mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-01 19:17:36 +03:00
9abc9d7132
Consolidates handling of FIPS 140-3 considerations for the tls package. Considerations specific to certificates are now handled in tls instead of x509 to limit the area-of-effect of FIPS as much as possible. Boringcrypto specific prefixes are renamed as appropriate. For #69536 Co-authored-by: Filippo Valsorda <filippo@golang.org> Change-Id: I1b1fef83c3599e4c9b98ad81db582ac93253030b Reviewed-on: https://go-review.googlesource.com/c/go/+/629675 Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Russ Cox <rsc@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
29 lines
904 B
Go
29 lines
904 B
Go
// Copyright 2017 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
//go:build boringcrypto
|
|
|
|
// Package fipsonly restricts all TLS configuration to FIPS-approved settings.
|
|
//
|
|
// The effect is triggered by importing the package anywhere in a program, as in:
|
|
//
|
|
// import _ "crypto/tls/fipsonly"
|
|
//
|
|
// This package only exists when using Go compiled with GOEXPERIMENT=boringcrypto.
|
|
package fipsonly
|
|
|
|
// This functionality is provided as a side effect of an import to make
|
|
// it trivial to add to an existing program. It requires only a single line
|
|
// added to an existing source file, or it can be done by adding a whole
|
|
// new source file and not modifying any existing source files.
|
|
|
|
import (
|
|
"crypto/internal/boring/sig"
|
|
"crypto/tls/internal/fips140tls"
|
|
)
|
|
|
|
func init() {
|
|
fips140tls.Force()
|
|
sig.FIPSOnly()
|
|
}
|