Force fips140tls in boring mode and run http tests

Author: dbenoit17

patches/fips.patch

@@ -11964,3 +11964,24 @@ index 7ca8e34908..bf66a1cd19 100644
  # golang.org/x/crypto v0.30.0
  ## explicit; go 1.20
  golang.org/x/crypto/chacha20
+diff --git a/src/crypto/tls/internal/fips140tls/fipstls.go b/src/crypto/tls/internal/fips140tls/fipstls.go
+index 24d78d60cf..efd78bf17f 100644
+--- a/src/crypto/tls/internal/fips140tls/fipstls.go
++++ b/src/crypto/tls/internal/fips140tls/fipstls.go
+@@ -6,6 +6,7 @@
+ package fips140tls
+ 
+ import (
++	boring "crypto/internal/backend"
+ 	"crypto/internal/fips140"
+ 	"sync/atomic"
+ )
+@@ -13,7 +14,7 @@ import (
+ var required atomic.Bool
+ 
+ func init() {
+-	if fips140.Enabled {
++	if fips140.Enabled || boring.Enabled() {
+ 		Force()
+ 	}
+ }

scripts/crypto-test.sh

@@ -20,7 +20,7 @@ export GOCACHE=/tmp/go-cache
 export GO=${GOROOT}/bin/go
 
 # Test suites to run
-SUITES="crypto,tls"
+SUITES="crypto,tls,http"
 # Verbosity flags to pass to Go
 VERBOSE=""
 
@@ -65,6 +65,24 @@ run_crypto_test_suite () {
   quiet popd
 }
 
+run_http_test_suite () {
+  local mode=$1
+  local tags=$2
+  local suite="net-http-fips"
+  notify_running ${mode} ${suite}
+  quiet pushd ${GOROOT}/src/net/http
+  GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 \
+    $GO test $tags -count=1 $VERBOSE
+
+  local suite="net-http-fips-parity-nocgo"
+  notify_running ${mode} ${suite}
+  quiet pushd ${GOROOT}/src/net/http
+  GOLANG_FIPS=1 OPENSSL_FORCE_FIPS_MODE=1 \
+    CGO_ENABLED=0 $GO test $tags -count=1 $VERBOSE
+
+  quiet popd
+}
+
 run_tls_test_suite () {
   local mode=$1
   local tags=$2
@@ -85,6 +103,8 @@ run_full_test_suite () {
       run_crypto_test_suite ${mode} ${tags}
     elif [[ "$suite" == "tls" ]]; then
       run_tls_test_suite ${mode} ${tags}
+    elif [[ "$suite" == "http" ]]; then
+      run_http_test_suite ${mode} ${tags}
     fi
   done
 }