mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
f9f1229355
A plain make.bash in this tree will produce a working, standard Go toolchain, not a BoringCrypto-enabled one. The BoringCrypto-enabled one will be created with: GOEXPERIMENT=boringcrypto ./make.bash For #51940. Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3 Reviewed-on: https://go-review.googlesource.com/c/go/+/395881 Run-TryBot: Russ Cox <rsc@golang.org> Reviewed-by: Ian Lance Taylor <iant@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
29 lines
901 B
Go
29 lines
901 B
Go
// Copyright 2017 The Go Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
//go:build boringcrypto
|
|
|
|
// Package fipsonly restricts all TLS configuration to FIPS-approved settings.
|
|
//
|
|
// The effect is triggered by importing the package anywhere in a program, as in:
|
|
//
|
|
// import _ "crypto/tls/fipsonly"
|
|
//
|
|
// This package only exists when using Go compiled with GOEXPERIMENT=boringcrypto.
|
|
package fipsonly
|
|
|
|
// This functionality is provided as a side effect of an import to make
|
|
// it trivial to add to an existing program. It requires only a single line
|
|
// added to an existing source file, or it can be done by adding a whole
|
|
// new source file and not modifying any existing source files.
|
|
|
|
import (
|
|
"crypto/internal/boring/fipstls"
|
|
"crypto/internal/boring/sig"
|
|
)
|
|
|
|
func init() {
|
|
fipstls.Force()
|
|
sig.FIPSOnly()
|
|
}
|