Source file src/crypto/tls/internal/fips140tls/fipstls.go
1 // Copyright 2024 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package fips140tls controls whether crypto/tls requires FIPS-approved settings. 6 package fips140tls 7 8 import ( 9 "crypto/internal/fips140" 10 "sync/atomic" 11 ) 12 13 var required atomic.Bool 14 15 func init() { 16 if fips140.Enabled { 17 Force() 18 } 19 } 20 21 // Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings. 22 // By design, this call is impossible to undo (except in tests). 23 func Force() { 24 required.Store(true) 25 } 26 27 // Required reports whether FIPS-approved settings are required. 28 // 29 // Required is true if FIPS 140-3 mode is enabled with GODEBUG=fips140=on, or if 30 // the crypto/tls/fipsonly package is imported by a Go+BoringCrypto build. 31 func Required() bool { 32 return required.Load() 33 } 34 35 func TestingOnlyAbandon() { 36 required.Store(false) 37 } 38