[dev.boringcrypto] all: merge master into dev.boringcrypto

[gostls13.git] / src / crypto / tls / handshake_server_tls13.go

diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go
index 9b05924571dd04a467c83eed7e52fbd9d919950e..ca71f2ea3f3c76cc2ccfba1a8a4f7b16613dde73 100644 (file)
--- a/src/crypto/tls/handshake_server_tls13.go
+++ b/src/crypto/tls/handshake_server_tls13.go
@@ -42,6 +42,10 @@ type serverHandshakeStateTLS13 struct {
 func (hs *serverHandshakeStateTLS13) handshake() error {
        c := hs.c
 
+       if needFIPS() {
+               return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
+       }
+
        // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2.
        if err := hs.processClientHello(); err != nil {
                return err
@@ -587,7 +591,7 @@ func (hs *serverHandshakeStateTLS13) sendServerCertificate() error {
                certReq := new(certificateRequestMsgTLS13)
                certReq.ocspStapling = true
                certReq.scts = true
-               certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms
+               certReq.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
                if c.config.ClientCAs != nil {
                        certReq.certificateAuthorities = c.config.ClientCAs.Subjects()
                }
@@ -791,7 +795,7 @@ func (hs *serverHandshakeStateTLS13) readClientCertificate() error {
                }
 
                // See RFC 8446, Section 4.4.3.
-               if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms) {
+               if !isSupportedSignatureAlgorithm(certVerify.signatureAlgorithm, supportedSignatureAlgorithms()) {
                        c.sendAlert(alertIllegalParameter)
                        return errors.New("tls: client certificate used with invalid signature algorithm")
                }