crypto/tls: FIPS 140-3 mode

Consolidates handling of FIPS 140-3 considerations for the tls package. Considerations specific to certificates are now handled in tls instead of x509 to limit the area-of-effect of FIPS as much as possible. Boringcrypto specific prefixes are renamed as appropriate. For #69536 Co-authored-by: Filippo Valsorda <filippo@golang.org> Change-Id: I1b1fef83c3599e4c9b98ad81db582ac93253030b Reviewed-on: https://go-review.googlesource.com/c/go/+/629675 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2025-04-03 20:17:36 +03:00 · 2024-11-18 22:18:56 +01:00 · 2024-11-18 22:18:56 +01:00 · 9abc9d7132
commit 9abc9d7132
parent f189b9184a
12 changed files with 220 additions and 119 deletions
--- a/fipsonly/fipsonly_test.go
+++ b/fipsonly/fipsonly_test.go
@ -7,12 +7,12 @@
 package fipsonly

 import (
-	"crypto/internal/boring/fipstls"
+	"crypto/tls/internal/fips140tls"
 	"testing"
 )

 func Test(t *testing.T) {
-	if !fipstls.Required() {
-		t.Fatal("fipstls.Required() = false, must be true")
+	if !fips140tls.Required() {
+		t.Fatal("fips140tls.Required() = false, must be true")
 	}
 }