]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c2a34be)
[release-branch.go1.24] crypto/tls: allow P-521 in FIPS 140-3 mode and Go+BoringCrypto
authorFilippo Valsorda <filippo@golang.org>
Wed, 12 Mar 2025 15:36:08 +0000 (16:36 +0100)
committerCherry Mui <cherryyz@google.com>
Mon, 17 Mar 2025 21:33:52 +0000 (14:33 -0700)
Partially reverts CL 587296, restoring the Go+BoringCrypto 1.23 behavior
in terms of supported curves.

Updates #71757
Fixes #72823

Change-Id: I6a6a465651a8407056fd0fae091d10a945b37997
Reviewed-on: https://go-review.googlesource.com/c/go/+/657135
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
src/crypto/tls/defaults.go patch | blob | history
src/crypto/tls/fips_test.go patch | blob | history

diff --git a/src/crypto/tls/defaults.go b/src/crypto/tls/defaults.go
index f25d0d3ce3f9eb976d1fbbedb7595191bc8d1c5b..ab346e18b3f4f1e8d888b0b8d2aeca737592f0a7 100644 (file)
--- a/src/crypto/tls/defaults.go
+++ b/src/crypto/tls/defaults.go
@@ -92,7 +92,8 @@ var defaultCipherSuitesTLS13NoAES = []uint16{
 }
 
 // The FIPS-only policies below match BoringSSL's
-// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2.
+// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2, with
+// minor changes per https://go.dev/issue/71757.
 // https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88fa
 
 var defaultSupportedVersionsFIPS = []uint16{
@@ -102,7 +103,7 @@ var defaultSupportedVersionsFIPS = []uint16{
 
 // defaultCurvePreferencesFIPS are the FIPS-allowed curves,
 // in preference order (most preferable first).
-var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384}
+var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521}
 
 // defaultSupportedSignatureAlgorithmsFIPS currently are a subset of
 // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
@@ -115,6 +116,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
        PKCS1WithSHA384,
        ECDSAWithP384AndSHA384,
        PKCS1WithSHA512,
+       ECDSAWithP521AndSHA512,
 }
 
 // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.
diff --git a/src/crypto/tls/fips_test.go b/src/crypto/tls/fips_test.go
index e891fcc871635389b59d1f7d683e81a4d60e5aca..d5ac9b6899d9288fafe8c74f28eff2f3eeb227e0 100644 (file)
--- a/src/crypto/tls/fips_test.go
+++ b/src/crypto/tls/fips_test.go
@@ -106,7 +106,7 @@ func isFIPSCipherSuite(id uint16) bool {
 
 func isFIPSCurve(id CurveID) bool {
        switch id {
-       case CurveP256, CurveP384:
+       case CurveP256, CurveP384, CurveP521:
                return true
        }
        return false
@@ -130,6 +130,7 @@ func isFIPSSignatureScheme(alg SignatureScheme) bool {
                PKCS1WithSHA384,
                ECDSAWithP384AndSHA384,
                PKCS1WithSHA512,
+               ECDSAWithP521AndSHA512,
                PSSWithSHA256,
                PSSWithSHA384,
                PSSWithSHA512:
Go GOST TLS 1.3