fips: fix order of elliptic curves (#15141)

This commit fixes the order of elliptic curves.
As documented by https://pkg.go.dev/crypto/tls#Config
```
// CurvePreferences contains the elliptic curves that will be used in
// an ECDHE handshake, in preference order. If empty, the default will
// be used. The client will use the first preference as the type for
// its key share in TLS 1.3. This may change in the future.
```

In general, we should prefer `X25519` over the NIST curves.

Signed-off-by: Andreas Auernhammer <hi@aead.dev>
This commit is contained in:
Andreas Auernhammer 2022-06-22 17:09:28 +02:00 committed by GitHub
parent cb097e6b0a
commit 825634d24e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -134,14 +134,14 @@ func TLSCiphersBackwardCompatible() []uint16 {
// TLSCurveIDs returns a list of supported elliptic curve IDs // TLSCurveIDs returns a list of supported elliptic curve IDs
// in preference order. // in preference order.
func TLSCurveIDs() []tls.CurveID { func TLSCurveIDs() []tls.CurveID {
curves := []tls.CurveID{tls.CurveP256} var curves []tls.CurveID
if !Enabled {
curves = append(curves, tls.X25519) // Only enable X25519 in non-FIPS mode
}
curves = append(curves, tls.CurveP256)
if go18 { if go18 {
// With go1.18 enable P384, P521 newer constant time implementations. // With go1.18 enable P384, P521 newer constant time implementations.
curves = append(curves, []tls.CurveID{tls.CurveP384, tls.CurveP521}...) curves = append(curves, tls.CurveP384, tls.CurveP521)
}
if !Enabled {
// No-FIPS we enable x25519 as well.
curves = append(curves, tls.X25519)
} }
return curves return curves
} }