From 86bbea0cfa72041fb4315eb22099b0bc83caa314 Mon Sep 17 00:00:00 2001 From: Daniel Morsing Date: Mon, 24 Nov 2025 13:08:10 +0000 Subject: crypto/fips140: add WithoutEnforcement WithoutEnforcement lets programs running under GODEBUG=fips140=only selectively opt out of strict enforcement. This is especially helpful for non-critical uses of cryptography routines like SHA-1 for content addressable storage backends (E.g. git). Fixes #74630 Change-Id: Iabba1f5eb63498db98047aca45e09c5dccf2fbdf Reviewed-on: https://go-review.googlesource.com/c/go/+/723720 Reviewed-by: Dmitri Shuralyov Reviewed-by: Filippo Valsorda Auto-Submit: Filippo Valsorda LUCI-TryBot-Result: Go LUCI Reviewed-by: Roland Shoemaker --- src/crypto/cipher/cbc.go | 4 ++-- src/crypto/cipher/cfb.go | 4 ++-- src/crypto/cipher/ctr.go | 2 +- src/crypto/cipher/gcm.go | 8 ++++---- src/crypto/cipher/ofb.go | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) (limited to 'src/crypto/cipher') diff --git a/src/crypto/cipher/cbc.go b/src/crypto/cipher/cbc.go index 8e61406296..87bafee08a 100644 --- a/src/crypto/cipher/cbc.go +++ b/src/crypto/cipher/cbc.go @@ -54,7 +54,7 @@ func NewCBCEncrypter(b Block, iv []byte) BlockMode { if b, ok := b.(*aes.Block); ok { return aes.NewCBCEncrypter(b, [16]byte(iv)) } - if fips140only.Enabled { + if fips140only.Enforced() { panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode") } if cbc, ok := b.(cbcEncAble); ok { @@ -133,7 +133,7 @@ func NewCBCDecrypter(b Block, iv []byte) BlockMode { if b, ok := b.(*aes.Block); ok { return aes.NewCBCDecrypter(b, [16]byte(iv)) } - if fips140only.Enabled { + if fips140only.Enforced() { panic("crypto/cipher: use of CBC with non-AES ciphers is not allowed in FIPS 140-only mode") } if cbc, ok := b.(cbcDecAble); ok { diff --git a/src/crypto/cipher/cfb.go b/src/crypto/cipher/cfb.go index 7de682fac3..8ede955b91 100644 --- a/src/crypto/cipher/cfb.go +++ b/src/crypto/cipher/cfb.go @@ -61,7 +61,7 @@ func (x *cfb) XORKeyStream(dst, src []byte) { // CFB is also unoptimized and not validated as part of the FIPS 140-3 module. // If an unauthenticated [Stream] mode is required, use [NewCTR] instead. func NewCFBEncrypter(block Block, iv []byte) Stream { - if fips140only.Enabled { + if fips140only.Enforced() { panic("crypto/cipher: use of CFB is not allowed in FIPS 140-only mode") } return newCFB(block, iv, false) @@ -77,7 +77,7 @@ func NewCFBEncrypter(block Block, iv []byte) Stream { // CFB is also unoptimized and not validated as part of the FIPS 140-3 module. // If an unauthenticated [Stream] mode is required, use [NewCTR] instead. func NewCFBDecrypter(block Block, iv []byte) Stream { - if fips140only.Enabled { + if fips140only.Enforced() { panic("crypto/cipher: use of CFB is not allowed in FIPS 140-only mode") } return newCFB(block, iv, true) diff --git a/src/crypto/cipher/ctr.go b/src/crypto/cipher/ctr.go index 49512ca5dd..8e63ed7e66 100644 --- a/src/crypto/cipher/ctr.go +++ b/src/crypto/cipher/ctr.go @@ -42,7 +42,7 @@ func NewCTR(block Block, iv []byte) Stream { if block, ok := block.(*aes.Block); ok { return aesCtrWrapper{aes.NewCTR(block, iv)} } - if fips140only.Enabled { + if fips140only.Enforced() { panic("crypto/cipher: use of CTR with non-AES ciphers is not allowed in FIPS 140-only mode") } if ctr, ok := block.(ctrAble); ok { diff --git a/src/crypto/cipher/gcm.go b/src/crypto/cipher/gcm.go index 73493f6cd2..88892e1555 100644 --- a/src/crypto/cipher/gcm.go +++ b/src/crypto/cipher/gcm.go @@ -28,7 +28,7 @@ const ( // An exception is when the underlying [Block] was created by aes.NewCipher // on systems with hardware support for AES. See the [crypto/aes] package documentation for details. func NewGCM(cipher Block) (AEAD, error) { - if fips140only.Enabled { + if fips140only.Enforced() { return nil, errors.New("crypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonce") } return newGCM(cipher, gcmStandardNonceSize, gcmTagSize) @@ -42,7 +42,7 @@ func NewGCM(cipher Block) (AEAD, error) { // cryptosystem that uses non-standard nonce lengths. All other users should use // [NewGCM], which is faster and more resistant to misuse. func NewGCMWithNonceSize(cipher Block, size int) (AEAD, error) { - if fips140only.Enabled { + if fips140only.Enforced() { return nil, errors.New("crypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonce") } return newGCM(cipher, size, gcmTagSize) @@ -57,7 +57,7 @@ func NewGCMWithNonceSize(cipher Block, size int) (AEAD, error) { // cryptosystem that uses non-standard tag lengths. All other users should use // [NewGCM], which is more resistant to misuse. func NewGCMWithTagSize(cipher Block, tagSize int) (AEAD, error) { - if fips140only.Enabled { + if fips140only.Enforced() { return nil, errors.New("crypto/cipher: use of GCM with arbitrary IVs is not allowed in FIPS 140-only mode, use NewGCMWithRandomNonce") } return newGCM(cipher, gcmStandardNonceSize, tagSize) @@ -66,7 +66,7 @@ func NewGCMWithTagSize(cipher Block, tagSize int) (AEAD, error) { func newGCM(cipher Block, nonceSize, tagSize int) (AEAD, error) { c, ok := cipher.(*aes.Block) if !ok { - if fips140only.Enabled { + if fips140only.Enforced() { return nil, errors.New("crypto/cipher: use of GCM with non-AES ciphers is not allowed in FIPS 140-only mode") } return newGCMFallback(cipher, nonceSize, tagSize) diff --git a/src/crypto/cipher/ofb.go b/src/crypto/cipher/ofb.go index 8db5659f7a..ee5dfaf5c0 100644 --- a/src/crypto/cipher/ofb.go +++ b/src/crypto/cipher/ofb.go @@ -29,7 +29,7 @@ type ofb struct { // OFB is also unoptimized and not validated as part of the FIPS 140-3 module. // If an unauthenticated [Stream] mode is required, use [NewCTR] instead. func NewOFB(b Block, iv []byte) Stream { - if fips140only.Enabled { + if fips140only.Enforced() { panic("crypto/cipher: use of OFB is not allowed in FIPS 140-only mode") } -- cgit v1.3-5-g9baa