crypto/internal/fips/aes/gcm: add GCMForTLS12 and GCMForTLS13

For #69536 Change-Id: I2d7b6e7b9932d0f0f582a5ab0bb871395dc2a1e8 Reviewed-on: https://go-review.googlesource.com/c/go/+/626675 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
2025-04-01 19:17:36 +03:00 · 2024-11-08 19:56:50 +01:00 · 2024-11-08 19:56:50 +01:00 · b06b8816fa
commit b06b8816fa
parent bc7af21451
1 changed files with 4 additions and 2 deletions
--- a/cipher_suites.go
+++ b/cipher_suites.go
@ -11,6 +11,8 @@ import (
 	"crypto/des"
 	"crypto/hmac"
 	"crypto/internal/boring"
+	fipsaes "crypto/internal/fips/aes"
+	"crypto/internal/fips/aes/gcm"
 	"crypto/rc4"
 	"crypto/sha1"
 	"crypto/sha256"
@ -521,7 +523,7 @@ func aeadAESGCM(key, noncePrefix []byte) aead {
 		aead, err = boring.NewGCMTLS(aes)
 	} else {
 		boring.Unreachable()
-		aead, err = cipher.NewGCM(aes)
+		aead, err = gcm.NewGCMForTLS12(aes.(*fipsaes.Block))
 	}
 	if err != nil {
 		panic(err)
@ -555,7 +557,7 @@ func aeadAESGCMTLS13(key, nonceMask []byte) aead {
 		aead, err = boring.NewGCMTLS13(aes)
 	} else {
 		boring.Unreachable()
-		aead, err = cipher.NewGCM(aes)
+		aead, err = gcm.NewGCMForTLS13(aes.(*fipsaes.Block))
 	}
 	if err != nil {
 		panic(err)