Cleanup pass on Go code in repository (#2951)

### Description of changes: 
* Go 1.17 is still the targeted "base" Go version our tools are
targeting. This limits us to using a `golang.org/x/crypto` module
version that was still compatible with Go 1.17. This module version has
tagged CVEs, but they aren't relevent to our build/test tools. This is
only used for the `ssl/test/runner`, we could in the future be smarter
about running or not running tests that require this program based off
the detected Go compiler version.
* I added `go:build ignore` tag to the Go programs that were pulling in
`github.com/ethereum/go-ethereum`. So this won't be recorded in the
top-level `go.mod` file anymore. We could move these into a separate
nested module, but these only exist if in the rare event we want to
regenerate test cases / understand what generated test cases for us.
* Ran `go fmt` on the code in the repository, need to add a CI job that
actually enforces this....

### Call-outs:
* Will need to fix the `AWS-LC-Build-Glue` script that drops an
alternative `go.mod` file, as the path will now be incorrect and will
cause build failures when trying to build `ssl/test/runner`.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.

Author: skmcgrail

CMakeLists.txt

@@ -1220,9 +1220,9 @@ if(BUILD_TESTING)
       add_custom_target(
         build_acvp_tool
         COMMAND ${GO_EXECUTABLE} build -o ${ACVP_TOOL}
-                boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool
+                github.com/aws/aws-lc/util/fipstools/acvp/acvptool
         COMMAND ${GO_EXECUTABLE} build -o ${TEST_WRAPPER}
-                boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool/testmodulewrapper
+                github.com/aws/aws-lc/util/fipstools/acvp/acvptool/testmodulewrapper
         WORKING_DIRECTORY ${AWSLC_SOURCE_DIR}
         DEPENDS modulewrapper
         ${MAYBE_USES_TERMINAL})

crypto/ecdh_extra/make_secp256k1_test_vectors.go

@@ -3,16 +3,18 @@
 
 // This script is used to generate the ECDH test vectors for secp256k1 curve.
 
+//go:build ignore
+
 package main
 
 import (
 	"crypto/sha256"
+	"fmt"
 	"math/big"
 	"strconv"
-	"fmt"
-)
 
-import "github.com/ethereum/go-ethereum/crypto/secp256k1"
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
+)
 
 // Number of test vectors to be generated
 const numOfTests = 25
@@ -45,8 +47,8 @@ func main() {
 
 	curve := secp256k1.S256()
 
-  fmt.Printf("\n# Test vectors for secp256k1 curve were produced by")
-  fmt.Printf("\n# the |make_secp256k1_test_vectors.go| script.\n\n")
+	fmt.Printf("\n# Test vectors for secp256k1 curve were produced by")
+	fmt.Printf("\n# the |make_secp256k1_test_vectors.go| script.\n\n")
 
 	for i := 0; i < numOfTests; i++ {
 		// Generate a private key for Alice and for Bob
@@ -77,4 +79,3 @@ func main() {
 		fmt.Printf("\n")
 	}
 }
-

crypto/fipsmodule/CMakeLists.txt

@@ -442,7 +442,7 @@ if(FIPS_DELOCATE)
     set(DELOCATE_EXTRA_ARGS "-no-se-debug-directives")
   endif()
 
-  go_executable(delocate boringssl.googlesource.com/boringssl/util/fipstools/delocate)
+  go_executable(delocate github.com/aws/aws-lc/util/fipstools/delocate)
   add_custom_command(
     OUTPUT bcm-delocated.S
     COMMAND
@@ -491,7 +491,7 @@ if(FIPS_DELOCATE)
   set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C)
 
   go_executable(inject_hash
-                boringssl.googlesource.com/boringssl/util/fipstools/inject_hash)
+                github.com/aws/aws-lc/util/fipstools/inject_hash)
   add_custom_command(
     OUTPUT bcm.o
     COMMAND ./inject_hash -o bcm.o -in-archive $<TARGET_FILE:bcm_hashunset>

crypto/fipsmodule/ec/make_large_x_coordinate.go

@@ -1,12 +1,10 @@
-/*
-------------------------------------------------------------------------------------
- Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
- SPDX-License-Identifier: Apache-2.0 OR ISC
-------------------------------------------------------------------------------------
-*/
+// Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
 
 // Note: The function elliptic.UnmarshalCompressed is available as of go1.15
 
+//go:build ignore
+
 package main
 
 import (

crypto/fipsmodule/ecdsa/make_ecdsa_secp256k1_tests.go

@@ -1,6 +1,8 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0 OR ISC
 
+//go:build ignore
+
 package main
 
 import (
@@ -12,17 +14,18 @@ import (
 	"crypto/sha1"
 	"crypto/sha256"
 	"crypto/sha512"
-	"math/big"
-	mathrand "math/rand"
-	"hash"
 	"fmt"
+	"hash"
 	"io"
+	"math/big"
+	mathrand "math/rand"
 	"os"
+
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 )
 
 // secp256k1 curve is not available in crypto/elliptic module,
 // so we use the implementation from the module listed below.
-import "github.com/ethereum/go-ethereum/crypto/secp256k1"
 
 // START - Deterministic RNG helper functions.
 type deterministicRandom struct {
@@ -96,8 +99,9 @@ func hashToInt(hash []byte, c elliptic.Curve) *big.Int {
 
