Skip to content

Commit

Permalink
crypto/ecdsa: fix condition for fips140=only check
Browse files Browse the repository at this point in the history 
Fixes golang#70894

Change-Id: I78c9f2e46006ffc5f1d2886218f8aaaf3f1b59eb
GitHub-Last-Rev: 11f0b45
GitHub-Pull-Request: golang#70904
Reviewed-on: https://go-review.googlesource.com/c/go/+/637455
Reviewed-by: Filippo Valsorda <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Carlos Amedee <[email protected]>
Reviewed-by: David Chase <[email protected]>
  • Loading branch information
@mauri870 @cagedmantis
mauri870 authored and cagedmantis committed Dec 18, 2024
1 parent 6aa46eb commit f4e3ec3
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/crypto/ecdsa/ecdsa.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,7 +183,7 @@ func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) {
}

func generateFIPS[P ecdsa.Point[P]](curve elliptic.Curve, c *ecdsa.Curve[P], rand io.Reader) (*PrivateKey, error) {
if fips140only.Enabled && fips140only.ApprovedRandomReader(rand) {
if fips140only.Enabled && !fips140only.ApprovedRandomReader(rand) {
return nil, errors.New("crypto/ecdsa: only crypto/rand.Reader is allowed in FIPS 140-only mode")
}
privateKey, err := ecdsa.GenerateKey(c, rand)
Expand Down

0 comments on commit f4e3ec3

Please sign in to comment.