Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Wed, 19 Feb 2025 11:29:31 +0000 (12:29 +0100)
committer	Gopher Robot <gobot@golang.org>
	Thu, 13 Mar 2025 20:33:22 +0000 (13:33 -0700)
commit	6114b69e0c92961712a459b691d4bde3f09e3b40
tree	fb91a947adefc27f07deaf17f6f135b9b91eb27d	tree
parent	59afdd3ed0ace5c5dc34f8b4cf22edc329e186f7	commit \| diff

crypto/tls: relax native FIPS 140-3 mode

We are going to stick to BoringSSL's policy for Go+BoringCrypto, but
when using the native FIPS 140-3 module we can allow Ed25519, ML-KEM,
and P-521.

NIST SP 800-52r2 is stricter, but it only applies to some entities, so
they can restrict the profile with Config.

Fixes #71757

Change-Id: I6a6a4656eb02e56d079f0a22f98212275a40a679
Reviewed-on: https://go-review.googlesource.com/c/go/+/650576
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>

doc/next/6-stdlib/99-minor/crypto/tls/fips.md		diff \| blob \| history
src/crypto/tls/defaults_boring.go		diff \| blob \| history
src/crypto/tls/defaults_fips140.go	[new file with mode: 0644]	blob
src/crypto/tls/fips140_test.go		diff \| blob \| history
src/crypto/tls/tls.go		diff \| blob \| history