package fips140

Import Path
	crypto/internal/fips140 (on go.dev)

Dependency Relation
	imports 6 packages, and imported by 20 packages


Package-Level Type Names (only one)
/* sort by: | */
Hash is a legacy compatibility alias for hash.Hash. It's only here because [crypto/internal/fips140/ecdsa.TestingOnlyNewDRBG] takes a "func() fips140.Hash" in v1.0.0, instead of being generic.
Package-Level Functions (total 9)
CAST runs the named Cryptographic Algorithm Self-Test (if operated in FIPS mode) and aborts the program (stopping the module input/output and entering the "error state") if the self-test fails. CASTs are mandatory self-checks that must be performed by FIPS 140-3 modules before the algorithm is used. See Implementation Guidance 10.3.A. The name must not contain commas, colons, hashes, or equal signs. If a package p calls CAST from its init function, an import of p should also be added to crypto/internal/fips140test. If a package p calls CAST on the first use of the algorithm, an invocation of that algorithm should be added to fipstest.TestConditionals.
func Name() string
PCT runs the named Pairwise Consistency Test (if operated in FIPS mode) and returns any errors. If an error is returned, the key must not be used. PCTs are mandatory for every key pair that is generated/imported, including ephemeral keys (which effectively doubles the cost of key establishment). See Implementation Guidance 10.3.A Additional Comment 1. The name must not contain commas, colons, hashes, or equal signs. If a package p calls PCT during key generation, an invocation of that function should be added to fipstest.TestConditionals.
RecordApproved is an internal function that records the use of an approved service. It does not override RecordNonApproved calls in the same span. It should be called by exposed functions that perform a whole cryptographic alrgorithm (e.g. by Sum, not by New, unless a cryptographic Instantiate algorithm is performed) and should be called after any checks that may cause the function to error out or panic.
RecordNonApproved is an internal function that records the use of a non-approved service. It overrides any RecordApproved calls in the same span.
ResetServiceIndicator clears the service indicator for the running goroutine.
ServiceIndicator returns true if and only if all services invoked by this goroutine since the last ResetServiceIndicator call are approved. If ResetServiceIndicator was not called before by this goroutine, its return value is undefined.
Supported returns an error if FIPS 140-3 mode can't be enabled.
Version returns the formal version (such as "v1.0") if building against a frozen module with GOFIPS140. Otherwise, it returns "latest".
Package-Level Variables (only one)