]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f75bcff)
[release-branch.go1.25] crypto/internal/fips140/ecdsa: make TestingOnlyNewDRBG generic
authorFilippo Valsorda <filippo@golang.org>
Sun, 7 Sep 2025 14:44:43 +0000 (16:44 +0200)
committerJunyang Shao <shaojunyang@google.com>
Fri, 26 Sep 2025 17:44:40 +0000 (10:44 -0700)
We are re-sealing the .zip file anyway for another reason, might as well
take the opportunity to remove the fips140.Hash type indirection.

Updates #75524

Change-Id: I6a6a6964fdb312cc2c64e327f845c398c0f6279b
Reviewed-on: https://go-review.googlesource.com/c/go/+/706716
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Junyang Shao <shaojunyang@google.com>
src/crypto/internal/fips140/ecdsa/hmacdrbg.go patch | blob | history
src/crypto/internal/fips140/fips140.go patch | blob | history
src/crypto/internal/fips140test/acvp_test.go patch | blob | history

diff --git a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
index fa82ce39f90c813f33d91d8e78e248025ac5b68a..698c23bcda5161ca0d75834b6d9c17972f4312c3 100644 (file)
--- a/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
+++ b/src/crypto/internal/fips140/ecdsa/hmacdrbg.go
@@ -122,7 +122,7 @@ func newDRBG[H hash.Hash](hash func() H, entropy, nonce []byte, s personalizatio
 //
 // This should only be used for ACVP testing. hmacDRBG is not intended to be
 // used directly.
-func TestingOnlyNewDRBG(hash func() hash.Hash, entropy, nonce []byte, s []byte) *hmacDRBG {
+func TestingOnlyNewDRBG[H hash.Hash](hash func() H, entropy, nonce []byte, s []byte) *hmacDRBG {
        return newDRBG(hash, entropy, nonce, plainPersonalizationString(s))
 }
 
diff --git a/src/crypto/internal/fips140/fips140.go b/src/crypto/internal/fips140/fips140.go
index 050967f4808ad657252cc47c26ac89da2d924656..e05ad663749b1c17c3ad03600da51384139c64ec 100644 (file)
--- a/src/crypto/internal/fips140/fips140.go
+++ b/src/crypto/internal/fips140/fips140.go
@@ -7,7 +7,6 @@ package fips140
 import (
        "crypto/internal/fips140deps/godebug"
        "errors"
-       "hash"
        "runtime"
 )
 
@@ -70,9 +69,3 @@ func Version() string {
        // moved to a different file.
        return "latest" //mkzip:version
 }
-
-// Hash is a legacy compatibility alias for hash.Hash.
-//
-// It's only here because [crypto/internal/fips140/ecdsa.TestingOnlyNewDRBG]
-// takes a "func() fips140.Hash" in v1.0.0, instead of being generic.
-type Hash = hash.Hash
diff --git a/src/crypto/internal/fips140test/acvp_test.go b/src/crypto/internal/fips140test/acvp_test.go
index 5871bde8be4b2b9e9c77ff5b6f0ebacac27e614b..47a42cce1bcc2263280c20c9112836c46b904e63 100644 (file)
--- a/src/crypto/internal/fips140test/acvp_test.go
+++ b/src/crypto/internal/fips140test/acvp_test.go
@@ -1624,7 +1624,7 @@ func cmdHmacDrbgAft(h func() hash.Hash) command {
                        //   * Uninstantiate
                        // See Table 7 in draft-vassilev-acvp-drbg
                        out := make([]byte, outLen)
-                       drbg := ecdsa.TestingOnlyNewDRBG(func() fips140.Hash { return h() }, entropy, nonce, personalization)
+                       drbg := ecdsa.TestingOnlyNewDRBG(h, entropy, nonce, personalization)
                        drbg.Generate(out)
                        drbg.Generate(out)
 
Go GOST TLS 1.3