src/crypto/internal/boring/fipstls/tls.go - go - Git at Google

 // Copyright 2017 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 //go:build boringcrypto

 // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings.
 // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent
 // of the use of BoringCrypto.
 package fipstls

 import (
 	"internal/stringslite"
 	"sync/atomic"
 )

 var required atomic.Bool

 // Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings.
 // By design, this call is impossible to undo (except in tests).
 //
 // Note that this call has an effect even in programs using
 // standard crypto (that is, even when Enabled = false).
 func Force() {
 	required.Store(true)
 }

 // Abandon allows non-FIPS-approved settings.
 // If called from a non-test binary, it panics.
 func Abandon() {
 	// Note: Not using boring.UnreachableExceptTests because we want
 	// this test to happen even when boring.Enabled = false.
 	name := runtime_arg0()
 	// Allow _test for Go command, .test for Bazel,
 	// NaClMain for NaCl (where all binaries run as NaClMain),
 	// and empty string for Windows (where runtime_arg0 can't easily find the name).
 	// Since this is an internal package, testing that this isn't used on the
 	// other operating systems should suffice to catch any mistakes.
 	if !stringslite.HasSuffix(name, "_test") && !stringslite.HasSuffix(name, ".test") && name != "NaClMain" && name != "" {
 		panic("fipstls: invalid use of Abandon in " + name)
 	}
 	required.Store(false)
 }

 // provided by runtime
 func runtime_arg0() string

 // Required reports whether FIPS-approved settings are required.
 func Required() bool {
 	return required.Load()
 }
	// Copyright 2017 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	//go:build boringcrypto

	// Package fipstls allows control over whether crypto/tls requires FIPS-approved settings.
	// This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent
	// of the use of BoringCrypto.
	package fipstls

	import (
	"internal/stringslite"
	"sync/atomic"
	)

	var required atomic.Bool

	// Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings.
	// By design, this call is impossible to undo (except in tests).
	//
	// Note that this call has an effect even in programs using
	// standard crypto (that is, even when Enabled = false).
	func Force() {
	required.Store(true)
	}

	// Abandon allows non-FIPS-approved settings.
	// If called from a non-test binary, it panics.
	func Abandon() {
	// Note: Not using boring.UnreachableExceptTests because we want
	// this test to happen even when boring.Enabled = false.
	name := runtime_arg0()
	// Allow _test for Go command, .test for Bazel,
	// NaClMain for NaCl (where all binaries run as NaClMain),
	// and empty string for Windows (where runtime_arg0 can't easily find the name).
	// Since this is an internal package, testing that this isn't used on the
	// other operating systems should suffice to catch any mistakes.
	if !stringslite.HasSuffix(name, "_test") && !stringslite.HasSuffix(name, ".test") && name != "NaClMain" && name != "" {
	panic("fipstls: invalid use of Abandon in " + name)
	}
	required.Store(false)
	}

	// provided by runtime
	func runtime_arg0() string

	// Required reports whether FIPS-approved settings are required.
	func Required() bool {
	return required.Load()
	}