Description
Go version
go version go1.21.6 X:boringcrypto linux/amd64
Output of go env in your module/workspace:
GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/go/.cache'
GOENV='/home/skumar12/.config/go/env'
GOEXE=''
GOEXPERIMENT='boringcrypto'
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/skumar12/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/skumar12/go'
GOPRIVATE=''
GOPROXY=''
GOROOT='/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native/usr/lib/go'
GOSUMDB='sum.golang.org'
GOTMPDIR='/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/build-tmp'
GOTOOLCHAIN=''
GOTOOLDIR='/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native/usr/lib/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.21.6 X:boringcrypto'
GCCGO='gccgo'
GOAMD64='v1'
AR='x86_64-ion-linux-gcc-ar'
CC='x86_64-ion-linux-gcc -m64 -march=nehalem -mtune=generic -mfpmath=sse -msse4.2 --sysroot=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot'
CXX='x86_64-ion-linux-g++ -m64 -march=nehalem -mtune=generic -mfpmath=sse -msse4.2 --sysroot=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot'
CGO_ENABLED='1'
GOMOD='/dev/null'
GOWORK=''
CGO_CFLAGS='-O2 -pipe -g -feliminate-unused-debug-types -fdebug-prefix-map=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot= -fdebug-prefix-map=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native='
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -pipe -g -feliminate-unused-debug-types -fdebug-prefix-map=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot= -fdebug-prefix-map=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot-native= -fvisibility-inlines-hidden'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -no-pie'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-mtune=generic -mfpmath=sse -msse4.2 --sysroot=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/recipe-sysroot -I . -fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/ws2/skumar12/element_code2/ap/build/tmp/work/corei7-64-ion-linux/go/1.21.6-r0/build-tmp/go-build1011848331=/tmp/go-build -gno-record-gcc-switches'What did you do?
We are working on getting FIPS certification for our products and one of the requirement is to run ECDSA and RSA PSS known answer test during boot up time.
We have our own go program which has predefined values for random, private, public keys, message and pre-computed signatures for comparison.
What did you see happen?
In 1.21.6, it seems even with all inputs to ecdsa Sign were predefined, it always generates indeterministic signature.
What did you expect to see?
It used to generate same set of signatures till 1.18.9. Was this a behaviour change recently? Is there a way to make ECDSA signature generation deterministic?
In the same context, is there a way to set RSA PSS salt length to be 0 so that it becomes deterministic which is possible with openssl?