From bbd830d5347e4c42b5230210c7cbd8970dcca6e4 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 24 Jul 2024 16:07:26 +0000 Subject: [PATCH 001/887] Update submodule to latest master (c7ea2019): cmd/compile: fix typo in comment --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index f0de94ff127..c7ea20195a3 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit f0de94ff127db9b53f3f5877088d28afe1a85692 +Subproject commit c7ea20195a3415668047eebdc488a4af1f629f04 From 65a8d9e12558b0365e02cd87b002c1eed8d5fc3a Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Thu, 25 Jul 2024 10:39:46 -0700 Subject: [PATCH 002/887] Fix patch conflicts: adjacent edits --- patches/0004-Add-OpenSSL-crypto-backend.patch | 30 +++++----- patches/0005-Add-CNG-crypto-backend.patch | 56 +++++++++---------- patches/0006-Vendor-crypto-backends.patch | 6 +- 3 files changed, 46 insertions(+), 46 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 6c37a3da0cb..e97bf99ff3f 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -58,10 +58,10 @@ index f0e3575637c62a..0e9aceeb832d3b 100644 package main diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index d7cbadf7b17aef..61685c5359bfde 100644 +index 0ffcabe4164af6..056f3ea5ae9beb 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1238,12 +1238,11 @@ func (t *tester) registerCgoTests(heading string) { +@@ -1225,12 +1225,11 @@ func (t *tester) registerCgoTests(heading string) { // a C linker warning on Linux. // in function `bio_ip_and_port_to_socket_and_addr': // warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking @@ -108,7 +108,7 @@ index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index 755c889585e729..bcb591a380b74c 100644 +index d66027387b97f8..8e4dfab49f6b6b 100644 --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go @@ -1162,6 +1162,7 @@ var hostobj []Hostobj @@ -714,29 +714,29 @@ index c83a7272c9f01f..a0548a7f9179c5 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index b38dee7e6ddc28..097f35ca01aa5b 100644 +index d7a4ef150410e3..c842df62ecee5b 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std - go 1.23 + go 1.24 require ( + github.com/golang-fips/openssl/v2 v2.0.3 - golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a - golang.org/x/net v0.25.1-0.20240603202750-6249541f2a6c + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index c5eab7d4b2f93b..fac8a0626146bc 100644 +index 8ff5ecd640f084..138066f5f84b68 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ +github.com/golang-fips/openssl/v2 v2.0.3 h1:9+J2R0BQio6Jz8+dPZf/0ylISByl0gZWjTEKm+J+y7Y= +github.com/golang-fips/openssl/v2 v2.0.3/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= - golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a h1:37MIv+iGfwMYzWJECGyrPCtd5nuqcciRUeJfkNCkCf0= - golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= - golang.org/x/net v0.25.1-0.20240603202750-6249541f2a6c h1:CR/7/SLUhIJw6g675eeoDiwggElO2MV9rGkNYjqi8GM= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 68d3b0578d18b1..15f4bb124b8528 100644 +index 26301398c5820c..26570cdadda16d 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -459,6 +459,8 @@ var depsRules = ` @@ -756,7 +756,7 @@ index 68d3b0578d18b1..15f4bb124b8528 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -793,7 +796,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -796,7 +799,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -765,7 +765,7 @@ index 68d3b0578d18b1..15f4bb124b8528 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -803,7 +806,7 @@ func findImports(pkg string) ([]string, error) { +@@ -806,7 +809,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} @@ -829,7 +829,7 @@ index 777337d92d3c72..ef00871d619651 100644 // SystemCrypto enables the OpenSSL or CNG crypto experiment depending on // which one is appropriate on the target GOOS. diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go -index dbe59fea119e70..c3df1f9ac49b82 100644 +index a0bb89e203ddf1..2b4a2680dcdd7e 100644 --- a/src/os/exec/exec_test.go +++ b/src/os/exec/exec_test.go @@ -14,6 +14,7 @@ import ( diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 2d3f121539a..5fed3d54c5a 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -559,10 +559,10 @@ index f5b4827c688f3b..12df96069f6b83 100644 // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index f9d1037c9b82b9..6b91d4388b73fe 100644 +index 7031d0abdaa13b..ada2d5be13f986 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go -@@ -11,6 +11,7 @@ import ( +@@ -12,6 +12,7 @@ import ( "encoding" "fmt" "hash" @@ -570,7 +570,7 @@ index f9d1037c9b82b9..6b91d4388b73fe 100644 "io" "testing" "unsafe" -@@ -88,6 +89,9 @@ func TestGolden(t *testing.T) { +@@ -89,6 +90,9 @@ func TestGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -580,7 +580,7 @@ index f9d1037c9b82b9..6b91d4388b73fe 100644 for _, g := range golden { h := New() h2 := New() -@@ -195,6 +199,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -196,6 +200,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -831,10 +831,10 @@ index dbcc1bec58bd46..b1e9d8e94c2c9e 100644 enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) if err == ErrMessageTooLong { diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index bc169888786321..e0d6f4c5040d91 100644 +index d0a9b1b46727fa..10ea3e8eeb6efd 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go -@@ -13,6 +13,7 @@ import ( +@@ -14,6 +14,7 @@ import ( "encoding" "fmt" "hash" @@ -842,7 +842,7 @@ index bc169888786321..e0d6f4c5040d91 100644 "io" "testing" ) -@@ -96,6 +97,9 @@ func TestGolden(t *testing.T) { +@@ -97,6 +98,9 @@ func TestGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -852,7 +852,7 @@ index bc169888786321..e0d6f4c5040d91 100644 h := New() h2 := New() for _, g := range golden { -@@ -197,6 +201,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -198,6 +202,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -907,10 +907,10 @@ index 02c597d785ef68..268f1fdd49ecd3 100644 } var d digest diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 7437655badee23..95c8688904c088 100644 +index 755ed4d238ee5a..b7212e3f3c2175 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go -@@ -13,6 +13,7 @@ import ( +@@ -14,6 +14,7 @@ import ( "encoding" "fmt" "hash" @@ -918,7 +918,7 @@ index 7437655badee23..95c8688904c088 100644 "io" "testing" ) -@@ -139,6 +140,9 @@ func TestGolden(t *testing.T) { +@@ -140,6 +141,9 @@ func TestGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -928,7 +928,7 @@ index 7437655badee23..95c8688904c088 100644 tests := []struct { name string newHash func() hash.Hash -@@ -184,6 +188,9 @@ func TestGoldenMarshal(t *testing.T) { +@@ -185,6 +189,9 @@ func TestGoldenMarshal(t *testing.T) { } func TestMarshalTypeMismatch(t *testing.T) { @@ -938,7 +938,7 @@ index 7437655badee23..95c8688904c088 100644 h1 := New() h2 := New224() -@@ -273,6 +280,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -274,6 +281,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -949,10 +949,10 @@ index 7437655badee23..95c8688904c088 100644 h := New() diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index 2fef7ddae07480..979e4c69ab710c 100644 +index b63e3af59f3829..121cf04e54cd87 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go -@@ -14,6 +14,7 @@ import ( +@@ -15,6 +15,7 @@ import ( "encoding/hex" "fmt" "hash" @@ -960,7 +960,7 @@ index 2fef7ddae07480..979e4c69ab710c 100644 "io" "testing" ) -@@ -719,6 +720,9 @@ func TestGolden(t *testing.T) { +@@ -720,6 +721,9 @@ func TestGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -970,7 +970,7 @@ index 2fef7ddae07480..979e4c69ab710c 100644 tests := []struct { name string newHash func() hash.Hash -@@ -766,6 +770,9 @@ func TestGoldenMarshal(t *testing.T) { +@@ -767,6 +771,9 @@ func TestGoldenMarshal(t *testing.T) { } func TestMarshalMismatch(t *testing.T) { @@ -980,7 +980,7 @@ index 2fef7ddae07480..979e4c69ab710c 100644 h := []func() hash.Hash{ New, New384, -@@ -872,6 +879,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -873,6 +880,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -1043,7 +1043,7 @@ index 9c1d3d279c472f..0ca7a863b73690 100644 package fipsonly diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index f24c2671acd435..f88fcad4e78f0d 100644 +index 503a732e05765e..db8919aaf9cbdd 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -14,6 +14,7 @@ import ( @@ -1123,19 +1123,19 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 097f35ca01aa5b..fe0aa0cc92b35b 100644 +index c842df62ecee5b..1e6b6b1324624a 100644 --- a/src/go.mod +++ b/src/go.mod -@@ -4,6 +4,7 @@ go 1.23 +@@ -4,6 +4,7 @@ go 1.24 require ( github.com/golang-fips/openssl/v2 v2.0.3 + github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 - golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a - golang.org/x/net v0.25.1-0.20240603202750-6249541f2a6c + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index fac8a0626146bc..43ae325dc538d2 100644 +index 138066f5f84b68..31b48ffe22c863 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ @@ -1143,11 +1143,11 @@ index fac8a0626146bc..43ae325dc538d2 100644 github.com/golang-fips/openssl/v2 v2.0.3/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= +github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 h1:KQsPPal3pKvKzAPTaR7sEriaqrHmRWw0dWG/7E5FNNk= +github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103/go.mod h1:fveERXKbeK+XLmOyU24caKnIT/S5nniAX9XCRHfnrM4= - golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a h1:37MIv+iGfwMYzWJECGyrPCtd5nuqcciRUeJfkNCkCf0= - golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= - golang.org/x/net v0.25.1-0.20240603202750-6249541f2a6c h1:CR/7/SLUhIJw6g675eeoDiwggElO2MV9rGkNYjqi8GM= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 15f4bb124b8528..82b38763d02d6c 100644 +index 26570cdadda16d..b48078b3866fa1 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -459,6 +459,10 @@ var depsRules = ` diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index f4b8a4a02e4..d3deddb5573 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -9485,7 +9485,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 2868749b894fb2..5b911da9df470b 100644 +index 7562f74b39ada6..95f7d5ee47b3c1 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -9500,6 +9500,6 @@ index 2868749b894fb2..5b911da9df470b 100644 +github.com/microsoft/go-crypto-winnative/internal/bcrypt +github.com/microsoft/go-crypto-winnative/internal/subtle +github.com/microsoft/go-crypto-winnative/internal/sysdll - # golang.org/x/crypto v0.23.1-0.20240603234054-0b431c7de36a - ## explicit; go 1.18 + # golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 + ## explicit; go 1.20 golang.org/x/crypto/chacha20 From c6391306f0bd65bf8acedafc6b1cf7e977d0b165 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Mon, 29 Jul 2024 16:07:22 +0000 Subject: [PATCH 003/887] Update submodule to latest master (6b2ffc72): cmd: extract cmd/go's cfg.LookPath into separate pathcache package --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index c7ea20195a3..6b2ffc72b67 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit c7ea20195a3415668047eebdc488a4af1f629f04 +Subproject commit 6b2ffc72b67713de4f08915937a64392aa4dbff0 From e67f8f4bd6d0a8f34a75e11f0ee41a1e79ddc16f Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Fri, 2 Aug 2024 15:57:15 -0700 Subject: [PATCH 004/887] Merge _core into _util, adding dependency tests --- .github/dependabot.yml | 5 - eng/_core/README.md | 30 ------ eng/_core/go.mod | 7 -- eng/_core/patch/patch.go | 76 -------------- eng/_core/submodule/submodule.go | 98 ------------------- eng/_util/README.md | 41 +++++++- eng/{_core => _util}/buildutil/buildutil.go | 0 eng/{_core => _util}/cmd/build/build.go | 16 +-- eng/{_core => _util}/cmd/cmdscan/cmdscan.go | 0 .../createbuildassetjson/nonminimaldeps.go | 9 ++ eng/_util/cmd/run-builder/nonminimaldeps.go | 9 ++ eng/_util/cmd/run-builder/run-builder.go | 2 +- eng/_util/cmd/selftest/selftest.go | 52 ++++++++++ .../submodule-refresh/submodule-refresh.go | 14 ++- .../cmd/updatelinktable/updatelinktable.go | 2 +- .../cmd/write-checksum/write-checksum.go | 0 eng/_util/go.mod | 3 - .../internal/depsinitpanic/depsinitpanic.go | 14 +++ .../supportdata/supportdata.go | 0 eng/_util/testutil/dependency_test.go | 77 +++++++++++++++ eng/pipeline/stages/run-stage.yml | 12 +++ eng/run.ps1 | 21 ++-- 22 files changed, 241 insertions(+), 247 deletions(-) delete mode 100644 eng/_core/README.md delete mode 100644 eng/_core/go.mod delete mode 100644 eng/_core/patch/patch.go delete mode 100644 eng/_core/submodule/submodule.go rename eng/{_core => _util}/buildutil/buildutil.go (100%) rename eng/{_core => _util}/cmd/build/build.go (97%) rename eng/{_core => _util}/cmd/cmdscan/cmdscan.go (100%) create mode 100644 eng/_util/cmd/createbuildassetjson/nonminimaldeps.go create mode 100644 eng/_util/cmd/run-builder/nonminimaldeps.go create mode 100644 eng/_util/cmd/selftest/selftest.go rename eng/{_core => _util}/cmd/submodule-refresh/submodule-refresh.go (82%) rename eng/{_core => _util}/cmd/write-checksum/write-checksum.go (100%) create mode 100644 eng/_util/internal/depsinitpanic/depsinitpanic.go rename eng/{_core => _util}/supportdata/supportdata.go (100%) create mode 100644 eng/_util/testutil/dependency_test.go diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3979801675d..40eee4603e3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,11 +9,6 @@ updates: schedule: interval: daily open-pull-requests-limit: 10 -- package-ecosystem: gomod - directory: "eng/_core" - schedule: - interval: daily - open-pull-requests-limit: 10 - package-ecosystem: gomod directory: "eng/_util" schedule: diff --git a/eng/_core/README.md b/eng/_core/README.md deleted file mode 100644 index 00e5a681990..00000000000 --- a/eng/_core/README.md +++ /dev/null @@ -1,30 +0,0 @@ -## `github.com/microsoft/go/_core` - -This module is a set of utilities Microsoft uses to build Go in Azure DevOps and -maintain this repository. Run `eng/run.ps1 build -h` to list available build -options, or `eng/run.ps1` to list all commands in this module. - -Unlike `_util`, the `_core` module should have zero external dependencies and -only requires a stage 0 Go toolset to build. The commands in this module are -used to produce the signed Microsoft binaries. - -### Support for gotestsum wrapping -The `_util` module implements a gotestsum wrapper around `_core`'s `build` -command. This requires some features in `_core` that accommodate gotestsum but -don't make sense as standalone features a dev would use. For example, JSON test -output and stderr redirection to stdout. - -The high-level execution flow looks roughly like this when running in CI: - -* `eng/pipeline/jobs/run-stage.yml` - runs: -* `eng/run.ps1 run-builder -test -builder linux-amd64-test -junitfile [...]` - which runs the Go function: -* `gotestsum.Run(... eng/run.ps1 build -test -json ...)` - which runs and captures the output of: -* `eng/run.ps1 build -test -json` - which runs [`cmd/build/build.go`](cmd/build/build.go) in this module. - -This is not currently used in our CI because this process seems to cut off -some test output: -[microsoft/go#1114](https://github.com/microsoft/go/issues/1114). diff --git a/eng/_core/go.mod b/eng/_core/go.mod deleted file mode 100644 index d1de3bc0886..00000000000 --- a/eng/_core/go.mod +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -module github.com/microsoft/go/_core - -go 1.21 diff --git a/eng/_core/patch/patch.go b/eng/_core/patch/patch.go deleted file mode 100644 index 88e25d8e4db..00000000000 --- a/eng/_core/patch/patch.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package patch - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" -) - -type ApplyMode int - -const ( - // ApplyModeCommits applies patches as commits. This is useful for developing changes to the - // patches, because the commits can be automatically extracted back into patch files. - ApplyModeCommits ApplyMode = iota - // ApplyModeIndex applies patches as changes to the Git index and working tree. This means - // further changes to the Go source code will show up as unstaged changes, so if any intentional - // changes are performed in this state, they can be differentiated from the patch changes. - ApplyModeIndex -) - -// Apply runs a Git command to apply the patches in the repository onto the submodule. The exact Git -// command used ("am" or "apply") depends on the patch mode. -func Apply(rootDir string, mode ApplyMode) error { - goDir := filepath.Join(rootDir, "go") - patchDir := filepath.Join(rootDir, "patches") - - cmd := exec.Command("git") - cmd.Stdout = os.Stdout - cmd.Stderr = os.Stderr - cmd.Dir = goDir - - switch mode { - case ApplyModeCommits: - cmd.Args = append(cmd.Args, "am") - case ApplyModeIndex: - cmd.Args = append(cmd.Args, "apply", "--index") - default: - return fmt.Errorf("invalid patch mode '%v'", mode) - } - - // Trailing whitespace may be present in the patch files. Don't emit warnings for it here. These - // warnings should be avoided when authoring each patch file. If we made it to this point, it's - // too late to cause noisy warnings because of them. - cmd.Args = append(cmd.Args, "--whitespace=nowarn") - - // ReadDir returns alphabetical order for patches: we depend on it for the patch apply order. - entries, err := os.ReadDir(patchDir) - if err != nil { - return err - } - - for _, entry := range entries { - if entry.IsDir() { - continue - } - if filepath.Ext(entry.Name()) != ".patch" { - continue - } - cmd.Args = append(cmd.Args, filepath.Join(patchDir, entry.Name())) - } - - if err := runCmd(cmd); err != nil { - return err - } - return nil -} - -func runCmd(cmd *exec.Cmd) error { - fmt.Printf("---- Running command: %v\n", cmd.Args) - return cmd.Run() -} diff --git a/eng/_core/submodule/submodule.go b/eng/_core/submodule/submodule.go deleted file mode 100644 index 6fb4d54bb03..00000000000 --- a/eng/_core/submodule/submodule.go +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -package submodule - -import ( - "fmt" - "os" - "os/exec" - "path/filepath" -) - -// Init initializes and updates the submodule, but does not clean it. This func offers more options -// for initialization than Reset. If origin is defined, fetch the submodule from there instead of -// the default defined in '.gitmodules'. If fetchBearerToken is nonempty, use it as a bearer token -// during the fetch. If shallow is true, clone the submodule with depth 1. -func Init(rootDir, origin, fetchBearerToken string, shallow bool) error { - // Update the submodule commit, and initialize if it hasn't been done already. - command := []string{"git"} - if origin != "" { - command = append(command, "-c", "submodule.go.url="+origin) - } - if fetchBearerToken != "" { - command = append(command, "-c", "http.extraheader=AUTHORIZATION: bearer "+fetchBearerToken) - } - command = append(command, "submodule", "update", "--init") - if shallow { - command = append(command, "--depth", "1") - } - - if err := run(rootDir, command...); err != nil { - return err - } - return nil -} - -// Reset updates the submodule (with '--init'), resets all changes, and cleans all untracked files. -func Reset(rootDir string) error { - goDir := filepath.Join(rootDir, "go") - - // Update the submodule commit, and initialize if it hasn't been done already. - if err := run(rootDir, "git", "submodule", "update", "--init"); err != nil { - return err - } - - // Find toplevel directories (Git working tree roots) for the outer repo and what we expect to - // be the Go submodule. If the toplevel directory is the same for both, make sure not to clean! - // The submodule likely wasn't set up properly, and cleaning could result in unexpectedly losing - // work in the outer repo when the command spills over. - rootToplevel, err := getToplevel(rootDir) - if err != nil { - return err - } - goToplevel, err := getToplevel(goDir) - if err != nil { - return err - } - - if rootToplevel == goToplevel { - return fmt.Errorf("go submodule (%v) toplevel is the same as root (%v) toplevel: %v", goDir, rootDir, goToplevel) - } - - // Reset the index and working directory. This doesn't clean up new untracked files. - if err := run(goDir, "git", "reset", "--hard"); err != nil { - return err - } - // Delete untracked files detected by Git. Deliberately leave files that are ignored in - // '.gitignore': these files shouldn't interfere with the build process and could be used for - // incremental builds. - if err := run(goDir, "git", "clean", "-df"); err != nil { - return err - } - return nil -} - -func getToplevel(dir string) (string, error) { - c := exec.Command("git", "rev-parse", "--show-toplevel") - c.Dir = dir - out, err := c.CombinedOutput() - if err != nil { - return "", err - } - return string(out), nil -} - -func run(dir string, args ...string) error { - c := exec.Command(args[0], args[1:]...) - c.Stdout = os.Stdout - c.Stderr = os.Stderr - c.Dir = dir - return runCmd(c) -} - -func runCmd(cmd *exec.Cmd) error { - fmt.Printf("---- Running command: %v\n", cmd.Args) - return cmd.Run() -} diff --git a/eng/_util/README.md b/eng/_util/README.md index 