crypto/fips140: add WithoutEnforcement

WithoutEnforcement lets programs running under GODEBUG=fips140=only selectively opt out of strict enforcement. This is especially helpful for non-critical uses of cryptography routines like SHA-1 for content addressable storage backends (E.g. git). Fixes #74630 Change-Id: Iabba1f5eb63498db98047aca45e09c5dccf2fbdf Reviewed-on: https://go-review.googlesource.com/c/go/+/723720 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
author: Daniel Morsing <daniel.morsing@gmail.com> 2025-11-24 13:08:10 +0000
committer: Gopher Robot <gobot@golang.org> 2025-11-26 14:26:06 -0800
commit: 86bbea0cfa72041fb4315eb22099b0bc83caa314 (patch)
tree: 3c3a008214e4a9d929a2d8f76f98fe1cf2f323d2 /src/crypto/cipher/ctr.go
parent: e2cae9ecdf944a1cc5d8803ff8932180858b8ce6 (diff)
download: go-86bbea0cfa72041fb4315eb22099b0bc83caa314.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/cipher/ctr.go b/src/crypto/cipher/ctr.go
index 49512ca5dd..8e63ed7e66 100644
--- a/src/crypto/cipher/ctr.go
+++ b/src/crypto/cipher/ctr.go
@@ -42,7 +42,7 @@ func NewCTR(block Block, iv []byte) Stream {
 	if block, ok := block.(*aes.Block); ok {
 		return aesCtrWrapper{aes.NewCTR(block, iv)}
 	}
-	if fips140only.Enabled {
+	if fips140only.Enforced() {
 		panic("crypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only mode")
 	}
 	if ctr, ok := block.(ctrAble); ok {
author	Daniel Morsing <daniel.morsing@gmail.com>	2025-11-24 13:08:10 +0000
committer	Gopher Robot <gobot@golang.org>	2025-11-26 14:26:06 -0800
commit	86bbea0cfa72041fb4315eb22099b0bc83caa314 (patch)
tree	3c3a008214e4a9d929a2d8f76f98fe1cf2f323d2 /src/crypto/cipher/ctr.go
parent	e2cae9ecdf944a1cc5d8803ff8932180858b8ce6 (diff)
download	go-86bbea0cfa72041fb4315eb22099b0bc83caa314.tar.xz