From e1b5d474adbc60b6c1d7337bdd9d0098c0916494 Mon Sep 17 00:00:00 2001
From: Ivan Nikulin <inikulin@cloudflare.com>
Date: Thu, 3 Aug 2023 12:15:04 +0100
Subject: [PATCH] Fix feature gates for fips-link-precompiled

---
 boring-sys/build.rs     | 14 ++++++++++----
 boring/Cargo.toml       |  2 +-
 hyper-boring/Cargo.toml |  2 +-
 tokio-boring/Cargo.toml |  4 ++--
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/boring-sys/build.rs b/boring-sys/build.rs
index ac9163079..026d39f86 100644
--- a/boring-sys/build.rs
+++ b/boring-sys/build.rs
@@ -452,8 +452,6 @@ fn ensure_patches_applied() -> io::Result<()> {
 
     // NOTE: init git in the copied files, so we can apply patches
     if !has_git {
-        println!("cargo:warning=initing git in boringssl sources to apply patches");
-
         run_command(Command::new("git").args(["init"]).current_dir(&src_path))?;
     }
 
@@ -581,6 +579,10 @@ fn link_in_precompiled_bcm_o(bssl_dir: &str) {
 
 fn main() {
     println!("cargo:rerun-if-env-changed=BORING_BSSL_PATH");
+    println!("cargo:rerun-if-env-changed=BORING_BSSL_INCLUDE_PATH");
+    println!("cargo:rerun-if-env-changed=BORING_BSSL_SOURCE_PATH");
+    println!("cargo:rerun-if-env-changed=BORING_SSL_PRECOMPILED_BCM_O");
+    println!("cargo:rerun-if-env-changed=BORINGSSL_BUILD_DIR");
 
     #[cfg(all(feature = "fips", feature = "rpk"))]
     compile_error!("`fips` and `rpk` features are mutually exclusive");
@@ -622,10 +624,14 @@ fn main() {
     println!("cargo:rustc-link-lib=static=crypto");
     println!("cargo:rustc-link-lib=static=ssl");
 
-    println!("cargo:rerun-if-env-changed=BORING_BSSL_INCLUDE_PATH");
     let include_path = env::var("BORING_BSSL_INCLUDE_PATH").unwrap_or_else(|_| {
         let src_path = get_boringssl_source_path();
-        if cfg!(feature = "fips") {
+
+        if Path::new(&src_path)
+            .join("include")
+            .join("x509v3.h")
+            .exists()
+        {
             format!("{}/include", &src_path)
         } else {
             format!("{}/src/include", &src_path)
diff --git a/boring/Cargo.toml b/boring/Cargo.toml
index 34b0baaca..568a53ad8 100644
--- a/boring/Cargo.toml
+++ b/boring/Cargo.toml
@@ -20,7 +20,7 @@ rustdoc-args = ["--cfg", "docsrs"]
 fips = ["boring-sys/fips"]
 
 # Link with precompiled FIPS-validated `bcm.o` module.
-fips-link-precompiled = ["fips"]
+fips-link-precompiled = ["fips", "boring-sys/fips-link-precompiled"]
 
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = ["boring-sys/rpk"]
diff --git a/hyper-boring/Cargo.toml b/hyper-boring/Cargo.toml
index e086388b8..9775ae788 100644
--- a/hyper-boring/Cargo.toml
+++ b/hyper-boring/Cargo.toml
@@ -23,7 +23,7 @@ runtime = ["hyper/runtime"]
 fips = ["tokio-boring/fips"]
 
 # Link with precompiled FIPS-validated `bcm.o` module.
-fips-link-precompiled = ["fips"]
+fips-link-precompiled = ["fips", "tokio-boring/fips-link-precompiled"]
 
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = ["tokio-boring/rpk"]
diff --git a/tokio-boring/Cargo.toml b/tokio-boring/Cargo.toml
index 0da4a0586..009dd5807 100644
--- a/tokio-boring/Cargo.toml
+++ b/tokio-boring/Cargo.toml
@@ -17,10 +17,10 @@ rustdoc-args = ["--cfg", "docsrs"]
 
 [features]
 # Use a FIPS-validated version of boringssl.
-fips = ["boring/fips"]
+fips = ["boring/fips", "boring-sys/fips"]
 
 # Link with precompiled FIPS-validated `bcm.o` module.
-fips-link-precompiled = ["fips"]
+fips-link-precompiled = ["fips", "boring/fips-link-precompiled", "boring-sys/fips-link-precompiled"]
 
 # Enables Raw public key API (https://datatracker.ietf.org/doc/html/rfc7250)
 rpk = ["boring/rpk"]