870e9b96e02..6bd3f0c301e 100644 --- a/eng/_util/README.md +++ b/eng/_util/README.md @@ -1,9 +1,40 @@ ## `github.com/microsoft/go/_util` This module is a set of utilities Microsoft uses to build Go in Azure DevOps and -maintain this repository. Run `eng/run.ps1` to list the available commands and -see instructions on how to use them. +maintain this repository. Run `eng/run.ps1 build -h` to list available build +options, or `eng/run.ps1` to list all commands in this module. -The `_util` module requires the `gotestsum` library and doesn't vendor it. -`_util` is not strictly necessary to build Go, so it's ok if its dependencies -are downloaded when needed. CI avoids uses the `_util` module when possible. +### Minimal dependencies +Some commands in this module use minimal external dependencies. This reduces the +dependencies used to produce the signed Microsoft binaries. + +Commands that use more than the minimal external dependencies will panic upon +init if `MS_GO_UTIL_ALLOW_ONLY_MINIMAL_DEPS` is set to `1`. This makes it +possible to test our pipelines to make sure they only use the expected commands. + +The minimal dependencies are themselves tested by +`TestMinimalCommandDependencies` in `testutil`. It uses `go list` to ensure that +all commands that use more than the minimal set of dependencies include the +conditional panic upon init. + +### Support for gotestsum wrapping +The `run-builder` command implements a gotestsum wrapper around the `build` +command. This isn't implemented in `build` itself to keep dependencies for the +signed build low. There are some features in the build command that accommodate +gotestsum but don't make sense as standalone features a dev would use. For +example, JSON test output and stderr redirection to stdout. + +The high-level execution flow looks roughly like this when running in CI: + +* `eng/pipeline/jobs/run-stage.yml` + runs: +* `eng/run.ps1 run-builder -test -builder linux-amd64-test -junitfile [...]` + which runs the Go function: +* `gotestsum.Run(... eng/run.ps1 build -test -json ...)` + which runs and captures the output of: +* `eng/run.ps1 build -test -json` + which runs [`cmd/build/build.go`](cmd/build/build.go) in this module. + +> [!NOTE] +> This support is not currently used in our CI because this process seems to cut off some test output: +> [microsoft/go#1114](https://github.com/microsoft/go/issues/1114). diff --git a/eng/_core/buildutil/buildutil.go b/eng/_util/buildutil/buildutil.go similarity index 100% rename from eng/_core/buildutil/buildutil.go rename to eng/_util/buildutil/buildutil.go diff --git a/eng/_core/cmd/build/build.go b/eng/_util/cmd/build/build.go similarity index 97% rename from eng/_core/cmd/build/build.go rename to eng/_util/cmd/build/build.go index a316f6dd04d..7af05339872 100644 --- a/eng/_core/cmd/build/build.go +++ b/eng/_util/cmd/build/build.go @@ -15,9 +15,9 @@ import ( "runtime" "strings" - "github.com/microsoft/go/_core/buildutil" - "github.com/microsoft/go/_core/patch" - "github.com/microsoft/go/_core/submodule" + "github.com/microsoft/go-infra/patch" + "github.com/microsoft/go-infra/submodule" + "github.com/microsoft/go/_util/buildutil" ) const description = ` @@ -112,10 +112,14 @@ func build(o *options) error { } if o.Refresh { - if err := submodule.Reset(rootDir); err != nil { + config, err := patch.FindAncestorConfig(rootDir) + if err != nil { return err } - if err := patch.Apply(rootDir, patch.ApplyModeIndex); err != nil { + if err := submodule.Reset(rootDir, filepath.Join(config.RootDir, config.SubmoduleDir), true); err != nil { + return err + } + if err := patch.Apply(config, patch.ApplyModeIndex); err != nil { return err } } @@ -224,7 +228,7 @@ func build(o *options) error { // For example, if we're running in CI, gotestsum may be capturing our output to report in a // JUnit file. If gotestsum detects output in stderr, it prints it in an error message. This // error message stands out, and could mislead someone trying to diagnose a failed test run. - // Redirecting all stderr output avoids this scenario. (See /eng/_core/README.md for more + // Redirecting all stderr output avoids this scenario. (See /eng/_util/README.md for more // info on why we may be wrapped by gotestsum.) // // An example of benign stderr output is when the tests check for machine capabilities. A diff --git a/eng/_core/cmd/cmdscan/cmdscan.go b/eng/_util/cmd/cmdscan/cmdscan.go similarity index 100% rename from eng/_core/cmd/cmdscan/cmdscan.go rename to eng/_util/cmd/cmdscan/cmdscan.go diff --git a/eng/_util/cmd/createbuildassetjson/nonminimaldeps.go b/eng/_util/cmd/createbuildassetjson/nonminimaldeps.go new file mode 100644 index 00000000000..dd9d230013f --- /dev/null +++ b/eng/_util/cmd/createbuildassetjson/nonminimaldeps.go @@ -0,0 +1,9 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +// This command uses non-minimal dependencies, so ensure it can't be used while in minimal mode. + +import _ "github.com/microsoft/go/_util/internal/depsinitpanic" diff --git a/eng/_util/cmd/run-builder/nonminimaldeps.go b/eng/_util/cmd/run-builder/nonminimaldeps.go new file mode 100644 index 00000000000..dd9d230013f --- /dev/null +++ b/eng/_util/cmd/run-builder/nonminimaldeps.go @@ -0,0 +1,9 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +// This command uses non-minimal dependencies, so ensure it can't be used while in minimal mode. + +import _ "github.com/microsoft/go/_util/internal/depsinitpanic" diff --git a/eng/_util/cmd/run-builder/run-builder.go b/eng/_util/cmd/run-builder/run-builder.go index b3187737242..a256693ae5d 100644 --- a/eng/_util/cmd/run-builder/run-builder.go +++ b/eng/_util/cmd/run-builder/run-builder.go @@ -13,7 +13,7 @@ import ( "strconv" "strings" - "github.com/microsoft/go/_core/buildutil" + "github.com/microsoft/go/_util/buildutil" gotestsumcmd "gotest.tools/gotestsum/cmd" ) diff --git a/eng/_util/cmd/selftest/selftest.go b/eng/_util/cmd/selftest/selftest.go new file mode 100644 index 00000000000..dad8a235c4b --- /dev/null +++ b/eng/_util/cmd/selftest/selftest.go @@ -0,0 +1,52 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import ( + "flag" + "fmt" + "os" + "path/filepath" + + "github.com/microsoft/go-infra/executil" +) + +const description = ` +This command runs the _util self-tests using the stage 0 Go toolchain. +` + +func main() { + var help = flag.Bool("h", false, "Print this help message.") + + flag.Usage = func() { + fmt.Fprintf(flag.CommandLine.Output(), "Usage of selftest:\n") + flag.PrintDefaults() + fmt.Fprintf(flag.CommandLine.Output(), "%s\n", description) + } + + flag.Parse() + if *help { + flag.Usage() + return + } + + if err := run(); err != nil { + fmt.Fprintf(os.Stderr, "Error: %v\n", err) + os.Exit(1) + } +} + +func run() error { + stage0Goroot := os.Getenv("STAGE_0_GOROOT") + if stage0Goroot == "" { + return fmt.Errorf("STAGE_0_GOROOT not set") + } + + return executil.Run(executil.Dir( + filepath.Join("eng", "_util"), + filepath.Join(stage0Goroot, "bin", "go"), + "test", "./...", + )) +} diff --git a/eng/_core/cmd/submodule-refresh/submodule-refresh.go b/eng/_util/cmd/submodule-refresh/submodule-refresh.go similarity index 82% rename from eng/_core/cmd/submodule-refresh/submodule-refresh.go rename to eng/_util/cmd/submodule-refresh/submodule-refresh.go index 9566fb11511..e7902442346 100644 --- a/eng/_core/cmd/submodule-refresh/submodule-refresh.go +++ b/eng/_util/cmd/submodule-refresh/submodule-refresh.go @@ -8,9 +8,10 @@ import ( "flag" "fmt" "os" + "path/filepath" - "github.com/microsoft/go/_core/patch" - "github.com/microsoft/go/_core/submodule" + "github.com/microsoft/go-infra/patch" + "github.com/microsoft/go-infra/submodule" ) const description = ` @@ -54,7 +55,12 @@ func refresh(rootDir string) error { return err } - if err := submodule.Reset(rootDir); err != nil { + config, err := patch.FindAncestorConfig(rootDir) + if err != nil { + return err + } + + if err := submodule.Reset(rootDir, filepath.Join(config.RootDir, config.SubmoduleDir), true); err != nil { return err } @@ -67,7 +73,7 @@ func refresh(rootDir string) error { mode = patch.ApplyModeCommits } - if err := patch.Apply(rootDir, mode); err != nil { + if err := patch.Apply(config, mode); err != nil { return err } return nil diff --git a/eng/_util/cmd/updatelinktable/updatelinktable.go b/eng/_util/cmd/updatelinktable/updatelinktable.go index d6182800cb2..3dd0820f029 100644 --- a/eng/_util/cmd/updatelinktable/updatelinktable.go +++ b/eng/_util/cmd/updatelinktable/updatelinktable.go @@ -14,7 +14,7 @@ import ( "sort" "strings" - "github.com/microsoft/go/_core/supportdata" + "github.com/microsoft/go/_util/supportdata" ) var description = ` diff --git a/eng/_core/cmd/write-checksum/write-checksum.go b/eng/_util/cmd/write-checksum/write-checksum.go similarity index 100% rename from eng/_core/cmd/write-checksum/write-checksum.go rename to eng/_util/cmd/write-checksum/write-checksum.go diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 9fc9a55030f..a82c44f6020 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,6 @@ go 1.21 require ( github.com/microsoft/go-infra v0.0.3 - github.com/microsoft/go/_core v0.0.0 golang.org/x/sys v0.22.0 gotest.tools/gotestsum v1.12.0 ) @@ -27,5 +26,3 @@ require ( golang.org/x/term v0.20.0 // indirect golang.org/x/text v0.16.0 // indirect ) - -replace github.com/microsoft/go/_core => ../_core diff --git a/eng/_util/internal/depsinitpanic/depsinitpanic.go b/eng/_util/internal/depsinitpanic/depsinitpanic.go new file mode 100644 index 00000000000..7414968015e --- /dev/null +++ b/eng/_util/internal/depsinitpanic/depsinitpanic.go @@ -0,0 +1,14 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package depsinitpanic + +import "os" + +func init() { + const v = "MS_GO_UTIL_ALLOW_ONLY_MINIMAL_DEPS" + if os.Getenv(v) == "1" { + panic("This command may use more than minimal deps and can't be used while " + v + " is 1") + } +} diff --git a/eng/_core/supportdata/supportdata.go b/eng/_util/supportdata/supportdata.go similarity index 100% rename from eng/_core/supportdata/supportdata.go rename to eng/_util/supportdata/supportdata.go diff --git a/eng/_util/testutil/dependency_test.go b/eng/_util/testutil/dependency_test.go new file mode 100644 index 00000000000..d989b1ffc4d --- /dev/null +++ b/eng/_util/testutil/dependency_test.go @@ -0,0 +1,77 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package testutil + +import ( + "errors" + "os" + "os/exec" + "path/filepath" + "strings" + "testing" +) + +const nonMinimalDepsFilename = "nonminimaldeps.go" + +func