[dev.boringcrypto] crypto/tls: test for TLS 1.3 to be disabled in FIPS mode

Change-Id: I32b3e29a3e34f20cccc51666905fd36744ef00b2 Reviewed-on: https://go-review.googlesource.com/c/149602 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-04 12:37:35 +03:00 · 2018-11-14 12:34:38 -05:00 · 2018-11-14 12:34:38 -05:00 · 7fdc251066
commit 7fdc251066
parent 76b370b1b0
4 changed files with 31 additions and 50 deletions
--- a/handshake_server_tls13.go
+++ b/handshake_server_tls13.go
@ -43,6 +43,10 @@ type serverHandshakeStateTLS13 struct {
 func (hs *serverHandshakeStateTLS13) handshake() error {
 	c := hs.c

+	if needFIPS() {
+		return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
+	}
+
 	// For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2.
 	if err := hs.processClientHello(); err != nil {
 		return err