--- /dev/null
+pkg crypto/fips140, func Enforced() bool #74630
+pkg crypto/fips140, func WithoutEnforcement(func()) #74630
--- /dev/null
+The new [WithoutEnforcement] and [Enforced] functions now allow running
+in `GODEBUG=fips140=only` mode while selectively disabling the strict FIPS 140-3 checks.
if b, ok := b.(*aes.Block); ok {
return aes.NewCBCEncrypter(b, [16]byte(iv))
}
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode")
}
if cbc, ok := b.(cbcEncAble); ok {
if b, ok := b.(*aes.Block); ok {
return aes.NewCBCDecrypter(b, [16]byte(iv))
}
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode")
}
if cbc, ok := b.(cbcDecAble); ok {
// CFB is also unoptimized and not validated as part of the FIPS 140-3 module.
// If an unauthenticated [Stream] mode is required, use [NewCTR] instead.
func NewCFBEncrypter(block Block, iv []byte) Stream {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/cipher: use of CFB is not allowed in FIPS 140-only mode")
}
return newCFB(block, iv, false)
// CFB is also unoptimized and not validated as part of the FIPS 140-3 module.
// If an unauthenticated [Stream] mode is required, use [NewCTR] instead.
func NewCFBDecrypter(block Block, iv []byte) Stream {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/cipher: use of CFB is not allowed in FIPS 140-only mode")
}
return newCFB(block, iv, true)
if block, ok := block.(*aes.Block); ok {
return aesCtrWrapper{aes.NewCTR(block, iv)}
}
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only mode")
}
if ctr, ok := block.(ctrAble); ok {
// An exception is when the underlying [Block] was created by aes.NewCipher
// on systems with hardware support for AES. See the [crypto/aes] package documentation for details.
func NewGCM(cipher Block) (AEAD, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonce")
}
return newGCM(cipher, gcmStandardNonceSize, gcmTagSize)
// cryptosystem that uses non-standard nonce lengths. All other users should use
// [NewGCM], which is faster and more resistant to misuse.
func NewGCMWithNonceSize(cipher Block, size int) (AEAD, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonce")
}
return newGCM(cipher, size, gcmTagSize)
// cryptosystem that uses non-standard tag lengths. All other users should use
// [NewGCM], which is more resistant to misuse.
func NewGCMWithTagSize(cipher Block, tagSize int) (AEAD, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonce")
}
return newGCM(cipher, gcmStandardNonceSize, tagSize)
func newGCM(cipher Block, nonceSize, tagSize int) (AEAD, error) {
c, ok := cipher.(*aes.Block)
if !ok {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/cipher: use of GCM with non-AES ciphers is not allowed in FIPS 140-only mode")
}
return newGCMFallback(cipher, nonceSize, tagSize)
// OFB is also unoptimized and not validated as part of the FIPS 140-3 module.
// If an unauthenticated [Stream] mode is required, use [NewCTR] instead.
func NewOFB(b Block, iv []byte) Stream {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/cipher: use of OFB is not allowed in FIPS 140-only mode")
}
// NewCipher creates and returns a new [cipher.Block].
func NewCipher(key []byte) (cipher.Block, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/des: use of DES is not allowed in FIPS 140-only mode")
}
// NewTripleDESCipher creates and returns a new [cipher.Block].
func NewTripleDESCipher(key []byte) (cipher.Block, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/des: use of TripleDES is not allowed in FIPS 140-only mode")
}
// GenerateParameters puts a random, valid set of DSA parameters into params.
// This function can take many seconds, even on fast machines.
func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes) error {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return errors.New("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode")
}
// GenerateKey generates a public&private key pair. The Parameters of the
// [PrivateKey] must already be valid (see [GenerateParameters]).
func GenerateKey(priv *PrivateKey, rand io.Reader) error {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return errors.New("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode")
}
// Be aware that calling Sign with an attacker-controlled [PrivateKey] may
// require an arbitrary amount of CPU.
func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, nil, errors.New("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode")
}
// to the byte-length of the subgroup. This function does not perform that
// truncation itself.
