Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Fri, 5 Sep 2025 02:19:18 +0000 (22:19 -0400)
committer	Junyang Shao <shaojunyang@google.com>
	Fri, 26 Sep 2025 17:44:47 +0000 (10:44 -0700)
commit	90de3b3399bbd535f7656506bf08c867b896c1e2
tree	1415b1e3d5c45a0be54f26e4a8ecfb9d1c22564c	tree
parent	bec452a3a29bfe8fbcb5461327c4ceb32862a60a	commit \| diff

[release-branch.go1.25] crypto/internal/fips140: remove key import PCTs, make keygen PCTs fatal

CMVP clarified with the September 2nd changes to IG 10.3.A that PCTs
don't need to run on imported keys.

However, PCT failure must enter the error state (which for us is fatal).

Thankfully, now that PCTs only run on key generation, we can be assured
they will never fail.

This change should only affect FIPS 140-3 mode.

While at it, make the CAST/PCT testing more robust, checking
TestConditional is terminated by a fatal error (and not by t.Fatal).

Updates #75524
Updates #74947
Updates #69536

Change-Id: I6a6a696439e1560c10f3cce2cb208fd40c5bc641
Reviewed-on: https://go-review.googlesource.com/c/go/+/706718
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>

src/crypto/internal/fips140/cast.go		diff \| blob \| history
src/crypto/internal/fips140/ecdh/ecdh.go		diff \| blob \| history
src/crypto/internal/fips140/ecdsa/cast.go		diff \| blob \| history
src/crypto/internal/fips140/ecdsa/ecdsa.go		diff \| blob \| history
src/crypto/internal/fips140/ed25519/cast.go		diff \| blob \| history
src/crypto/internal/fips140/ed25519/ed25519.go		diff \| blob \| history
src/crypto/internal/fips140/mlkem/mlkem1024.go		diff \| blob \| history
src/crypto/internal/fips140/mlkem/mlkem768.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/keygen.go		diff \| blob \| history
src/crypto/internal/fips140/rsa/rsa.go		diff \| blob \| history
src/crypto/internal/fips140test/cast_test.go		diff \| blob \| history