From f9f122935553fc0f5784684da91918ad4b8165c9 Mon Sep 17 00:00:00 2001
From: Russ Cox <rsc@golang.org>
Date: Wed, 27 Apr 2022 09:02:52 -0400
Subject: [PATCH] [dev.boringcrypto] all: add boringcrypto build tags

A plain make.bash in this tree will produce a working,
standard Go toolchain, not a BoringCrypto-enabled one.

The BoringCrypto-enabled one will be created with:

	GOEXPERIMENT=boringcrypto ./make.bash

For #51940.

Change-Id: Ia9102ed993242eb1cb7f9b93eca97e81986a27b3
Reviewed-on: https://go-review.googlesource.com/c/go/+/395881
Run-TryBot: Russ Cox <rsc@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
---
 boring.go                 |  4 ++--
 boring_test.go            |  2 ++
 fipsonly/fipsonly.go      |  4 +++-
 fipsonly/fipsonly_test.go |  2 ++
 handshake_client.go       |  7 +++++--
 handshake_server.go       |  5 +++--
 notboring.go              | 23 +++++++++++++++++++++++
 7 files changed, 40 insertions(+), 7 deletions(-)
 create mode 100644 notboring.go

diff --git a/boring.go b/boring.go
index dabc674..c40d4a0 100644
--- a/boring.go
+++ b/boring.go
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build boringcrypto
+
 package tls
 
 import (
@@ -124,5 +126,3 @@ func supportedSignatureAlgorithms() []SignatureScheme {
 	}
 	return fipsSupportedSignatureAlgorithms
 }
-
-var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme
diff --git a/boring_test.go b/boring_test.go
index 8dd477a..12a7d93 100644
--- a/boring_test.go
+++ b/boring_test.go
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build boringcrypto
+
 package tls
 
 import (
diff --git a/fipsonly/fipsonly.go b/fipsonly/fipsonly.go
index 85b3532..e5e4783 100644
--- a/fipsonly/fipsonly.go
+++ b/fipsonly/fipsonly.go
@@ -2,13 +2,15 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build boringcrypto
+
 // Package fipsonly restricts all TLS configuration to FIPS-approved settings.
 //
 // The effect is triggered by importing the package anywhere in a program, as in:
 //
 //	import _ "crypto/tls/fipsonly"
 //
-// This package only exists in the dev.boringcrypto branch of Go.
+// This package only exists when using Go compiled with GOEXPERIMENT=boringcrypto.
 package fipsonly
 
 // This functionality is provided as a side effect of an import to make
diff --git a/fipsonly/fipsonly_test.go b/fipsonly/fipsonly_test.go
index facd248..f8485dc 100644
--- a/fipsonly/fipsonly_test.go
+++ b/fipsonly/fipsonly_test.go
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
+//go:build boringcrypto
+
 package fipsonly
 
 import (
diff --git a/handshake_client.go b/handshake_client.go
index 7bf0f84..de19b7e 100644
--- a/handshake_client.go
+++ b/handshake_client.go
@@ -34,6 +34,8 @@ type clientHandshakeState struct {
 	session      *ClientSessionState
 }
 
+var testingOnlyForceClientHelloSignatureAlgorithms []SignatureScheme
+
 func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) {
 	config := c.config
 	if len(config.ServerName) == 0 && !config.InsecureSkipVerify {
@@ -859,13 +861,14 @@ func (c *Conn) verifyServerCertificate(certificates [][]byte) error {
 
 	if !c.config.InsecureSkipVerify {
 		opts := x509.VerifyOptions{
-			IsBoring: isBoringCertificate,
-
 			Roots:         c.config.RootCAs,
 			CurrentTime:   c.config.time(),
 			DNSName:       c.config.ServerName,
 			Intermediates: x509.NewCertPool(),
 		}
+		if needFIPS() {
+			opts.IsBoring = isBoringCertificate
+		}
 		for _, cert := range certs[1:] {
 			opts.Intermediates.AddCert(cert)
 		}
diff --git a/handshake_server.go b/handshake_server.go
index 5db6056..2d71d08 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -812,13 +812,14 @@ func (c *Conn) processCertsFromClient(certificate Certificate) error {
 
 	if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 {
 		opts := x509.VerifyOptions{
-			IsBoring: isBoringCertificate,
-
 			Roots:         c.config.ClientCAs,
 			CurrentTime:   c.config.time(),
 			Intermediates: x509.NewCertPool(),
 			KeyUsages:     []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
 		}
+		if needFIPS() {
+			opts.IsBoring = isBoringCertificate
+		}
 
 		for _, cert := range certs[1:] {
 			opts.Intermediates.AddCert(cert)
diff --git a/notboring.go b/notboring.go
new file mode 100644
index 0000000..d79ea21
--- /dev/null
+++ b/notboring.go
@@ -0,0 +1,23 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !boringcrypto
+
+package tls
+
+import "crypto/x509"
+
+func needFIPS() bool { return false }
+
+func supportedSignatureAlgorithms() []SignatureScheme {
+	return defaultSupportedSignatureAlgorithms
+}
+
+func fipsMinVersion(c *Config) uint16              { panic("fipsMinVersion") }
+func fipsMaxVersion(c *Config) uint16              { panic("fipsMaxVersion") }
+func fipsCurvePreferences(c *Config) []CurveID     { panic("fipsCurvePreferences") }
+func fipsCipherSuites(c *Config) []uint16          { panic("fipsCipherSuites") }
+func isBoringCertificate(c *x509.Certificate) bool { panic("isBoringCertificate") }
+
+var fipsSupportedSignatureAlgorithms []SignatureScheme