func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode")
}
return k, nil
}
- if fips140only.Enabled && !fips140only.ApprovedRandomReader(rand) {
+ if fips140only.Enforced() && !fips140only.ApprovedRandomReader(rand) {
return nil, errors.New("crypto/ecdh: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
}
func (c *x25519Curve) GenerateKey(rand io.Reader) (*PrivateKey, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode")
}
key := make([]byte, x25519PrivateKeySize)
}
func (c *x25519Curve) NewPrivateKey(key []byte) (*PrivateKey, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode")
}
if len(key) != x25519PrivateKeySize {
}
func (c *x25519Curve) NewPublicKey(key []byte) (*PublicKey, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/ecdh: use of X25519 is not allowed in FIPS 140-only mode")
}
if len(key) != x25519PublicKeySize {
}
func generateFIPS[P ecdsa.Point[P]](curve elliptic.Curve, c *ecdsa.Curve[P], rand io.Reader) (*PrivateKey, error) {
- if fips140only.Enabled && !fips140only.ApprovedRandomReader(rand) {
+ if fips140only.Enforced() && !fips140only.ApprovedRandomReader(rand) {
return nil, errors.New("crypto/ecdsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
privateKey, err := ecdsa.GenerateKey(c, rand)
}
func signFIPS[P ecdsa.Point[P]](c *ecdsa.Curve[P], priv *PrivateKey, rand io.Reader, hash []byte) ([]byte, error) {
- if fips140only.Enabled && !fips140only.ApprovedRandomReader(rand) {
+ if fips140only.Enforced() && !fips140only.ApprovedRandomReader(rand) {
return nil, errors.New("crypto/ecdsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
k, err := privateKeyToFIPS(c, priv)
return nil, err
}
h := fips140hash.UnwrapNew(hashFunc.New)
- if fips140only.Enabled && !fips140only.ApprovedHash(h()) {
+ if fips140only.Enforced() && !fips140only.ApprovedHash(h()) {
return nil, errors.New("crypto/ecdsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
sig, err := ecdsa.SignDeterministic(c, h, k, hash)
// deprecated custom curves.
func generateLegacy(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/ecdsa: use of custom curves is not allowed in FIPS 140-only mode")
}
}
func signLegacy(priv *PrivateKey, csprng io.Reader, hash []byte) (sig []byte, err error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/ecdsa: use of custom curves is not allowed in FIPS 140-only mode")
}
}
func verifyLegacy(pub *PublicKey, hash []byte, sig []byte) bool {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/ecdsa: use of custom curves is not allowed in FIPS 140-only mode")
}
case hash == crypto.SHA512: // Ed25519ph
return ed25519.SignPH(k, message, context)
case hash == crypto.Hash(0) && context != "": // Ed25519ctx
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/ed25519: use of Ed25519ctx is not allowed in FIPS 140-only mode")
}
return ed25519.SignCtx(k, message, context)
case opts.Hash == crypto.SHA512: // Ed25519ph
return ed25519.VerifyPH(k, message, sig, opts.Context)
case opts.Hash == crypto.Hash(0) && opts.Context != "": // Ed25519ctx
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return errors.New("crypto/ed25519: use of Ed25519ctx is not allowed in FIPS 140-only mode")
}
return ed25519.VerifyCtx(k, message, sig, opts.Context)
--- /dev/null
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fips140
+
+import (
+ "internal/godebug"
+ _ "unsafe" // for linkname
+)
+
+// WithoutEnforcement disables strict FIPS 140-3 enforcement while executing f.
+// Calling WithoutEnforcement without strict enforcement enabled
+// (GODEBUG=fips140=only is not set or already inside of a call to
+// WithoutEnforcement) is a no-op.
+//
+// WithoutEnforcement is inherited by any goroutines spawned while executing f.
+//
+// As this disables enforcement, it should be applied carefully to tightly
+// scoped functions.
+func WithoutEnforcement(f func()) {
+ if !Enabled() || !Enforced() {
+ f()
+ return
+ }
+ setBypass()
+ defer unsetBypass()
+ f()
+}
+
+var enabled = godebug.New("fips140").Value() == "only"
+
+// Enforced indicates if strict FIPS 140-3 enforcement is enabled. Strict
+// enforcement is enabled when a program is run with GODEBUG=fips140=only and
+// enforcement has not been disabled by a call to [WithoutEnforcement].