TestMinimalCommandDependencies(t *testing.T) { + cmdList := combinedOutput(t, exec.Command("go", "list", "../cmd/...")) + cmdPackages := strings.Fields(cmdList) + if len(cmdPackages) == 0 { + t.Fatalf("no commands found") + } + + stdPackages := combinedOutput(t, exec.Command("go", "list", "std")) + stdPackageMap := make(map[string]struct{}) + for _, stdPackage := range strings.Fields(stdPackages) { + stdPackageMap[stdPackage] = struct{}{} + } + + for _, cmdPackage := range cmdPackages { + cmdPackage := cmdPackage + localPackage := strings.TrimPrefix(cmdPackage, "github.com/microsoft/go/_util/") + + t.Run(localPackage, func(t *testing.T) { + t.Parallel() + + if _, err := os.Stat(filepath.Join("..", localPackage, nonMinimalDepsFilename)); err != nil { + if errors.Is(err, os.ErrNotExist) { + // This package should have minimal deps. We need to check. + } else { + t.Fatalf("Failed to check whether to expect minimal deps for %q: %v", cmdPackage, err) + } + } else { + t.Logf("Skipping scan of %q (known to have non-minimal deps)", cmdPackage) + return + } + + depsString := combinedOutput(t, exec.Command("go", "list", "-f", `{{ join .Deps " " }}`, cmdPackage)) + + for _, dep := range strings.Fields(depsString) { + // Anything in the standard library is ok. Note: this uses the running version of + // Go, so introducing super new dependencies might seem to succeed locally with a + // new Go but fail in CI. + if _, ok := stdPackageMap[dep]; ok { + continue + } + // Allow some packages even in minimal mode. + if strings.HasPrefix(dep, "github.com/microsoft/go/_util/") || + strings.HasPrefix(dep, "github.com/microsoft/go-infra/") || + strings.HasPrefix(dep, "golang.org/x/") { + + continue + } + t.Errorf("error: depends on %q", dep) + } + }) + } +} + +func combinedOutput(t *testing.T, c *exec.Cmd) string { + out, err := c.CombinedOutput() + if err != nil { + t.Fatalf("error running %v: %v, output:\n%s", c, err, out) + } + return string(out) +} diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index 7f54fcc2d33..d79dcbd6b52 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -79,6 +79,12 @@ stages: - name: createPDB value: ${{ and(eq(parameters.createSymbols, true), eq(parameters.builder.config, 'buildandpack'), eq(parameters.builder.os, 'windows')) }} # Only create PDBs on Windows + - ${{ if eq(parameters.builder.config, 'buildandpack') }}: + # Make sure a PR doesn't accidentally add a command that uses more than minimal + # dependencies to the buildandpack pipeline. + - name: MS_GO_UTIL_ALLOW_ONLY_MINIMAL_DEPS + value: '1' + - ${{ if eq(parameters.builder.config, 'codeql_inner') }}: # Manually specify the repository being scanned by this job because # CodeQL can't detect the inner repository (the submodule) @@ -140,6 +146,12 @@ stages: # Set Git authorship info for 'cmd/go TestScript/build_buildvcs_auto'. - template: ../steps/set-bot-git-author-task.yml + # Run the _util tests during the devscript configuration. + # It generally shouldn't matter which config these run in, we just need to pick something. + - ${{ if eq(parameters.builder.config, 'devscript') }}: + - pwsh: eng/run.ps1 selftest + displayName: Run _util self-tests + - pwsh: | # Apply the patches as staged changes, so the HEAD commit is the same as upstream. eng/run.ps1 submodule-refresh diff --git a/eng/run.ps1 b/eng/run.ps1 index a12878de720..07d3c9fa7dd 100644 --- a/eng/run.ps1 +++ b/eng/run.ps1 @@ -4,7 +4,7 @@ <# .DESCRIPTION -This script builds and runs a tool defined in a module in 'eng'. +This script builds and runs a tool defined in 'eng/_util'. To run a tool: run.ps1 [arguments...] @@ -15,9 +15,9 @@ For example, to build the repository: To list all possible tools: run.ps1 -Builds 'eng//cmd//.go' and runs it using the list of +Builds 'eng/_util/cmd//.go' and runs it using the list of arguments. If necessary, this command automatically installs Go and downloads -the dependencies of the module. +the dependencies of the tool. Every tool accepts a '-h' argument to show tool usage help. #> @@ -39,24 +39,23 @@ if ($LASTEXITCODE) { function Write-ToolList() { Write-Host "Possible tools:" - foreach ($module in Get-ChildItem (Join-Path $PSScriptRoot "_*")) { - Write-Host " Module $($module.Name):" - foreach ($tool in Get-ChildItem (Join-Path $module "cmd" "*")) { - Write-Host " $($tool.Name)" - } + foreach ($tool in Get-ChildItem (Join-Path $PSScriptRoot "_util" "cmd" "*")) { + Write-Host " $($tool.Name)" } Write-Host "" } if (-not $tool) { Write-Host "No tool specified. Showing help and listing available tools:" - (Get-Help $PSCommandPath).DESCRIPTION | Out-String | Write-Host + Write-Host "" + ((Get-Help $PSCommandPath).DESCRIPTION | Out-String).Trim() | Write-Host + Write-Host "" Write-ToolList exit 0 } # Find tool script file based on the name given. -$tool_search = Join-Path $PSScriptRoot "_*" "cmd" "$tool" "$tool.go" +$tool_search = Join-Path $PSScriptRoot "_util" "cmd" "$tool" "$tool.go" # Find matches, and force the result to be an array. $tool_matches = @(Get-Item $tool_search) @@ -111,7 +110,7 @@ try { } } - Write-Host "Building done." + Write-Host "Built '$tool'. Running from repo root..." } finally { Pop-Location } From fc41c9984652a8c35a2eb8a853fc9939b4170005 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 20:14:30 +0000 Subject: [PATCH 005/887] Bump github.com/microsoft/go-infra from 0.0.3 to 0.0.4 in /eng/_util (#1288) Bumps [github.com/microsoft/go-infra](https://github.com/microsoft/go-infra) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/microsoft/go-infra/releases) - [Commits](https://github.com/microsoft/go-infra/compare/v0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: github.com/microsoft/go-infra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index a82c44f6020..f1437a7f7fe 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -7,7 +7,7 @@ module github.com/microsoft/go/_util go 1.21 require ( - github.com/microsoft/go-infra v0.0.3 + github.com/microsoft/go-infra v0.0.4 golang.org/x/sys v0.22.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index d13913f4933..5eafd192581 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -27,8 +27,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= -github.com/microsoft/go-infra v0.0.3 h1:HfmZFPfUOlvvzd97XBTwhq1EJ0AlSuIzqSq/ymjaBr4= -github.com/microsoft/go-infra v0.0.3/go.mod h1:9QccxlHX1T63uM8cDwU77h26G53XXuydobGbDHxmR7M= +github.com/microsoft/go-infra v0.0.4 h1:VOAdESUaBMpwY+tzlvQbD2coSjP7gMNXB8FCfsdFmGk= +github.com/microsoft/go-infra v0.0.4/go.mod h1:FxSudYLTYTeK3vMXD7Mpvs6rjHg4YU1/M1w3t7PfSBU= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= From 7050a8a18aa4c6060ddd687254cea602efe6da52 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 21:05:35 +0000 Subject: [PATCH 006/887] Bump golang.org/x/sys from 0.22.0 to 0.23.0 in /eng/_util (#1286) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.23.0. - [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index f1437a7f7fe..28accad62b8 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,7 @@ go 1.21 require ( github.com/microsoft/go-infra v0.0.4 - golang.org/x/sys v0.22.0 + golang.org/x/sys v0.23.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 5eafd192581..d83e4a87fca 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -79,8 +79,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From 9f169eeae2db901642728a84a87e78f67cc879ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 9 Aug 2024 10:32:09 +0000 Subject: [PATCH 007/887] Bump golang.org/x/sys from 0.23.0 to 0.24.0 in /eng/_util Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.23.0 to 0.24.0. - [Commits](https://github.com/golang/sys/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 28accad62b8..d8e3d41ab23 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,7 @@ go 1.21 require ( github.com/microsoft/go-infra v0.0.4 - golang.org/x/sys v0.23.0 + golang.org/x/sys v0.24.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index d83e4a87fca..4992e0cc7d9 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -79,8 +79,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From a8c12e95755e7efdcf100e2b5224318f06a356e4 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Fri, 9 Aug 2024 11:02:44 -0700 Subject: [PATCH 008/887] README.md: mention upstream golang-announce, clarifications --- README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 2e827154062..c3009378547 100644 --- a/README.md +++ b/README.md @@ -15,11 +15,6 @@ of Go](https://go.dev/dl/). Unless otherwise noted, the Go source files are distributed under the BSD-style license found in the LICENSE file. -If you are using this fork and have a Microsoft corporate account, consider -[clicking here to instantly join the Microsoft Go Toolset Announcements email distribution list 📧](https://idwebelements.microsoft.com/GroupManagement.aspx?Group=golang-announce&Operation=join) -and receive notifications about Microsoft releases of Go and breaking changes. -We also maintain an [internal doc page](https://eng.ms/docs/more/languages-at-microsoft/go/articles/overview). - ## Why does this fork exist? This repository produces a modified version of Go that can be used to build FIPS @@ -52,8 +47,15 @@ This normally happens once a month. At any time, we may release a new revision (1.X.Y-Z) to fix an issue without waiting for the next upstream minor release. Revision releases are uncommon. -Each microsoft/go release is announced in -[a Microsoft-internal email distribution list 📧](https://idwebelements.microsoft.com/GroupManagement.aspx?Group=golang-announce&Operation=join) and the [Microsoft for Go Developers](https://devblogs.microsoft.com/go/) blog. +Each microsoft/go release is announced at the +[Microsoft for Go Developers](https://devblogs.microsoft.com/go/) blog. +Check out the upstream [golang-announce mailing list](https://groups.google.com/g/golang-announce) +for a summary of the changes in each Go version. + +There are a few additional support resources internal to Microsoft: +* [Languages at Microsoft: Go](https://eng.ms/docs/more/languages-at-microsoft/go/articles/overview). +* [A Microsoft-internal email distribution list 📧 (instant join link)](https://idwebelements.microsoft.com/GroupManagement.aspx?Group=golang-announce&Operation=join) + for release announcements. ## Download and install @@ -88,7 +90,7 @@ includes builds of this Go fork. ### Binary archive -[Completed builds of Go](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/Downloads.md) +[Signed builds of Go](https://github.com/microsoft/go/blob/microsoft/main/eng/doc/Downloads.md) for several platforms are available as `zip` and `tar.gz` files. ### Build from source From a976ecee6547b3f1cb63fc9224df79384b20b9a0 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 14 Aug 2024 10:21:32 -0700 Subject: [PATCH 009/887] Add an hour to all builder timeouts --- eng/pipeline/stages/run-stage.