From cffe49f9812c34c02a0d45e3bc8226021a2d7d13 Mon Sep 17 00:00:00 2001 From: yuhan6665 <1588741+yuhan6665@users.noreply.github.com> Date: Sat, 10 May 2025 15:48:12 -0400 Subject: [PATCH] crypto/tls: allow P-521 in FIPS 140-3 mode and Go+BoringCrypto Partially reverts CL 587296, restoring the Go+BoringCrypto 1.23 behavior in terms of supported curves. Updates #71757 Change-Id: I6a6a465651a8407056fd0fae091d10a945b37997 Reviewed-on: https://go-review.googlesource.com/c/go/+/657095 LUCI-TryBot-Result: Go LUCI Reviewed-by: Daniel McCarney Reviewed-by: David Chase Reviewed-by: Roland Shoemaker Auto-Submit: Filippo Valsorda --- defaults.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/defaults.go b/defaults.go index 01fb9cc..f63d947 100644 --- a/defaults.go +++ b/defaults.go @@ -91,7 +91,8 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ } // The FIPS-only policies below match BoringSSL's -// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2. +// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2, with +// minor changes per https://go.dev/issue/71757. // https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88fa var defaultSupportedVersionsFIPS = []uint16{ @@ -101,7 +102,7 @@ var defaultSupportedVersionsFIPS = []uint16{ // defaultCurvePreferencesFIPS are the FIPS-allowed curves, // in preference order (most preferable first). -var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384} +var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521} // defaultSupportedSignatureAlgorithmsFIPS currently are a subset of // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1. @@ -114,6 +115,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{ PKCS1WithSHA384, ECDSAWithP384AndSHA384, PKCS1WithSHA512, + ECDSAWithP521AndSHA512, } // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.