+func Enforced() bool {
+ return enabled && !isBypassed()
+}
+
+//go:linkname setBypass
+func setBypass()
+
+//go:linkname isBypassed
+func isBypassed() bool
+
+//go:linkname unsetBypass
+func unsetBypass()
--- /dev/null
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fips140_test
+
+import (
+ "crypto/internal/cryptotest"
+ "internal/testenv"
+ "path/filepath"
+ "strings"
+ "testing"
+)
+
+func TestWithoutEnforcement(t *testing.T) {
+ testenv.MustHaveExec(t)
+ testenv.MustHaveGoBuild(t)
+ cryptotest.MustSupportFIPS140(t)
+
+ tool, _ := testenv.GoTool()
+ tmpdir := t.TempDir()
+ binFile := filepath.Join(tmpdir, "fips140.test")
+ cmd := testenv.Command(t, tool, "test", "-c", "-o", binFile, "./testdata")
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Log(string(out))
+ t.Errorf("Could not build enforcement tests")
+ }
+ cmd = testenv.Command(t, binFile, "-test.list", ".")
+ list, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Log(string(out))
+ t.Errorf("Could not get enforcement test list")
+ }
+ for test := range strings.Lines(string(list)) {
+ test = strings.TrimSpace(test)
+ t.Run(test, func(t *testing.T) {
+ cmd = testenv.Command(t, binFile, "-test.run", "^"+test+"$")
+ cmd.Env = append(cmd.Env, "GODEBUG=fips140=only")
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ t.Error(string(out))
+ }
+ })
+ }
+}
--- /dev/null
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fips140_test
+
+import (
+ "crypto/des"
+ "crypto/fips140"
+ "testing"
+)
+
+func expectAllowed(t *testing.T, why string, expected bool) {
+ t.Helper()
+ result := isAllowed()
+ if result != expected {
+ t.Fatalf("%v: expected: %v, got: %v", why, expected, result)
+ }
+}
+
+func isAllowed() bool {
+ _, err := des.NewCipher(make([]byte, 8))
+ return err == nil
+}
+
+func TestDisabled(t *testing.T) {
+ expectAllowed(t, "before enforcement disabled", false)
+ fips140.WithoutEnforcement(func() {
+ expectAllowed(t, "inside WithoutEnforcement", true)
+ })
+ // make sure that bypass doesn't live on after returning
+ expectAllowed(t, "after WithoutEnforcement", false)
+}
+
+func TestNested(t *testing.T) {
+ expectAllowed(t, "before enforcement bypass", false)
+ fips140.WithoutEnforcement(func() {
+ fips140.WithoutEnforcement(func() {
+ expectAllowed(t, "inside nested WithoutEnforcement", true)
+ })
+ expectAllowed(t, "inside nested WithoutEnforcement", true)
+ })
+ expectAllowed(t, "after enforcement bypass", false)
+}
+
+func TestGoroutineInherit(t *testing.T) {
+ ch := make(chan bool, 2)
+ expectAllowed(t, "before enforcement bypass", false)
+ fips140.WithoutEnforcement(func() {
+ go func() {
+ ch <- isAllowed()
+ }()
+ })
+ allowed := <-ch
+ if !allowed {
+ t.Fatal("goroutine didn't inherit enforcement bypass")
+ }
+ go func() {
+ ch <- isAllowed()
+ }()
+ allowed = <-ch
+ if allowed {
+ t.Fatal("goroutine inherited bypass after WithoutEnforcement return")
+ }
+}
}
func checkFIPS140Only[Hash hash.Hash](h func() Hash, key []byte) error {
- if !fips140only.Enabled {
+ if !fips140only.Enforced() {
return nil
}
if len(key) < 112/8 {
// BoringCrypto did not recognize h, so fall through to standard Go code.
}
h = fips140hash.UnwrapNew(h)
- if fips140only.Enabled {
+ if fips140only.Enforced() {
if len(key) < 112/8 {
panic("crypto/hmac: use of keys shorter than 112 bits is not allowed in FIPS 140-only mode")
}
package fips140only
import (
+ "crypto/fips140"
"crypto/internal/fips140/drbg"
"crypto/internal/fips140/sha256"
"crypto/internal/fips140/sha3"
"crypto/internal/fips140/sha512"
"hash"
- "internal/godebug"
"io"
)
-// Enabled reports whether FIPS 140-only mode is enabled, in which non-approved
+// Enforced reports whether FIPS 140-only mode is enabled and enforced, in which non-approved
// cryptography returns an error or panics.
-var Enabled = godebug.New("fips140").Value() == "only"
+func Enforced() bool {
+ return fips140.Enforced()
+}
func ApprovedHash(h hash.Hash) bool {
switch h.(type) {
func (d *digest) BlockSize() int { return BlockSize }
func (d *digest) Write(p []byte) (nn int, err error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return 0, errors.New("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode")
}
// Note that we currently call block or blockGeneric
}
func (d *digest) checkSum() [Size]byte {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode")
}
// Setting keyLength to a value outside of this range will result in an error.
func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyLength int) ([]byte, error) {
fh := fips140hash.UnwrapNew(h)
- if fips140only.Enabled {
+ if fips140only.Enforced() {
if keyLength < 112/8 {
return nil, errors.New("crypto/pbkdf2: use of keys shorter than 112 bits is not allowed in FIPS 140-only mode")
}
// Prime returns a number of the given bit length that is prime with high probability.
// Prime will return error for any error returned by rand.Read or if bits < 2.
func Prime(rand io.Reader, bits int) (*big.Int, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/rand: use of Prime is not allowed in FIPS 140-only mode")
}
if bits < 2 {
// NewCipher creates and returns a new [Cipher]. The key argument should be the
// RC4 key, at least 1 byte and at most 256 bytes.
func NewCipher(key []byte) (*Cipher, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/rc4: use of RC4 is not allowed in FIPS 140-only mode")
}
k := len(key)
if err := checkFIPS140OnlyPrivateKey(priv); err != nil {
return nil, err
}
- if fips140only.Enabled && !fips140only.ApprovedHash(h) {
+ if fips140only.Enforced() && !fips140only.ApprovedHash(h) {
return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
- if fips140only.Enabled && !fips140only.ApprovedRandomReader(rand) {
+ if fips140only.Enforced() && !fips140only.ApprovedRandomReader(rand) {
return nil, errors.New("crypto/rsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
}
saltLength := opts.saltLength()
- if fips140only.Enabled && saltLength > h.Size() {
+ if fips140only.Enforced() && saltLength > h.Size() {
return nil, errors.New("crypto/rsa: use of PSS salt longer than the hash is not allowed in FIPS 140-only mode")
}
switch saltLength {
if err := checkFIPS140OnlyPublicKey(pub); err != nil {
return err
}
- if fips140only.Enabled && !fips140only.ApprovedHash(h) {
+ if fips140only.Enforced() && !fips140only.ApprovedHash(h) {
return errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
}
saltLength := opts.saltLength()
- if fips140only.Enabled && saltLength > h.Size() {
+ if fips140only.Enforced() && saltLength > h.Size() {
return errors.New("crypto/rsa: use of PSS salt longer than the hash is not allowed in FIPS 140-only mode")
}
switch saltLength {
if err := checkFIPS140OnlyPublicKey(pub); err != nil {
return nil, err
}
- if fips140only.Enabled && !fips140only.ApprovedHash(hash) {
+ if fips140only.Enforced() && !fips140only.ApprovedHash(hash) {
return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
- if fips140only.Enabled && !fips140only.ApprovedRandomReader(random) {
+ if fips140only.Enforced() && !fips140only.ApprovedRandomReader(random) {
return nil, errors.New("crypto/rsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
if err := checkFIPS140OnlyPrivateKey(priv); err != nil {
return nil, err
}
- if fips140only.Enabled {
+ if fips140only.Enforced() {
if !fips140only.ApprovedHash(hash) || !fips140only.ApprovedHash(mgfHash) {
return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
if err := checkFIPS140OnlyPrivateKey(priv); err != nil {
return nil, err
}
- if fips140only.Enabled && !fips140only.ApprovedHash(fips140hash.Unwrap(hash.New())) {
+ if fips140only.Enforced() && !fips140only.ApprovedHash(fips140hash.Unwrap(hash.New())) {
return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
if err := checkFIPS140OnlyPublicKey(pub); err != nil {
return err
}
- if fips140only.Enabled && !fips140only.ApprovedHash(fips140hash.Unwrap(hash.New())) {
+ if fips140only.Enforced() && !fips140only.ApprovedHash(fips140hash.Unwrap(hash.New())) {
return errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
}
}
func checkFIPS140OnlyPublicKey(pub *PublicKey) error {
- if !fips140only.Enabled {
+ if !fips140only.Enforced() {
return nil
}
if pub.N == nil {
}
func checkFIPS140OnlyPrivateKey(priv *PrivateKey) error {
- if !fips140only.Enabled {
+ if !fips140only.Enforced() {
return nil
}
if err := checkFIPS140OnlyPublicKey(&priv.PublicKey); err != nil {
//
// [draft-irtf-cfrg-rsa-guidance-05]: https://www.ietf.org/archive/id/draft-irtf-cfrg-rsa-guidance-05.html#name-rationale
func EncryptPKCS1v15(random io.Reader, pub *PublicKey, msg []byte) ([]byte, error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/rsa: use of PKCS#1 v1.5 encryption is not allowed in FIPS 140-only mode")
}
// access patterns. If the plaintext was valid then index contains the index of
// the original message in em, to allow constant time padding removal.