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index d79dcbd6b52..d7d7d5b9879 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -57,10 +57,12 @@ stages: # longtest has been seen to succeed after 53 minutes. Give around 3x headroom. In the future, # we should also give the tests a shorter timeout to make sure this doesn't balloon too far: # https://github.com/microsoft/go/issues/568 - timeoutInMinutes: 180 - ${{ if startsWith(parameters.builder.config, 'codeql') }}: + timeoutInMinutes: 240 + ${{ elseif startsWith(parameters.builder.config, 'codeql') }}: # Allow CodeQL to take a while. https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/configuring-codeql3000-ado-pipelines#other-issues - timeoutInMinutes: 360 + timeoutInMinutes: 420 + ${{ else }}: + timeoutInMinutes: 120 pool: ${{ parameters.pool }} From 85b92d184218aca6df6f33d92b88ce5622e07a11 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Thu, 15 Aug 2024 09:49:50 -0700 Subject: [PATCH 010/887] Update download table for 1.23 --- .../cmd/updatelinktable/updatelinktable.go | 4 +- eng/doc/Downloads.md | 14 +-- eng/doc/release-branch-links.json | 112 +++++++++--------- 3 files changed, 65 insertions(+), 65 deletions(-) diff --git a/eng/_util/cmd/updatelinktable/updatelinktable.go b/eng/_util/cmd/updatelinktable/updatelinktable.go index 3dd0820f029..d5769fc883a 100644 --- a/eng/_util/cmd/updatelinktable/updatelinktable.go +++ b/eng/_util/cmd/updatelinktable/updatelinktable.go @@ -23,7 +23,7 @@ This command updates the table in ` + docPath + ` and data in ` + jsonPath + `. var supported = []version{ { - Number: "1.22", + Number: "1.23", LatestStable: true, Platforms: map[string]struct{}{ "linux-amd64": {}, @@ -35,7 +35,7 @@ var supported = []version{ }, }, { - Number: "1.21", + Number: "1.22", PreviousStable: true, Platforms: map[string]struct{}{ "linux-amd64": {}, diff --git a/eng/doc/Downloads.md b/eng/doc/Downloads.md index c4811ea3843..96a22dc1654 100644 --- a/eng/doc/Downloads.md +++ b/eng/doc/Downloads.md @@ -10,14 +10,14 @@ This document contains a list of links to the binary releases of the Microsoft b -| | 1.22 | 1.21 | +| | 1.23 | 1.22 | | --- | --- | --- | -| Source code | - [Source (tar.gz)](https://aka.ms/golang/release/latest/go1.22.src.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sig)
| - [Source (tar.gz)](https://aka.ms/golang/release/latest/go1.21.src.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.21.src.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.21.src.tar.gz.sig)
| - Metadata | - [Asset manifest (json)](https://aka.ms/golang/release/latest/go1.22.assets.json)
| - [Asset manifest (json)](https://aka.ms/golang/release/latest/go1.21.assets.json)
| - linux-amd64 | - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sig)
| - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.21.linux-amd64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.21.linux-amd64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.21.linux-amd64.tar.gz.sig)
| - linux-arm64 | - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sig)
| - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.21.linux-arm64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.21.linux-arm64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.21.linux-arm64.tar.gz.sig)
| - linux-armv6l | - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sig)
| - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.21.linux-armv6l.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.21.linux-armv6l.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.21.linux-armv6l.tar.gz.sig)
| - windows-amd64 | - [Binaries (zip)](https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip.sha256)
| - [Binaries (zip)](https://aka.ms/golang/release/latest/go1.21.windows-amd64.zip)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.21.windows-amd64.zip.sha256)
| +| Source code | - [Source (tar.gz)](https://aka.ms/golang/release/latest/go1.23.src.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.23.src.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.23.src.tar.gz.sig)
| - [Source (tar.gz)](https://aka.ms/golang/release/latest/go1.22.src.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sig)
| + Metadata | - [Asset manifest (json)](https://aka.ms/golang/release/latest/go1.23.assets.json)
| - [Asset manifest (json)](https://aka.ms/golang/release/latest/go1.22.assets.json)
| + linux-amd64 | - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.23.linux-amd64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.23.linux-amd64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.23.linux-amd64.tar.gz.sig)
| - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sig)
| + linux-arm64 | - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.23.linux-arm64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.23.linux-arm64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.23.linux-arm64.tar.gz.sig)
| - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sig)
| + linux-armv6l | - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.23.linux-armv6l.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.23.linux-armv6l.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.23.linux-armv6l.tar.gz.sig)
| - [Binaries (tar.gz)](https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sha256)
- [Signature1](https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sig)
| + windows-amd64 | - [Binaries (zip)](https://aka.ms/golang/release/latest/go1.23.windows-amd64.zip)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.23.windows-amd64.zip.sha256)
| - [Binaries (zip)](https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip)
- [Checksum (SHA256)](https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip.sha256)
| diff --git a/eng/doc/release-branch-links.json b/eng/doc/release-branch-links.json index 61e83b9b4bf..5a49cdb09ce 100644 --- a/eng/doc/release-branch-links.json +++ b/eng/doc/release-branch-links.json @@ -1,129 +1,129 @@ [ { - "version": "go1.22", + "version": "go1.23", "stable": true, "latestStable": true, "files": [ { - "filename": "go1.22.src.tar.gz", + "filename": "go1.23.src.tar.gz", "os": "", "arch": "", - "version": "go1.22", + "version": "go1.23", "kind": "source", - "url": "https://aka.ms/golang/release/latest/go1.22.src.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.23.src.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.23.src.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.23.src.tar.gz.sig" }, { - "filename": "go1.22.assets.json", + "filename": "go1.23.assets.json", "os": "", "arch": "", - "version": "go1.22", + "version": "go1.23", "kind": "manifest", - "url": "https://aka.ms/golang/release/latest/go1.22.assets.json" + "url": "https://aka.ms/golang/release/latest/go1.23.assets.json" }, { - "filename": "go1.22.linux-amd64.tar.gz", + "filename": "go1.23.linux-amd64.tar.gz", "os": "linux", "arch": "amd64", - "version": "go1.22", + "version": "go1.23", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.23.linux-amd64.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.23.linux-amd64.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.23.linux-amd64.tar.gz.sig" }, { - "filename": "go1.22.linux-arm64.tar.gz", + "filename": "go1.23.linux-arm64.tar.gz", "os": "linux", "arch": "arm64", - "version": "go1.22", + "version": "go1.23", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.23.linux-arm64.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.23.linux-arm64.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.23.linux-arm64.tar.gz.sig" }, { - "filename": "go1.22.linux-armv6l.tar.gz", + "filename": "go1.23.linux-armv6l.tar.gz", "os": "linux", "arch": "armv6l", - "version": "go1.22", + "version": "go1.23", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.23.linux-armv6l.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.23.linux-armv6l.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.23.linux-armv6l.tar.gz.sig" }, { - "filename": "go1.22.windows-amd64.zip", + "filename": "go1.23.windows-amd64.zip", "os": "windows", "arch": "amd64", - "version": "go1.22", + "version": "go1.23", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip", - "checksumURL": "https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip.sha256" + "url": "https://aka.ms/golang/release/latest/go1.23.windows-amd64.zip", + "checksumURL": "https://aka.ms/golang/release/latest/go1.23.windows-amd64.zip.sha256" } ] }, { - "version": "go1.21", + "version": "go1.22", "stable": true, "previousStable": true, "files": [ { - "filename": "go1.21.src.tar.gz", + "filename": "go1.22.src.tar.gz", "os": "", "arch": "", - "version": "go1.21", + "version": "go1.22", "kind": "source", - "url": "https://aka.ms/golang/release/latest/go1.21.src.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.21.src.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.21.src.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.22.src.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.22.src.tar.gz.sig" }, { - "filename": "go1.21.assets.json", + "filename": "go1.22.assets.json", "os": "", "arch": "", - "version": "go1.21", + "version": "go1.22", "kind": "manifest", - "url": "https://aka.ms/golang/release/latest/go1.21.assets.json" + "url": "https://aka.ms/golang/release/latest/go1.22.assets.json" }, { - "filename": "go1.21.linux-amd64.tar.gz", + "filename": "go1.22.linux-amd64.tar.gz", "os": "linux", "arch": "amd64", - "version": "go1.21", + "version": "go1.22", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.21.linux-amd64.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.21.linux-amd64.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.21.linux-amd64.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.22.linux-amd64.tar.gz.sig" }, { - "filename": "go1.21.linux-arm64.tar.gz", + "filename": "go1.22.linux-arm64.tar.gz", "os": "linux", "arch": "arm64", - "version": "go1.21", + "version": "go1.22", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.21.linux-arm64.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.21.linux-arm64.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.21.linux-arm64.