[dev.boringcrypto] all: merge master (2f0da6d) into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_client_tls13.go

diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go
index daa5d97fd35548c4871a2f7f7ffa3b6e5da013a7..c2db16dcf2a84480bec0b75e12ec9225b56f5ae9 100644 (file)
--- a/src/crypto/tls/handshake_client_tls13.go
+++ b/src/crypto/tls/handshake_client_tls13.go
@@ -39,6 +39,10 @@ type clientHandshakeStateTLS13 struct {
 func (hs *clientHandshakeStateTLS13) handshake() error {
        c := hs.c
 
+       if needFIPS() {
+               return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
+       }
+
        // The server must not select TLS 1.3 in a renegotiation. See RFC 8446,
        // sections 4.1.2 and 4.1.3.
        if c.handshakes > 0 {
@@ -474,7 +478,7 @@ func (hs *clientHandshakeStateTLS13) readServerCertificate() error {
        }
 
        // See RFC 8446, Section 4.4.3.
-       if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) {
+       if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
                c.sendAlert(alertIllegalParameter)
                return errors.New("tls: certificate used with invalid signature algorithm")
        }