 // Helper function needed for generating the ECDSA Sign/Verify test vectors.
 // We don't use the Sign function from the ecdsa module because:
-//  1) it is not deterministic (even when provided with a deterministic RNG).
-//  2) we need to know the chosen nonce k to generate signing test vectors.
+//  1. it is not deterministic (even when provided with a deterministic RNG).
+//  2. we need to know the chosen nonce k to generate signing test vectors.
+//
 // This function implements ECDSA signing of a message digest dgst with
 // private key priv and nonce k.
 func signWithGivenK(priv *ecdsa.PrivateKey, dgst []byte, k *big.Int) (r, s *big.Int) {
@@ -161,14 +165,14 @@ func printVerifyTestVectors(curve elliptic.Curve, curveName string, hash hash.Ha
 		xOut, yOut := priv.PublicKey.X, priv.PublicKey.Y
 
 		switch event {
-			case 1:
-				dgst[0] ^= 1 // Invalidate the digest
-			case 2:
-				r.Xor(r, one) // Invalidate R
-			case 3:
-				s.Xor(s, one) // Invalidate S
-			case 4:
-				xOut, yOut = randPoint(curve) // Invalidate the public key
+		case 1:
+			dgst[0] ^= 1 // Invalidate the digest
+		case 2:
+			r.Xor(r, one) // Invalidate R
+		case 3:
+			s.Xor(s, one) // Invalidate S
+		case 4:
+			xOut, yOut = randPoint(curve) // Invalidate the public key
 		}
 
 		// Print out the test vector
@@ -230,7 +234,7 @@ func main() {
 	S256 := secp256k1.S256()
 
 	// Initialize the hash functions
-	hashFuncs := []hash.Hash {sha1.New(), sha256.New224(), sha256.New(), sha512.New384(), sha512.New()}
+	hashFuncs := []hash.Hash{sha1.New(), sha256.New224(), sha256.New(), sha512.New384(), sha512.New()}
 
 	// Print the header
 	fmt.Printf("# Test vectors for secp256k1 were generated by make_ecdsa_secp256k1_tests.go script.\n")
@@ -245,4 +249,3 @@ func main() {
 		}
 	}
 }
-

go.mod

@@ -1,16 +1,12 @@
-module boringssl.googlesource.com/boringssl
+module github.com/aws/aws-lc
 
 // When this changes update /cmake/go.cmake minimum_go_version and /BUILDING.md
 go 1.17
 
-require (
-	golang.org/x/crypto v0.10.0
-	golang.org/x/net v0.11.0
-)
-
-require github.com/ethereum/go-ethereum v1.11.5
+// v0.14.0 was the last version that support 1.17
+require golang.org/x/crypto v0.14.0
 
 require (
-	golang.org/x/sys v0.9.0 // indirect
-	golang.org/x/term v0.9.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
 )

go.sum

@@ -1,8 +1,6 @@
-golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
-golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
-golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU=
-golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ=
-golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
-golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/term v0.9.0 h1:GRRCnKYhdQrD8kfRAdQ6Zcw1P0OcELxGLKJvtjVMZ28=
-golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo=
+golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=

include/openssl/ssl.h

@@ -6171,7 +6171,7 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED int SSL_set_tmp_rsa(SSL *ssl, const RSA *rsa);
 //
 // See PORTING.md in the BoringSSL source tree for a table of corresponding
 // functions.
-// https://boringssl.googlesource.com/boringssl/+/master/PORTING.md#Replacements-for-values
+// https://github.com/aws/aws-lc/blob/main/PORTING.md#replacements-for-ctrl-values
 
 #define DTLS_CTRL_GET_TIMEOUT doesnt_exist
 #define DTLS_CTRL_HANDLE_TIMEOUT doesnt_exist

ssl/test/runner/common.go

@@ -20,7 +20,7 @@ import (
 	"sync"
 	"time"
 
-	"boringssl.googlesource.com/boringssl/ssl/test/runner/hpke"
+	"github.com/aws/aws-lc/ssl/test/runner/hpke"
 )
 
 const (
@@ -152,11 +152,11 @@ var tls13HelloRetryRequest = []uint8{
 type CurveID uint16
 
 const (
-	CurveP224           CurveID = 21
-	CurveP256           CurveID = 23
-	CurveP384           CurveID = 24
-	CurveP521           CurveID = 25
-	CurveX25519         CurveID = 29
+	CurveP224   CurveID = 21
+	CurveP256   CurveID = 23
+	CurveP384   CurveID = 24
+	CurveP521   CurveID = 25
+	CurveX25519 CurveID = 29
 )
 
 // TLS Elliptic Curve Point Formats

ssl/test/runner/conn.go

@@ -1206,7 +1206,7 @@ func (c *Conn) doWriteRecord(typ recordType, data []byte) (n int, err error) {
 		}
 
 		if typ != recordTypeHandshake && c.config.Bugs.MaxRecordSize > 0 && c.config.Bugs.MaxRecordSize < m {
-		    m = c.config.Bugs.MaxRecordSize
+			m = c.config.Bugs.MaxRecordSize
 		}
 
 		explicitIVLen := 0