proposal: dev.boringcrypto: use boringcrypto for HKDF in x/crypto/hkdf

[charredlot]

Hi, would it be possible to have the vendored x/crypto/hkdf use boringcrypto in the dev.boringcrypto branch?

Assuming I understand this correctly, key_schedule.go currently uses the vendored x/crypto/hkdf which uses boringcrypto for hmac and hash but not the rest. It's a little silly, but if the HKDF used boringcrypto's HKDF instead, it would make a TLS 1.3 FIPS validation easier.

https://github.com/golang/go/blob/dev.boringcrypto.go1.16/src/crypto/tls/key_schedule.go
https://github.com/golang/go/blob/dev.boringcrypto.go1.16/src/vendor/golang.org/x/crypto/hkdf/hkdf.go

Thanks for your time!

What version of Go are you using (go version)?

$ go version
go version go1.15.13 linux/amd64

Does this issue reproduce with the latest release?

yes, the code seems to be the same in go1.16

[cherrymui]

cc @FiloSottile

[charredlot]

noticed that this is now a thing as a byproduct of the golang 1.19.4-1-openssl-fips release, thanks!

[rsc]

This proposal has been declined as retracted.
— rsc for the proposal review group