[go] crypto/hpke: use new gcm.NewGCMForHPKE for FIPS 140-3 compliance

1 view
Skip to first unread message

Filippo Valsorda (Gerrit)

unread,
Dec 10, 2025, 4:41:43 PM (2 days ago) Dec 10
to Filippo Valsorda, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, David Chase, Roland Shoemaker, Go LUCI, Daniel McCarney, golang-co...@googlegroups.com

Filippo Valsorda submitted the change

Change information

Commit message:
crypto/hpke: use new gcm.NewGCMForHPKE for FIPS 140-3 compliance

It does the exact same thing, but we can document it as an allowed and
enforced nonce scheme in the Security Policy.
Change-Id: I9d95ba53354e5c8112cde24101570d4b6a6a6964
Reviewed-by: David Chase <drc...@google.com>
Reviewed-by: Roland Shoemaker <rol...@golang.org>
Auto-Submit: Filippo Valsorda <fil...@golang.org>
Files:
  • M src/crypto/hpke/aead.go
  • A src/crypto/hpke/aead_fipsv1.0.go
  • A src/crypto/hpke/aead_fipsv2.0.go
  • M src/crypto/internal/fips140/aes/gcm/gcm_nonces.go
Change size: M
Delta: 4 files changed, 53 insertions(+), 9 deletions(-)
Branch: refs/heads/master
Submit Requirements:
  • requirement satisfiedCode-Review: +1 by David Chase, +2 by Roland Shoemaker
  • requirement satisfiedTryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
Open in Gerrit
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: merged
Gerrit-Project: go
Gerrit-Branch: master
Gerrit-Change-Id: I9d95ba53354e5c8112cde24101570d4b6a6a6964
Gerrit-Change-Number: 728503
Gerrit-PatchSet: 4
Gerrit-Owner: Filippo Valsorda <fil...@golang.org>
Gerrit-Reviewer: Daniel McCarney <dan...@binaryparadox.net>
Gerrit-Reviewer: David Chase <drc...@google.com>
Gerrit-Reviewer: Filippo Valsorda <fil...@golang.org>
Gerrit-Reviewer: Roland Shoemaker <rol...@golang.org>
open
diffy
satisfied_requirement
Reply all
Reply to author
Forward
0 new messages