diff options
| -rw-r--r-- | src/crypto/ed25519/ed25519.go | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go index a0263638ef..ed599ad290 100644 --- a/src/crypto/ed25519/ed25519.go +++ b/src/crypto/ed25519/ed25519.go @@ -160,6 +160,19 @@ func GenerateKey(random io.Reader) (PublicKey, PrivateKey, error) { } } + if fips140only.Enforced() && !fips140only.ApprovedRandomReader(random) { + return nil, nil, errors.New("crypto/ed25519: only crypto/rand.Reader is allowed in FIPS 140-only mode") + } + + if rand.IsDefaultReader(random) { + privateKey, err := ed25519.GenerateKey() + if err != nil { + return nil, nil, err + } + publicKey := PublicKey(privateKey.PublicKey()) + return publicKey, PrivateKey(privateKey.Bytes()), nil + } + seed := make([]byte, SeedSize) if _, err := io.ReadFull(random, seed); err != nil { return nil, nil, err |