/src/crypto/internal/fips140/fips140.go b/src/crypto/internal/fips140/fips140.go
index ca96c88442..4f0999d6d9 100644
--- a/src/crypto/internal/fips140/fips140.go
+++ b/src/crypto/internal/fips140/fips140.go
@@ -7,7 +7,6 @@ package fips140
 import (
 	"crypto/internal/fips140deps/godebug"
 	"errors"
-	"hash"
 	"runtime"
 )
 
@@ -75,9 +74,3 @@ func Version() string {
 	// moved to a different file.
 	return "latest" //mkzip:version
 }
-
-// Hash is a legacy compatibility alias for hash.Hash.
-//
-// It's only here because [crypto/internal/fips140/ecdsa.TestingOnlyNewDRBG]
-// takes a "func() fips140.Hash" in v1.0.0, instead of being generic.
-type Hash = hash.Hash
diff --git a/src/crypto/internal/fips140test/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go
index 5871bde8be..47a42cce1b 100644
--- a/src/crypto/internal/fips140test/acvp_test.go
+++ b/src/crypto/internal/fips140test/acvp_test.go
@@ -1624,7 +1624,7 @@ func cmdHmacDrbgAft(h func() hash.Hash) command {
 			//   * Uninstantiate
 			// See Table 7 in draft-vassilev-acvp-drbg
 			out := make([]byte, outLen)
-			drbg := ecdsa.TestingOnlyNewDRBG(func() fips140.Hash { return h() }, entropy, nonce, personalization)
+			drbg := ecdsa.TestingOnlyNewDRBG(h, entropy, nonce, personalization)
 			drbg.Generate(out)
 			drbg.Generate(out)