Fix building with non bazel commits of boringssl

We need to add `/build/crypto` and `/build/ssl` to the library search
path to handle the case where we pass `BORING_BSSL_SOURCE_PATH` when
building without enabling any fips features. Otherwise, non bazel
commits will not work because `/build/` itself will not contain any
crypto libraries to link with

boring-sys/build/config.rs

@@ -5,6 +5,7 @@ use std::path::PathBuf;
 pub(crate) struct Config {
     pub(crate) manifest_dir: PathBuf,
     pub(crate) out_dir: PathBuf,
+    pub(crate) is_bazel: bool,
     pub(crate) host: String,
     pub(crate) target: String,
     pub(crate) target_arch: String,
@@ -51,9 +52,15 @@ impl Config {
             features.fips || features.fips_link_precompiled,
         );
 
+        let mut is_bazel = false;
+        if let Some(src_path) = &env.source_path {
+            is_bazel = src_path.join("src").exists();
+        }
+
         let config = Self {
             manifest_dir,
             out_dir,
+            is_bazel,
             host,
             target,
             target_arch,

boring-sys/build/main.rs

@@ -507,9 +507,16 @@ fn apply_patch(config: &Config, patch_name: &str) -> io::Result<()> {
         .join(patch_name)
         .canonicalize()?;
 
+    let mut args = vec!["apply", "-v", "--whitespace=fix"];
+
+    // non-bazel versions of BoringSSL have no src/ dir
+    if config.is_bazel {
+        args.push("-p2");
+    }
+
     run_command(
         Command::new("git")
-            .args(["apply", "-v", "--whitespace=fix"])
+            .args(&args)
             .arg(cmd_path)
             .current_dir(src_path),
     )?;
@@ -548,6 +555,16 @@ fn built_boring_source_path(config: &Config) -> &PathBuf {
                 "cargo:warning=skipping git patches application, provided\
                 native BoringSSL is expected to have the patches included"
             );
+        } else if config.env.source_path.is_some()
+            && (config.features.rpk
+                || config.features.pq_experimental
+                || config.features.underscore_wildcards)
+        {
+            panic!(
+                "BORING_BSSL_ASSUME_PATCHED must be set when setting
+                   BORING_BSSL_SOURCE_PATH and using any of the following
+                   features: rpk, pq-experimental, underscore-wildcards"
+            );
         } else {
             ensure_patches_applied(config).unwrap();
         }
@@ -620,23 +637,23 @@ fn main() {
     let bssl_dir = built_boring_source_path(&config);
     let build_path = get_boringssl_platform_output_path(&config);
 
-    if config.features.fips || config.features.fips_link_precompiled {
+    if config.is_bazel {
         println!(
-            "cargo:rustc-link-search=native={}/build/crypto/{}",
+            "cargo:rustc-link-search=native={}/lib/{}",
             bssl_dir.display(),
             build_path
         );
+    } else {
         println!(
-            "cargo:rustc-link-search=native={}/build/ssl/{}",
+            "cargo:rustc-link-search=native={}/build/crypto/{}",
             bssl_dir.display(),
             build_path
         );
         println!(
-            "cargo:rustc-link-search=native={}/lib/{}",
+            "cargo:rustc-link-search=native={}/build/ssl/{}",
             bssl_dir.display(),
             build_path
         );
-    } else {
         println!(
             "cargo:rustc-link-search=native={}/build/{}",
             bssl_dir.display(),

boring-sys/patches/rpk.patch

@@ -347,9 +347,9 @@ index 8d5a23872..b9ac70dfe 100644
 
 @@ -150,6 +169,7 @@ SSL_HANDSHAKE::SSL_HANDSHAKE(SSL *ssl_arg)
        cert_compression_negotiated(false),
++      server_certificate_type_negotiated(false),
        apply_jdk11_workaround(false),
        can_release_private_key(false),
-+      server_certificate_type_negotiated(false),
        channel_id_negotiated(false) {
    assert(ssl);