Source file src/crypto/tls/internal/fips140tls/fipstls.go

     1  // Copyright 2024 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // Package fips140tls controls whether crypto/tls requires FIPS-approved settings.
     6  package fips140tls
     7  
     8  import (
     9  	"crypto/internal/fips140"
    10  	"sync/atomic"
    11  )
    12  
    13  var required atomic.Bool
    14  
    15  func init() {
    16  	if fips140.Enabled {
    17  		Force()
    18  	}
    19  }
    20  
    21  // Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings.
    22  // By design, this call is impossible to undo (except in tests).
    23  func Force() {
    24  	required.Store(true)
    25  }
    26  
    27  // Required reports whether FIPS-approved settings are required.
    28  //
    29  // Required is true if FIPS 140-3 mode is enabled with GODEBUG=fips140=on, or if
    30  // the crypto/tls/fipsonly package is imported by a Go+BoringCrypto build.
    31  func Required() bool {
    32  	return required.Load()
    33  }
    34  
    35  func TestingOnlyAbandon() {
    36  	required.Store(false)
    37  }
    38  

View as plain text