Skip to content

crypto/ecdsa: fips140=only does not allow any ecdsa key generation #70894

New issue
New issue
Closed
Closed
crypto/ecdsa: fips140=only does not allow any ecdsa key generation#70894
Assignees
mauri870
Labels
NeedsFixThe path to resolution is known, but the work has not been done.release-blocker
Milestone
Go1.24
@kruskall

Description

@kruskall
kruskall
opened on Dec 18, 2024

Go version

go1.24-95b433e

Output of go env in your module/workspace:

GOFIPS140='latest'

What did you do?

package main

import (
	"crypto/ecdsa"
	"crypto/elliptic"
	"crypto/rand"
	"fmt"
)

func main() {
	_, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
	fmt.Println(err)
}
  • gotip build -o bug main.go && GODEBUG=fips140=only ./bug
  • ./bug

What did you see happen?

program exited with the following error:

crypto/ecdsa: only crypto/rand.Reader is allowed in FIPS 140-only mode

What did you expect to see?

no error

Metadata

Metadata

Assignees

Labels

NeedsFixThe path to resolution is known, but the work has not been done.release-blocker

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions