Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Fri, 5 Sep 2025 02:19:18 +0000 (22:19 -0400)
committer	Filippo Valsorda <filippo@golang.org>
	Thu, 25 Sep 2025 19:06:35 +0000 (12:06 -0700)
commit	9b7a3280895277471f53a4168439094e22a32390
tree	a0453c72de81a7d176a732ee6efdabcf4007d597	tree
parent	7f9ab7203fd874f23f3881470ce5686391530c1a	commit \| diff

crypto/internal/fips140: remove key import PCTs, make keygen PCTs fatal

CMVP clarified with the September 2nd changes to IG 10.3.A that PCTs
don't need to run on imported keys.

However, PCT failure must enter the error state (which for us is fatal).

Thankfully, now that PCTs only run on key generation, we can be assured
they will never fail.

This change should only affect FIPS 140-3 mode.

While at it, make the CAST/PCT testing more robust, checking
TestConditional is terminated by a fatal error (and not by t.Fatal).

Fixes #74947
Updates #69536

Change-Id: I6a6a696439e1560c10f3cce2cb208fd40c5bc641
Reviewed-on: https://go-review.googlesource.com/c/go/+/701517
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>

src/crypto/internal/fips140/cast.go		diff \| blob \| history
src/crypto/internal/fips140/ecdh/ecdh.go		diff \| blob \| history
src/crypto/internal/fips140/ecdsa/cast.go		diff \| blob \| history
src/crypto/internal/fips140/ecdsa/ecdsa.go		diff \| blob \| history
src/crypto/internal/fips140/ed25519/cast.go		diff \| blob \| history
src/crypto/internal/fips140/ed25519/ed25519.go		diff \| blob \| history
src/crypto/internal/fips140/mlkem/mlkem1024.go		diff \| blob \| history
src/crypto/internal/fips140/mlkem/mlkem768.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/keygen.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/rsa.go		diff \| blob \| history
src/crypto/internal/fips140test/cast_test.go		diff \| blob \| history