mirrors/utls
1
0
Fork 0
mirror of https://github.com/refraction-networking/utls.git synced 2025-04-04 12:37:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

crypto/tls: don't call tlsrsakex.IncNonDefault with FIPS

Browse source 
We haven't called tlsrsakex.Value() yet at this point if we're using
FIPS, like if CipherSuites != nil. This adds needFIPS as a gate next to
CipherSuites != nil. FIPS specifies suites that would be skipped if
tlsarsakex were set.

Fixes #65991

Change-Id: I8070d8f43f27c04067490af8cc7ec5e787f2b9bd
Reviewed-on: https://go-review.googlesource.com/c/go/+/582315
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
This commit is contained in:
Mike Beaumont 2024-04-29 12:14:32 +02:00 committed by Gopher Robot
parent 5197ef4589
commit ce8a8c0012
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
handshake_client.go
View file

@ -526,7 +526,7 @@ func (hs *clientHandshakeState) pickCipherSuite() error {
return errors.New("tls: server chose an unconfigured cipher suite") return errors.New("tls: server chose an unconfigured cipher suite")
} }
if hs.c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { if hs.c.config.CipherSuites == nil && !needFIPS() && rsaKexCiphers[hs.suite.id] {
tlsrsakex.IncNonDefault() tlsrsakex.IncNonDefault()
} }

2
handshake_server.go
View file

@ -370,7 +370,7 @@ func (hs *serverHandshakeState) pickCipherSuite() error {
} }
c.cipherSuite = hs.suite.id c.cipherSuite = hs.suite.id
if c.config.CipherSuites == nil && rsaKexCiphers[hs.suite.id] { if c.config.CipherSuites == nil && !needFIPS() && rsaKexCiphers[hs.suite.id] {
tlsrsakex.IncNonDefault() tlsrsakex.IncNonDefault()
} }