crypto/tls: allow P-521 in FIPS 140-3 mode and Go+BoringCrypto

Partially reverts CL 587296, restoring the Go+BoringCrypto 1.23 behavior in terms of supported curves. Updates #71757 Change-Id: I6a6a465651a8407056fd0fae091d10a945b37997 Reviewed-on: https://go-review.googlesource.com/c/go/+/657095 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org>
2025-08-22 14:38:35 +00:00 · 2025-05-10 15:48:12 -04:00 · 2025-05-10 15:48:12 -04:00 · cffe49f981
commit cffe49f981
parent dce8d41932
1 changed files with 4 additions and 2 deletions
--- a/defaults.go
+++ b/defaults.go
@ -91,7 +91,8 @@ var defaultCipherSuitesTLS13NoAES = []uint16{
 }
 // The FIPS-only policies below match BoringSSL's
-// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2.
+// ssl_compliance_policy_fips_202205, which is based on NIST SP 800-52r2, with
 // minor changes per https://go.dev/issue/71757.
 // https://cs.opensource.google/boringssl/boringssl/+/master:ssl/ssl_lib.cc;l=3289;drc=ea7a88fa
 var defaultSupportedVersionsFIPS = []uint16{
@ -101,7 +102,7 @@ var defaultSupportedVersionsFIPS = []uint16{
 // defaultCurvePreferencesFIPS are the FIPS-allowed curves,
 // in preference order (most preferable first).
-var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384}
+var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521}
 // defaultSupportedSignatureAlgorithmsFIPS currently are a subset of
 // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
@ -114,6 +115,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{
 	PKCS1WithSHA384,
 	ECDSAWithP384AndSHA384,
 	PKCS1WithSHA512,
 	ECDSAWithP521AndSHA512,
 }
 // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites.