diff options
author | Russ Cox <rsc@golang.org> | 2017-08-02 23:14:57 -0400 |
---|---|---|
committer | Russ Cox <rsc@golang.org> | 2017-08-17 15:22:22 +0000 |
commit | 6e70f88f845d19b5195bdfc1b7bb4da889e7ab5f (patch) | |
tree | b86b0ee6ba96b9c91a5cbec5f359fe4750973f0b /src/crypto/internal/boring/boring.go | |
parent | dcdcc3844046af0182cd3a94c7bb78c99908020e (diff) | |
download | go-6e70f88f845d19b5195bdfc1b7bb4da889e7ab5f.tar.gz go-6e70f88f845d19b5195bdfc1b7bb4da889e7ab5f.zip |
[dev.boringcrypto] crypto/internal/boring: add initial BoringCrypto access
Right now the package doesn't do anything useful, but it will.
This CL is about the machinery for building goboringcrypto_linux_amd64.syso
and then running the self-test and checking FIPS_mode from Go init.
Change-Id: I4ec0f5efaa88ccfb506b9818d24a7f1cbcc5a7d6
Reviewed-on: https://go-review.googlesource.com/55472
Run-TryBot: Russ Cox <rsc@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Adam Langley <agl@golang.org>
Diffstat (limited to 'src/crypto/internal/boring/boring.go')
-rw-r--r-- | src/crypto/internal/boring/boring.go | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go new file mode 100644 index 0000000000..5982a22743 --- /dev/null +++ b/src/crypto/internal/boring/boring.go @@ -0,0 +1,39 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build linux,amd64 +// +build !cmd_go_bootstrap + +package boring + +// #include "goboringcrypto.h" +import "C" + +const available = true + +func init() { + C._goboringcrypto_BORINGSSL_bcm_power_on_self_test() + if C._goboringcrypto_FIPS_mode() != 1 { + panic("boringcrypto: not in FIPS mode") + } +} + +// Unreachable marks code that should be unreachable +// when BoringCrypto is in use. It panics. +func Unreachable() { + panic("boringcrypto: invalid code execution") +} + +// provided by runtime to avoid os import +func runtime_arg0() string + +// UnreachableExceptTests marks code that should be unreachable +// when BoringCrypto is in use. It panics. +func UnreachableExceptTests() { + arg0 := runtime_arg0() + if len(arg0) < 5 || arg0[len(arg0)-5:] != ".test" { + println("ARG0", arg0) + panic("boringcrypto: invalid code execution") + } +} |