From: Filippo Valsorda <filippo@golang.org>
Date: Mon, 6 Jan 2025 20:12:03 +0000 (+0100)
Subject: crypto/ecdsa: apply fips140=only to deterministic ECDSA hash
X-Git-Tag: go1.24rc3~2^2~64
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=0cdf8c7a8c;p=gostls13.git

crypto/ecdsa: apply fips140=only to deterministic ECDSA hash

Change-Id: I6a6a46567b1eaaef080ac0994afa83db2624a75a
Reviewed-on: https://go-review.googlesource.com/c/go/+/641316
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Russ Cox <rsc@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
---

diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go
index f682e6b1c6..d9ebe56ef0 100644
--- a/src/crypto/ecdsa/ecdsa.go
+++ b/src/crypto/ecdsa/ecdsa.go
@@ -281,6 +281,9 @@ func signFIPSDeterministic[P ecdsa.Point[P]](c *ecdsa.Curve[P], hashFunc crypto.
 	if err != nil {
 		return nil, err
 	}
+	if fips140only.Enabled && !fips140only.ApprovedHash(hashFunc.New()) {
+		return nil, errors.New("crypto/ecdsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode")
+	}
 	sig, err := ecdsa.SignDeterministic(c, hashFunc.New, k, hash)
 	if err != nil {
 		return nil, err