add go1.18 specific curve preferences (#15132)

This commit is contained in:
Harshavardhana 2022-06-21 11:10:50 -07:00 committed by GitHub
parent e2e5bd6f19
commit 10522438b7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 55 additions and 8 deletions

View File

@ -134,13 +134,14 @@ func TLSCiphersBackwardCompatible() []uint16 {
// TLSCurveIDs returns a list of supported elliptic curve IDs // TLSCurveIDs returns a list of supported elliptic curve IDs
// in preference order. // in preference order.
func TLSCurveIDs() []tls.CurveID { func TLSCurveIDs() []tls.CurveID {
// TODO(aead): Once MinIO switches to Go 1.18 curves := []tls.CurveID{tls.CurveP256}
// enable CurveP384 and CurveP512. if go18 {
// // With go1.18 enable P384, P521 newer constant time implementations.
// See: https://go.dev/doc/go1.18 Changes to crypto/elliptic curves = append(curves, []tls.CurveID{tls.CurveP384, tls.CurveP521}...)
if Enabled {
return []tls.CurveID{tls.CurveP256}
} }
return []tls.CurveID{tls.X25519, tls.CurveP256} if !Enabled {
// No-FIPS we enable x25519 as well.
curves = append(curves, tls.X25519)
}
return curves
} }

23
internal/fips/go1.18.go Normal file
View File

@ -0,0 +1,23 @@
// Copyright (c) 2015-2022 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//go:build go1.18
// +build go1.18
package fips
const go18 = true

23
internal/fips/no_go18.go Normal file
View File

@ -0,0 +1,23 @@
// Copyright (c) 2015-2022 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
//go:build !go1.18
// +build !go1.18
package fips
const go18 = false