[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_client_tls13.go

diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index 66775ff0fef67663218018f36305968839b98856..2e9a20369c64679808b6311119cf25532617bbfc 100644 (file)
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -39,6 +39,10 @@ type clientHandshakeStateTLS13 struct {
 func (hs *clientHandshakeStateTLS13) handshake() error {
        c := hs.c
 
+       if needFIPS() {
+               return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
+       }
+
        // The server must not select TLS 1.3 in a renegotiation. See RFC 8446,
        // sections 4.1.2 and 4.1.3.
        if c.handshakes > 0 {
@@ -446,7 +450,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
        }
 
        // See RFC 8446, Section 4.4.3.
-       if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) {
+       if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
                c.sendAlert(alertIllegalParameter)
                return errors.New("tls: certificate used with invalid signature algorithm")
        }