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.22.linux-arm64.tar.gz.sig" }, { - "filename": "go1.21.linux-armv6l.tar.gz", + "filename": "go1.22.linux-armv6l.tar.gz", "os": "linux", "arch": "armv6l", - "version": "go1.21", + "version": "go1.22", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.21.linux-armv6l.tar.gz", - "checksumURL": "https://aka.ms/golang/release/latest/go1.21.linux-armv6l.tar.gz.sha256", - "signatureURL": "https://aka.ms/golang/release/latest/go1.21.linux-armv6l.tar.gz.sig" + "url": "https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz", + "checksumURL": "https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sha256", + "signatureURL": "https://aka.ms/golang/release/latest/go1.22.linux-armv6l.tar.gz.sig" }, { - "filename": "go1.21.windows-amd64.zip", + "filename": "go1.22.windows-amd64.zip", "os": "windows", "arch": "amd64", - "version": "go1.21", + "version": "go1.22", "kind": "archive", - "url": "https://aka.ms/golang/release/latest/go1.21.windows-amd64.zip", - "checksumURL": "https://aka.ms/golang/release/latest/go1.21.windows-amd64.zip.sha256" + "url": "https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip", + "checksumURL": "https://aka.ms/golang/release/latest/go1.22.windows-amd64.zip.sha256" } ] } From 294feac5a41d50e2ef261d6acca9feb017f873d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 10:03:46 -0700 Subject: [PATCH 011/887] Bump github.com/microsoft/go-infra from 0.0.4 to 0.0.5 in /eng/_util (#1302) Bumps [github.com/microsoft/go-infra](https://github.com/microsoft/go-infra) from 0.0.4 to 0.0.5. - [Release notes](https://github.com/microsoft/go-infra/releases) - [Commits](https://github.com/microsoft/go-infra/compare/v0.0.4...v0.0.5) --- updated-dependencies: - dependency-name: github.com/microsoft/go-infra dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- eng/_util/go.mod | 6 +++--- eng/_util/go.sum | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index d8e3d41ab23..bd5a3438880 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -7,7 +7,7 @@ module github.com/microsoft/go/_util go 1.21 require ( - github.com/microsoft/go-infra v0.0.4 + github.com/microsoft/go-infra v0.0.5 golang.org/x/sys v0.24.0 gotest.tools/gotestsum v1.12.0 ) @@ -22,7 +22,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 // indirect - golang.org/x/sync v0.7.0 // indirect + golang.org/x/sync v0.8.0 // indirect golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/text v0.17.0 // indirect ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 4992e0cc7d9..b4f3ffc29fc 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -27,8 +27,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= -github.com/microsoft/go-infra v0.0.4 h1:VOAdESUaBMpwY+tzlvQbD2coSjP7gMNXB8FCfsdFmGk= -github.com/microsoft/go-infra v0.0.4/go.mod h1:FxSudYLTYTeK3vMXD7Mpvs6rjHg4YU1/M1w3t7PfSBU= +github.com/microsoft/go-infra v0.0.5 h1:2vfRe5hJUwJvnXcHDJiv/gqE0XIqCHnwXBFxXRm5+SI= +github.com/microsoft/go-infra v0.0.5/go.mod h1:abvc0FBd6VZIdqeJEgo3+SDIE3wSbjpvPhRZ0i21pls= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -61,8 +61,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -102,8 +102,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -112,8 +112,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gotest.tools/gotestsum v1.12.0 h1:CmwtaGDkHxrZm4Ib0Vob89MTfpc3GrEFMJKovliPwGk= gotest.tools/gotestsum v1.12.0/go.mod h1:fAvqkSptospfSbQw26CTYzNwnsE/ztqLeyhP0h67ARY= From 3728ff40d3c539a4bef5b0b74239be043a9b4de1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Sep 2024 10:07:56 -0700 Subject: [PATCH 012/887] Bump golang.org/x/sys from 0.24.0 to 0.25.0 in /eng/_util (#1306) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.24.0 to 0.25.0. - [Commits](https://github.com/golang/sys/compare/v0.24.0...v0.25.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index bd5a3438880..8070ff56995 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,7 @@ go 1.21 require ( github.com/microsoft/go-infra v0.0.5 - golang.org/x/sys v0.24.0 + golang.org/x/sys v0.25.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index b4f3ffc29fc..da93b1e3eb9 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -79,8 +79,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From e4cb0def83381bc368b7806d8b129ffdf38cfd28 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 10 Sep 2024 14:32:02 -0700 Subject: [PATCH 013/887] FIPS user guide: explain "bcrypt" (#1314) --- eng/doc/fips/UserGuide.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/eng/doc/fips/UserGuide.md b/eng/doc/fips/UserGuide.md index 258cf0e672e..2ed486e3204 100644 --- a/eng/doc/fips/UserGuide.md +++ b/eng/doc/fips/UserGuide.md @@ -4,7 +4,10 @@ This document is a user guide for the Microsoft Go crypto package running on FIP The Go crypto documentation is available online at https://pkg.go.dev/crypto. + + - [FIPS 140-2 User Guide](#fips-140-2-user-guide) + - [The Microsoft Go crypto backends](#the-microsoft-go-crypto-backends) - [Using Go crypto APIs](#using-go-crypto-apis) - [crypto/aes](#cryptoaes) - [func NewCipher](#func-newcipher) @@ -92,6 +95,23 @@ The Go crypto documentation is available online at https://pkg.go.dev/crypto. - [crypto/subtle](#cryptosubtle) - [crypto/tls](#cryptotls) +## The Microsoft Go crypto backends + +The OpenSSL backend uses [golang-fips/openssl]. +The CNG backend uses [go-crypto-winnative]. +For more general information about the backends, such as how to enable them, see the [Microsoft Go FIPS README](./README.md). + +[golang-fips/openssl]: https://github.com/golang-fips/openssl +[go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative + +> [!NOTE] +> The CNG backend uses a module called "bcrypt" to interact with CNG. +> Some identifiers and functions used by the CNG backend include a "bcrypt" prefix, referring to the "bcrypt" CNG module. +> For example, `BCryptGenRandom` is a function that generates random numbers using CNG. +> +> There is also a password hashing algorithm called "bcrypt". +> It is unrelated, and not in the scope of this document. + ## Using Go crypto APIs This section describes how to use Go crypto APIs in a FIPS compliant manner. From ddabaf225ddf5150f46728d4864d1f2d90b71d37 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 18 Sep 2024 12:36:20 +0200 Subject: [PATCH 014/887] upgrade golang-fips/openssl to latest --- patches/0004-Add-OpenSSL-crypto-backend.patch | 20 +- patches/0005-Add-CNG-crypto-backend.patch | 14 +- patches/0006-Vendor-crypto-backends.patch | 1542 +++++++++++++---- 3 files changed, 1188 insertions(+), 388 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index e97bf99ff3f..123a8f92fa4 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -714,32 +714,32 @@ index c83a7272c9f01f..a0548a7f9179c5 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index d7a4ef150410e3..c842df62ecee5b 100644 +index d7a4ef150410e3..7a6455fefb4bed 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std go 1.24 require ( -+ github.com/golang-fips/openssl/v2 v2.0.3 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 8ff5ecd640f084..138066f5f84b68 100644 +index 8ff5ecd640f084..c502448cd5ec1b 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.3 h1:9+J2R0BQio6Jz8+dPZf/0ylISByl0gZWjTEKm+J+y7Y= -+github.com/golang-fips/openssl/v2 v2.0.3/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 26301398c5820c..26570cdadda16d 100644 +index ca6a512bf95c7e..e69c1f8901fe74 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -459,6 +459,8 @@ var depsRules = ` +@@ -460,6 +460,8 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -748,7 +748,7 @@ index 26301398c5820c..26570cdadda16d 100644 < crypto/internal/boring < crypto/internal/backend < crypto/boring; -@@ -497,6 +499,7 @@ var depsRules = ` +@@ -498,6 +500,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -756,7 +756,7 @@ index 26301398c5820c..26570cdadda16d 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -796,7 +799,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -797,7 +800,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -765,7 +765,7 @@ index 26301398c5820c..26570cdadda16d 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -806,7 +809,7 @@ func findImports(pkg string) ([]string, error) { +@@ -807,7 +810,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 5fed3d54c5a..bee4cfcbf33 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -1123,13 +1123,13 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index c842df62ecee5b..1e6b6b1324624a 100644 +index 7a6455fefb4bed..84460ce0490727 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 require ( - github.com/golang-fips/openssl/v2 v2.0.3 + github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 + github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd @@ -1139,18 +1139,18 @@ index 138066f5f84b68..31b48ffe22c863 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.3 h1:9+J2R0BQio6Jz8+dPZf/0ylISByl0gZWjTEKm+J+y7Y= - github.com/golang-fips/openssl/v2 v2.0.3/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= + github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= + github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 h1:KQsPPal3pKvKzAPTaR7sEriaqrHmRWw0dWG/7E5FNNk= +github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103/go.mod h1:fveERXKbeK+XLmOyU24caKnIT/S5nniAX9XCRHfnrM4= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 26570cdadda16d..b48078b3866fa1 100644 +index e69c1f8901fe74..eb0b0ea4eb4622 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -459,6 +459,10 @@ var depsRules = ` +@@ -460,6 +460,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -1161,7 +1161,7 @@ index 26570cdadda16d..b48078b3866fa1 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -499,6 +503,7 @@ var depsRules = ` +@@ -500,6 +504,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index d3deddb5573..9a63450ecdd 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -5,63 +5,65 @@ Subject: [PATCH] Vendor crypto backends To reproduce, run 'go mod vendor' in 'go/src'. --- - .../golang-fips/openssl/v2/.gitleaks.toml | 9 + - .../github.com/golang-fips/openssl/v2/LICENSE | 20 + - .../golang-fips/openssl/v2/README.md | 66 ++ - .../github.com/golang-fips/openssl/v2/aes.go | 100 +++ - .../golang-fips/openssl/v2/bbig/big.go | 37 + - .../github.com/golang-fips/openssl/v2/big.go | 11 + - .../golang-fips/openssl/v2/cipher.go | 569 +++++++++++++ - .../github.com/golang-fips/openssl/v2/des.go | 113 +++ - .../github.com/golang-fips/openssl/v2/ec.go | 59 ++ - .../github.com/golang-fips/openssl/v2/ecdh.go | 323 +++++++ - .../golang-fips/openssl/v2/ecdsa.go | 217 +++++ - .../golang-fips/openssl/v2/ed25519.go | 218 +++++ - .../github.com/golang-fips/openssl/v2/evp.go | 471 +++++++++++ - .../golang-fips/openssl/v2/goopenssl.c | 218 +++++ - .../golang-fips/openssl/v2/goopenssl.h | 255 ++++++ - .../github.com/golang-fips/openssl/v2/hash.go | 793 ++++++++++++++++++ - .../github.com/golang-fips/openssl/v2/hkdf.go | 174 ++++ - .../github.com/golang-fips/openssl/v2/hmac.go | 238 ++++++ - .../github.com/golang-fips/openssl/v2/init.go | 64 ++ - .../golang-fips/openssl/v2/init_unix.go | 31 + - .../golang-fips/openssl/v2/init_windows.go | 36 + - .../golang-fips/openssl/v2/openssl.go | 419 +++++++++ - .../golang-fips/openssl/v2/pbkdf2.go | 28 + - .../openssl/v2/port_evp_md5_sha1.c | 126 +++ - .../github.com/golang-fips/openssl/v2/rand.go | 20 + - .../github.com/golang-fips/openssl/v2/rc4.go | 66 ++ - .../github.com/golang-fips/openssl/v2/rsa.go | 435 ++++++++++ - .../github.com/golang-fips/openssl/v2/shims.h | 371 ++++++++ - .../golang-fips/openssl/v2/thread_setup.go | 14 + - .../golang-fips/openssl/v2/thread_setup.h | 4 + - .../openssl/v2/thread_setup_unix.c | 61 ++ - .../openssl/v2/thread_setup_windows.c | 64 ++ - .../golang-fips/openssl/v2/tls1prf.go | 104 +++ - .../microsoft/go-crypto-winnative/LICENSE | 21 + - .../microsoft/go-crypto-winnative/cng/aes.go | 389 +++++++++ - .../go-crypto-winnative/cng/bbig/big.go | 31 + - .../microsoft/go-crypto-winnative/cng/big.go | 30 + - .../go-crypto-winnative/cng/cipher.go | 56 ++ - .../microsoft/go-crypto-winnative/cng/cng.go | 130 +++ - .../microsoft/go-crypto-winnative/cng/des.go | 107 +++ - .../microsoft/go-crypto-winnative/cng/ecdh.go | 260 ++++++ - .../go-crypto-winnative/cng/ecdsa.go | 175 ++++ - .../microsoft/go-crypto-winnative/cng/hash.go | 320 +++++++ - .../microsoft/go-crypto-winnative/cng/hkdf.go | 179 ++++ - .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + - .../microsoft/go-crypto-winnative/cng/keys.go | 178 ++++ - .../go-crypto-winnative/cng/pbkdf2.go | 74 ++ - .../microsoft/go-crypto-winnative/cng/rand.go | 28 + - .../microsoft/go-crypto-winnative/cng/rc4.go | 61 ++ - .../microsoft/go-crypto-winnative/cng/rsa.go | 374 +++++++++ - .../go-crypto-winnative/cng/tls1prf.go | 92 ++ - .../internal/bcrypt/bcrypt_windows.go | 284 +++++++ - .../internal/bcrypt/zsyscall_windows.go | 389 +++++++++ - .../internal/subtle/aliasing.go | 32 + - .../internal/sysdll/sys_windows.go | 55 ++ - src/vendor/modules.txt | 11 + - 56 files changed, 9045 insertions(+) + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + + .../golang-fips/openssl/v2/README.md | 66 ++ + .../github.com/golang-fips/openssl/v2/aes.go | 100 ++ + .../golang-fips/openssl/v2/bbig/big.go | 37 + + .../github.com/golang-fips/openssl/v2/big.go | 11 + + .../golang-fips/openssl/v2/cipher.go | 569 +++++++++ + .../github.com/golang-fips/openssl/v2/des.go | 114 ++ + .../github.com/golang-fips/openssl/v2/dsa.go | 348 ++++++ + .../github.com/golang-fips/openssl/v2/ec.go | 59 + + .../github.com/golang-fips/openssl/v2/ecdh.go | 321 +++++ + .../golang-fips/openssl/v2/ecdsa.go | 215 ++++ + .../golang-fips/openssl/v2/ed25519.go | 218 ++++ + .../github.com/golang-fips/openssl/v2/evp.go | 471 ++++++++ + .../golang-fips/openssl/v2/goopenssl.c | 218 ++++ + .../golang-fips/openssl/v2/goopenssl.h | 259 ++++ + .../github.com/golang-fips/openssl/v2/hash.go | 1041 +++++++++++++++++ + .../github.com/golang-fips/openssl/v2/hkdf.go | 190 +++ + .../github.com/golang-fips/openssl/v2/hmac.go | 276 +++++ + .../github.com/golang-fips/openssl/v2/init.go | 64 + + .../golang-fips/openssl/v2/init_unix.go | 31 + + .../golang-fips/openssl/v2/init_windows.go | 36 + + .../golang-fips/openssl/v2/openssl.go | 434 +++++++ + .../golang-fips/openssl/v2/pbkdf2.go | 28 + + .../golang-fips/openssl/v2/port_dsa.c | 85 ++ + .../openssl/v2/port_evp_md5_sha1.c | 126 ++ + .../github.com/golang-fips/openssl/v2/rand.go | 20 + + .../github.com/golang-fips/openssl/v2/rc4.go | 66 ++ + .../github.com/golang-fips/openssl/v2/rsa.go | 443 +++++++ + .../github.com/golang-fips/openssl/v2/shims.h | 392 +++++++ + .../golang-fips/openssl/v2/thread_setup.go | 14 + + .../golang-fips/openssl/v2/thread_setup.h | 4 + + .../openssl/v2/thread_setup_unix.c | 64 + + .../openssl/v2/thread_setup_windows.c | 64 + + .../golang-fips/openssl/v2/tls1prf.go | 104 ++ + .../microsoft/go-crypto-winnative/LICENSE | 21 + + .../microsoft/go-crypto-winnative/cng/aes.go | 389 ++++++ + .../go-crypto-winnative/cng/bbig/big.go | 31 + + .../microsoft/go-crypto-winnative/cng/big.go | 30 + + .../go-crypto-winnative/cng/cipher.go | 56 + + .../microsoft/go-crypto-winnative/cng/cng.go | 130 ++ + .../microsoft/go-crypto-winnative/cng/des.go | 107 ++ + .../microsoft/go-crypto-winnative/cng/ecdh.go | 260 ++++ + .../go-crypto-winnative/cng/ecdsa.go | 175 +++ + .../microsoft/go-crypto-winnative/cng/hash.go | 320 +++++ + .../microsoft/go-crypto-winnative/cng/hkdf.go | 179 +++ + .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + + .../microsoft/go-crypto-winnative/cng/keys.go | 178 +++ + .../go-crypto-winnative/cng/pbkdf2.go | 74 ++ + .../microsoft/go-crypto-winnative/cng/rand.go | 28 + + .../microsoft/go-crypto-winnative/cng/rc4.go | 61 + + .../microsoft/go-crypto-winnative/cng/rsa.go | 374 ++++++ + .../go-crypto-winnative/cng/tls1prf.go | 92 ++ + .../internal/bcrypt/bcrypt_windows.go | 284 +++++ + .../internal/bcrypt/zsyscall_windows.go | 389 ++++++ + .../internal/subtle/aliasing.go | 32 + + .../internal/sysdll/sys_windows.go | 55 + + src/vendor/modules.txt | 11 + + 58 files changed, 9828 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md @@ -70,6 +72,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/big.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/cipher.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/des.go + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/dsa.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ec.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ecdh.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go @@ -85,6 +88,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/init_windows.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/port_dsa.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rand.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rc4.go @@ -975,10 +979,10 @@ index 00000000000000..72f7aebfc130e7 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/des.go b/src/vendor/github.com/golang-fips/openssl/v2/des.go new file mode 100644 -index 00000000000000..71b13333a28513 +index 00000000000000..c98a276ec33fb0 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/des.go -@@ -0,0 +1,113 @@ +@@ -0,0 +1,114 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1014,27 +1018,22 @@ index 00000000000000..71b13333a28513 + if len(key) != 8 { + return nil, errors.New("crypto/des: invalid key size") + } -+ c, err := newEVPCipher(key, cipherDES) -+ if err != nil { -+ return nil, err -+ } -+ // Should always be true for stock OpenSSL. -+ if loadCipher(cipherDES, cipherModeCBC) == nil { -+ return &desCipherWithoutCBC{c}, nil -+ } -+ return &desCipher{c}, nil ++ return newDESCipher(key, cipherDES) +} + +func NewTripleDESCipher(key []byte) (cipher.Block, error) { + if len(key) != 24 { + return nil, errors.New("crypto/des: invalid key size") + } -+ c, err := newEVPCipher(key, cipherDES3) ++ return newDESCipher(key, cipherDES3) ++} ++ ++func newDESCipher(key []byte, kind cipherKind) (cipher.Block, error) { ++ c, err := newEVPCipher(key, kind) + if err != nil { + return nil, err + } -+ // Should always be true for stock OpenSSL. -+ if loadCipher(cipherDES, cipherModeCBC) != nil { ++ if loadCipher(kind, cipherModeCBC) == nil { + return &desCipherWithoutCBC{c}, nil + } + return &desCipher{c}, nil @@ -1086,15 +1085,375 @@ index 00000000000000..71b13333a28513 +} + +func (c *desCipherWithoutCBC) Encrypt(dst, src []byte) { -+ c.encrypt(dst, src) ++ if err := c.encrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } +} + +func (c *desCipherWithoutCBC) Decrypt(dst, src []byte) { -+ c.decrypt(dst, src) ++ if err := c.decrypt(dst, src); err != nil { ++ // crypto/des expects that the panic message starts with "crypto/des: ". ++ panic("crypto/des: " + err.Error()) ++ } ++} +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/dsa.go b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go +new file mode 100644 +index 00000000000000..875533a50fbac5 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go +@@ -0,0 +1,348 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++// #include "goopenssl.h" ++import "C" ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++var ( ++ OSSL_PKEY_PARAM_FFC_PBITS = C.CString("pbits") ++ OSSL_PKEY_PARAM_FFC_QBITS = C.CString("qbits") ++ OSSL_PKEY_PARAM_FFC_P = C.CString("p") ++ OSSL_PKEY_PARAM_FFC_Q = C.CString("q") ++ OSSL_PKEY_PARAM_FFC_G = C.CString("g") ++) ++ ++// SupportsDSA returns true if the OpenSSL library supports DSA. ++func SupportsDSA() bool { ++ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_DSA, nil) ++ if ctx == nil { ++ return false ++ } ++ C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ return true ++} ++ ++// DSAParameters contains the DSA parameters. ++type DSAParameters struct { ++ P, Q, G BigInt ++} ++ ++// PrivateKeyDSA represents a DSA private key. ++type PrivateKeyDSA struct { ++ DSAParameters ++ X, Y BigInt ++ ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey C.GO_EVP_PKEY_PTR ++} ++ ++func (k *PrivateKeyDSA) finalize() { ++ C.go_openssl_EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PrivateKeyDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// PublicKeyDSA represents a DSA public key. ++type PublicKeyDSA struct { ++ DSAParameters ++ Y BigInt ++ ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey C.GO_EVP_PKEY_PTR ++} ++ ++func (k *PublicKeyDSA) finalize() { ++ C.go_openssl_EVP_PKEY_free(k._pkey) ++} ++ ++func (k *PublicKeyDSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// GenerateDSAParameters generates a set of DSA parameters. ++func GenerateDSAParameters(l, n int) (DSAParameters, error) { ++ // The DSA parameters are generated by creating a new DSA key and ++ // extracting the domain parameters from it. ++ ++ // Generate a new DSA key context and set the known parameters. ++ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_DSA, nil) ++ if ctx == nil { ++ return DSAParameters{}, newOpenSSLError("EVP_PKEY_CTX_new_id failed") ++ } ++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ if C.go_openssl_EVP_PKEY_paramgen_init(ctx) != 1 { ++ return DSAParameters{}, newOpenSSLError("EVP_PKEY_paramgen_init