func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, index int, err error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return 0, nil, 0, errors.New("crypto/rsa: use of PKCS#1 v1.5 encryption is not allowed in FIPS 140-only mode")
}
return key, nil
}
- if fips140only.Enabled && bits < 2048 {
+ if fips140only.Enforced() && bits < 2048 {
return nil, errors.New("crypto/rsa: use of keys smaller than 2048 bits is not allowed in FIPS 140-only mode")
}
- if fips140only.Enabled && bits%2 == 1 {
+ if fips140only.Enforced() && bits%2 == 1 {
return nil, errors.New("crypto/rsa: use of keys with odd size is not allowed in FIPS 140-only mode")
}
- if fips140only.Enabled && !fips140only.ApprovedRandomReader(random) {
+ if fips140only.Enforced() && !fips140only.ApprovedRandomReader(random) {
return nil, errors.New("crypto/rsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
if nprimes == 2 {
return GenerateKey(random, bits)
}
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return nil, errors.New("crypto/rsa: multi-prime RSA is not allowed in FIPS 140-only mode")
}
func (d *digest) BlockSize() int { return BlockSize }
func (d *digest) Write(p []byte) (nn int, err error) {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
return 0, errors.New("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
boring.Unreachable()
}
func (d *digest) checkSum() [Size]byte {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
}
func (d *digest) constSum() [Size]byte {
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
if boring.Enabled {
return boring.SHA1(data)
}
- if fips140only.Enabled {
+ if fips140only.Enforced() {
panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode")
}
var d digest
< crypto/internal/fips140/edwards25519
< crypto/internal/fips140/ed25519
< crypto/internal/fips140/rsa
- < FIPS < crypto/fips140;
+ < crypto/fips140 < FIPS;
crypto !< FIPS;
--- /dev/null
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package runtime
+
+import _ "unsafe"
+
+//go:linkname fips140_setBypass crypto/fips140.setBypass
+func fips140_setBypass() {
+ getg().fipsOnlyBypass = true
+}
+
+//go:linkname fips140_unsetBypass crypto/fips140.unsetBypass
+func fips140_unsetBypass() {
+ getg().fipsOnlyBypass = false
+}
+
+//go:linkname fips140_isBypassed crypto/fips140.isBypassed
+func fips140_isBypassed() bool {
+ return getg().fipsOnlyBypass
+}
gp.labels = nil
gp.timer = nil
gp.bubble = nil
+ gp.fipsOnlyBypass = false
if gcBlackenEnabled != 0 && gp.gcAssistBytes > 0 {
// Flush assist credit to the global pool. This gives
traceRelease(trace)
}
+ // fips140 bubble
+ newg.fipsOnlyBypass = callergp.fipsOnlyBypass
+
// Set up race context.
if raceenabled {
newg.racectx = racegostart(callerpc)
runnableTime int64 // the amount of time spent runnable, cleared when running, only used when tracking
lockedm muintptr
fipsIndicator uint8
+ fipsOnlyBypass bool
syncSafePoint bool // set if g is stopped at a synchronous safe point.
runningCleanups atomic.Bool
sig uint32