[dev.boringcrypto] crypto/internal/boring: add initial BoringCrypto access

Right now the package doesn't do anything useful, but it will.
This CL is about the machinery for building goboringcrypto_linux_amd64.syso
and then running the self-test and checking FIPS_mode from Go init.

Change-Id: I4ec0f5efaa88ccfb506b9818d24a7f1cbcc5a7d6
Reviewed-on: https://go-review.googlesource.com/55472
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>

1 files changed, 39 insertions, 0 deletions

diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go
new file mode 100644
index 0000000000..5982a22743
--- /dev/null
+++ b/src/crypto/internal/boring/boring.go
@@ -0,0 +1,39 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux,amd64
+// +build !cmd_go_bootstrap
+
+package boring
+
+// #include "goboringcrypto.h"
+import "C"
+
+const available = true
+
+func init() {
+	C._goboringcrypto_BORINGSSL_bcm_power_on_self_test()
+	if C._goboringcrypto_FIPS_mode() != 1 {
+		panic("boringcrypto: not in FIPS mode")
+	}
+}
+
+// Unreachable marks code that should be unreachable
+// when BoringCrypto is in use. It panics.
+func Unreachable() {
+	panic("boringcrypto: invalid code execution")
+}
+
+// provided by runtime to avoid os import
+func runtime_arg0() string
+
+// UnreachableExceptTests marks code that should be unreachable
+// when BoringCrypto is in use. It panics.
+func UnreachableExceptTests() {
+	arg0 := runtime_arg0()
+	if len(arg0) < 5 || arg0[len(arg0)-5:] != ".test" {
+		println("ARG0", arg0)
+		panic("boringcrypto: invalid code execution")
+	}
+}