// FIPS is quite strict about the format of DSA keys, but other code may be
// less so. Thus, when using keys which may have been generated by other code,
// this error must be handled.
var ErrInvalidPublicKey = errors.New("crypto/dsa: invalid public key")

// ParameterSizes is an enumeration of the acceptable bit lengths of the primes
// in a set of DSA parameters. See FIPS 186-3, section 4.2.
type ParameterSizes int

	-f Dockerfile.release.old_cpu .

docker buildx prune -f

docker buildx build --push --no-cache \
	--build-arg RELEASE="${release}" \
	-t "minio/minio:${release}.fips" \
	-t "quay.io/minio/minio:${release}.fips" \
	--platform=linux/amd64 -f Dockerfile.release.fips .

docker buildx prune -f

// limitations under the License.

//go:build !fips
// +build !fips

package openid

import (
	"crypto"

	"github.com/golang-jwt/jwt/v4"

	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
)

// Specific instances for RS256 and company
var (

		AddAuth:      newCachedAuthToken(),
		AuthRequest:  storageServerRequestValidate,
		BlockConnect: globalGridStart,
		TLSConfig: &tls.Config{
			RootCAs:          globalRootCAs,
			CipherSuites:     fips.TLSCiphers(),
			CurvePreferences: fips.TLSCurveIDs(),
		},
		// Record incoming and outgoing bytes.
		Incoming: globalConnStats.incInternodeInputBytes,
		Outgoing: globalConnStats.incInternodeOutputBytes,
		TraceTo:  globalTrace,
	})

			}
			w = w<<24 | w>>8
		}
	}
}

// Test vectors are from FIPS 197:
//	https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

// Appendix A of FIPS 197: Key expansion examples
type KeyTest struct {
	key []byte
	enc []uint32
	dec []uint32 // decryption expansion; not in FIPS 197, computed from C implementation.
}

var keyTests = []KeyTest{
	{

		unsealConfig = sio.Config{MinVersion: sio.Version20, Key: mac.Sum(nil), CipherSuites: fips.DARECiphers()}
	case InsecureSealAlgorithm:
		sha := sha256.New()
		sha.Write(extKey)
		sha.Write(sealedKey.IV[:])
		unsealConfig = sio.Config{MinVersion: sio.Version10, Key: sha.Sum(nil), CipherSuites: fips.DARECiphers()}
	}

//go:build !fips
// +build !fips

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//

	json := jsoniter.ConfigCompatibleWithStandardLibrary
	if err := json.Unmarshal(metadataBuffer, &metadata); err != nil {
		return nil, err
	}
	if fips.Enabled && metadata.Algorithm != sio.AES_256_GCM {
		return nil, fmt.Errorf("config: unsupported encryption algorithm: %q is not supported in FIPS mode", metadata.Algorithm)
	}

	key, err := k.Decrypt(context.TODO(), &kms.DecryptRequest{
		Name:           metadata.KeyID,

// limitations under the License.

//go:build !fips
// +build !fips

package openid

import (
	"crypto"

	"github.com/golang-jwt/jwt/v4"

	// Needed for SHA3 to work - See: https://golang.org/src/crypto/crypto.go?s=1034:1288
	_ "golang.org/x/crypto/sha3" // There is no SHA-3 FIPS-140 2 compliant implementation
)

// Specific instances for EC256 and company
var (

		volumezone.Name:                      volumezone.New,
		nodevolumelimits.CSIName:             runtime.FactoryAdapter(fts, nodevolumelimits.NewCSI),
		nodevolumelimits.EBSName:             runtime.FactoryAdapter(fts, nodevolumelimits.NewEBS),
		nodevolumelimits.GCEPDName:           runtime.FactoryAdapter(fts, nodevolumelimits.NewGCEPD),