Heh. Look, no one likes FIPS 140. We don’t like it, those that need it don’t like it, sometimes I wonder if NIST likes it. But it is what it is, and the current situation is marginally better than having to fix the merge every time we touch anything.

All Go+BoringCrypto code is behind the compile time GOEXPERIMENT, and mostly in its own files or in its own blocks. It could be worse.