Cypherpunks repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Mon, 6 Jan 2025 17:52:35 +0000 (18:52 +0100)
committer	Gopher Robot <gobot@golang.org>
	Thu, 9 Jan 2025 14:18:54 +0000 (06:18 -0800)
commit	f5a89dff67ae00bfc70fbfccc1b1cc044e565b50
tree	8b558240361c1c02a90acfae7ec8205f51a8d2cf	tree
parent	4225c6cb372e0fea7586dd646e991faa5df20671	commit \| diff

crypto: fix fips140=only detection of SHA-3

Both fips140only and the service indicator checks in
crypto/internal/fips140/... expect to type assert to
crypto/internal/fips140/{sha256,sha512,sha3}.Digest.

However, crypto/sha3 returns a wrapper concrete type around sha3.Digest.

Add a new fips140hash.Unwrap function to turn the wrapper into the
underlying sha3.Digest, and use it consistently before calling into
fips140only or the FIPS 140-3 module.

In crypto/rsa, also made the fips140only checks apply consistently after
the Go+BoringCrypto shims, so we can instantiate the hash, and avoid
having to wrap the New function. Note that fips140=only is incompatible
with Go+BoringCrypto.

Fixes #70879

Change-Id: I6a6a4656ec55c3e13f6cbfadb9cf89c0f9183bdc
Reviewed-on: https://go-review.googlesource.com/c/go/+/640855
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Russ Cox <rsc@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/ecdsa/ecdsa.go		diff \| blob \| history
src/crypto/hkdf/hkdf.go		diff \| blob \| history
src/crypto/hmac/hmac.go		diff \| blob \| history
src/crypto/internal/fips140hash/hash.go	[new file with mode: 0644]	blob
src/crypto/pbkdf2/pbkdf2.go		diff \| blob \| history
src/crypto/rsa/fips.go		diff \| blob \| history
src/crypto/sha3/sha3.go		diff \| blob \| history
src/go/build/deps_test.go		diff \| blob \| history