]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6aa46eb)
crypto/ecdsa: fix condition for fips140=only check
authorMauri de Souza Meneguzzo <mauri870@gmail.com>
Wed, 18 Dec 2024 16:19:24 +0000 (16:19 +0000)
committerCarlos Amedee <carlos@golang.org>
Wed, 18 Dec 2024 22:59:07 +0000 (14:59 -0800)
Fixes #70894

Change-Id: I78c9f2e46006ffc5f1d2886218f8aaaf3f1b59eb
GitHub-Last-Rev: 11f0b452f57aacc40139eab557a8bed1386ad07b
GitHub-Pull-Request: golang/go#70904
Reviewed-on: https://go-review.googlesource.com/c/go/+/637455
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: David Chase <drchase@google.com>
src/crypto/ecdsa/ecdsa.go patch | blob | history

diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index 77727aaf96befb1d8718ddea5124c1b85ac7de35..0f9749975ffba9096ce19c3a780713ba8f60c97a 100644 (file)
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -183,7 +183,7 @@ func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) {
 }
 
 func generateFIPS[P ecdsa.Point[P]](curve elliptic.Curve, c *ecdsa.Curve[P], rand io.Reader) (*PrivateKey, error) {
-       if fips140only.Enabled && fips140only.ApprovedRandomReader(rand) {
+       if fips140only.Enabled && !fips140only.ApprovedRandomReader(rand) {
                return nil, errors.New("crypto/ecdsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
        }
        privateKey, err := ecdsa.GenerateKey(c, rand)
Go GOST TLS 1.3