failed") ++ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_DSA, -1, C.GO_EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, C.int(l), nil) != 1 { ++ return DSAParameters{}, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") ++ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_DSA, -1, C.GO_EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, C.int(n), nil) != 1 { ++ return DSAParameters{}, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") ++ } ++ var pkey C.GO_EVP_PKEY_PTR ++ if C.go_openssl_EVP_PKEY_paramgen(ctx, &pkey) != 1 { ++ return DSAParameters{}, newOpenSSLError("EVP_PKEY_paramgen failed") ++ } ++ defer C.go_openssl_EVP_PKEY_free(pkey) ++ ++ // Extract the domain parameters from the generated key. ++ var p, q, g C.GO_BIGNUM_PTR ++ switch vMajor { ++ case 1: ++ dsa := getDSA(pkey) ++ if vMinor == 0 { ++ C.go_openssl_DSA_get0_pqg_backport(dsa, &p, &q, &g) ++ } else { ++ C.go_openssl_DSA_get0_pqg(dsa, &p, &q, &g) ++ } ++ case 3: ++ defer func() { ++ C.go_openssl_BN_free(p) ++ C.go_openssl_BN_free(q) ++ C.go_openssl_BN_free(g) ++ }() ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_Q, &q) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g) != 1 { ++ return DSAParameters{}, newOpenSSLError("EVP_PKEY_get_bn_param") ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ ++ return DSAParameters{ ++ P: bnToBig(p), ++ Q: bnToBig(q), ++ G: bnToBig(g), ++ }, nil ++} ++ ++// NewPrivateKeyDSA creates a new DSA private key from the given parameters. ++func NewPrivateKeyDSA(params DSAParameters, x, y BigInt) (*PrivateKeyDSA, error) { ++ if x == nil || y == nil { ++ panic("x and y must not be nil") ++ } ++ pkey, err := newDSA(params, x, y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyDSA{params, x, y, pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) ++ return k, nil ++} ++ ++// NewPublicKeyDSA creates a new DSA public key from the given parameters. ++func NewPublicKeyDSA(params DSAParameters, y BigInt) (*PublicKeyDSA, error) { ++ if y == nil { ++ panic("y must not be nil") ++ } ++ pkey, err := newDSA(params, nil, y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyDSA{params, y, pkey} ++ runtime.SetFinalizer(k, (*PublicKeyDSA).finalize) ++ return k, nil ++} ++ ++// GenerateKeyDSA generates a new private DSA key using the given parameters. ++func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) { ++ pkey, err := newDSA(params, nil, nil) ++ if err != nil { ++ return nil, err ++ } ++ var x, y C.GO_BIGNUM_PTR ++ switch vMajor { ++ case 1: ++ dsa := getDSA(pkey) ++ if vMinor == 0 { ++ C.go_openssl_DSA_get0_key_backport(dsa, &y, &x) ++ } else { ++ C.go_openssl_DSA_get0_key(dsa, &y, &x) ++ } ++ case 3: ++ defer func() { ++ C.go_openssl_BN_clear_free(x) ++ C.go_openssl_BN_free(y) ++ }() ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &y) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &x) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_get_bn_param") ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ k := &PrivateKeyDSA{params, bnToBig(x), bnToBig(y), pkey} ++ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) ++ return k, nil ++} ++ ++// SignDSA signs a hash (which should be the result of hashing a larger message). ++func SignDSA(priv *PrivateKeyDSA, hash []byte) ([]byte, error) { ++ return evpSign(priv.withKey, 0, 0, 0, hash) ++} ++ ++// VerifyDSA verifiessig using the public key, pub. ++func VerifyDSA(pub *PublicKeyDSA, hash []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil ++} ++ ++func newDSA(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { ++ switch vMajor { ++ case 1: ++ return newDSA1(params, x, y) ++ case 3: ++ return newDSA3(params, x, y) ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++func newDSA1(params DSAParameters, x, y BigInt) (pkey C.GO_EVP_PKEY_PTR, err error) { ++ checkMajorVersion(1) ++ ++ dsa := C.go_openssl_DSA_new() ++ if dsa == nil { ++ return nil, newOpenSSLError("DSA_new failed") ++ } ++ defer func() { ++ if pkey == nil { ++ C.go_openssl_DSA_free(dsa) ++ } ++ }() ++ ++ p, q, g := bigToBN(params.P), bigToBN(params.Q), bigToBN(params.G) ++ var ret C.int ++ if vMinor == 0 { ++ ret = C.go_openssl_DSA_set0_pqg_backport(dsa, p, q, g) ++ } else { ++ ret = C.go_openssl_DSA_set0_pqg(dsa, p, q, g) ++ } ++ if ret != 1 { ++ C.go_openssl_BN_free(p) ++ C.go_openssl_BN_free(q) ++ C.go_openssl_BN_free(g) ++ return nil, newOpenSSLError("DSA_set0_pqg failed") ++ } ++ if y != nil { ++ pub, priv := bigToBN(y), bigToBN(x) ++ if vMinor == 0 { ++ ret = C.go_openssl_DSA_set0_key_backport(dsa, pub, priv) ++ } else { ++ ret = C.go_openssl_DSA_set0_key(dsa, pub, priv) ++ } ++ if ret != 1 { ++ C.go_openssl_BN_free(pub) ++ C.go_openssl_BN_clear_free(priv) ++ return nil, newOpenSSLError("DSA_set0_key failed") ++ } ++ } else { ++ if C.go_openssl_DSA_generate_key(dsa) != 1 { ++ return nil, newOpenSSLError("DSA_generate_key failed") ++ } ++ } ++ pkey = C.go_openssl_EVP_PKEY_new() ++ if pkey == nil { ++ return nil, newOpenSSLError("EVP_PKEY_new failed") ++ } ++ if C.go_openssl_EVP_PKEY_assign(pkey, C.GO_EVP_PKEY_DSA, unsafe.Pointer(dsa)) != 1 { ++ C.go_openssl_EVP_PKEY_free(pkey) ++ return nil, newOpenSSLError("EVP_PKEY_assign failed") ++ } ++ return pkey, nil ++} ++ ++func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { ++ checkMajorVersion(3) ++ ++ bld := C.go_openssl_OSSL_PARAM_BLD_new() ++ if bld == nil { ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_new") ++ } ++ defer C.go_openssl_OSSL_PARAM_BLD_free(bld) ++ p, q, g := bigToBN(params.P), bigToBN(params.Q), bigToBN(params.G) ++ defer func() { ++ C.go_openssl_BN_free(p) ++ C.go_openssl_BN_free(q) ++ C.go_openssl_BN_free(g) ++ }() ++ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) != 1 || ++ C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1 || ++ C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) != 1 { ++ ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") ++ } ++ selection := C.int(C.GO_EVP_PKEY_KEYPAIR) ++ if y != nil { ++ pub := bigToBN(y) ++ defer C.go_openssl_BN_free(pub) ++ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub) != 1 { ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") ++ } ++ if x == nil { ++ selection = C.int(C.GO_EVP_PKEY_PUBLIC_KEY) ++ } ++ } ++ if x != nil { ++ priv := bigToBN(x) ++ defer C.go_openssl_BN_clear_free(priv) ++ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1 { ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") ++ } ++ } ++ bldparams := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) ++ if bldparams == nil { ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_to_param") ++ } ++ defer C.go_openssl_OSSL_PARAM_free(bldparams) ++ pkey, err := newEvpFromParams(C.GO_EVP_PKEY_DSA, selection, bldparams) ++ if err != nil { ++ return nil, err ++ } ++ if y != nil { ++ return pkey, nil ++ } ++ // pkey doesn't contain the public component, but the crypto/dsa package ++ // expects it to be always there. Generate a new key using pkey as domain ++ // parameters placeholder. ++ defer C.go_openssl_EVP_PKEY_free(pkey) ++ ctx := C.go_openssl_EVP_PKEY_CTX_new_from_pkey(nil, pkey, nil) ++ if ctx == nil { ++ return nil, newOpenSSLError("EVP_PKEY_CTX_new_from_pkey") ++ } ++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ if C.go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_keygen_init") ++ } ++ var gkey C.GO_EVP_PKEY_PTR ++ if C.go_openssl_EVP_PKEY_keygen(ctx, &gkey) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_keygen") ++ } ++ return gkey, nil ++} ++ ++// getDSA returns the DSA from pkey. ++// If pkey does not contain an DSA it panics. ++// The returned key should not be freed. ++func getDSA(pkey C.GO_EVP_PKEY_PTR) (key C.GO_DSA_PTR) { ++ if vMajor == 1 && vMinor == 0 { ++ if key0 := C.go_openssl_EVP_PKEY_get0(pkey); key0 != nil { ++ key = C.GO_DSA_PTR(key0) ++ } ++ } else { ++ key = C.go_openssl_EVP_PKEY_get0_DSA(pkey) ++ } ++ if key == nil { ++ panic("pkey does not contain an DSA") ++ } ++ return key +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ec.go b/src/vendor/github.com/golang-fips/openssl/v2/ec.go new file mode 100644 -index 00000000000000..eac2f8bbee303c +index 00000000000000..5c253f7eec5358 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ec.go @@ -0,0 +1,59 @@ @@ -1106,11 +1465,11 @@ index 00000000000000..eac2f8bbee303c +import "C" + +var ( -+ paramPubKey = C.CString("pub") -+ paramPrivKey = C.CString("priv") -+ paramGroup = C.CString("group") -+ paramECPubX = C.CString("qx") -+ paramECPubY = C.CString("qy") ++ OSSL_PKEY_PARAM_PUB_KEY = C.CString("pub") ++ OSSL_PKEY_PARAM_PRIV_KEY = C.CString("priv") ++ OSSL_PKEY_PARAM_GROUP_NAME = C.CString("group") ++ OSSL_PKEY_PARAM_EC_PUB_X = C.CString("qx") ++ OSSL_PKEY_PARAM_EC_PUB_Y = C.CString("qy") +) + +func curveNID(curve string) (C.int, error) { @@ -1159,10 +1518,10 @@ index 00000000000000..eac2f8bbee303c +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go new file mode 100644 -index 00000000000000..a1e627eff44699 +index 00000000000000..de5f712f22158f --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -@@ -0,0 +1,323 @@ +@@ -0,0 +1,321 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1292,9 +1651,8 @@ index 00000000000000..a1e627eff44699 +} + +func newECDHPkey1(nid C.int, bytes []byte, isPrivate bool) (pkey C.GO_EVP_PKEY_PTR, err error) { -+ if vMajor != 1 { -+ panic("incorrect vMajor version") -+ } ++ checkMajorVersion(1) ++ + key := C.go_openssl_EC_KEY_new_by_curve_name(nid) + if key == nil { + return nil, newOpenSSLError("EC_KEY_new_by_curve_name") @@ -1331,15 +1689,14 @@ index 00000000000000..a1e627eff44699 +} + +func newECDHPkey3(nid C.int, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, error) { -+ if vMajor != 3 { -+ panic("incorrect vMajor version") -+ } ++ checkMajorVersion(3) ++ + bld := C.go_openssl_OSSL_PARAM_BLD_new() + if bld == nil { + return nil, newOpenSSLError("OSSL_PARAM_BLD_new") + } + defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, paramGroup, C.go_openssl_OBJ_nid2sn(nid), 0) ++ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) + var selection C.int + if isPrivate { + priv := C.go_openssl_BN_bin2bn(base(bytes), C.int(len(bytes)), nil) @@ -1347,14 +1704,14 @@ index 00000000000000..a1e627eff44699 + return nil, newOpenSSLError("BN_bin2bn") + } + defer C.go_openssl_BN_clear_free(priv) -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramPrivKey, priv) != 1 { ++ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1 { + return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") + } + selection = C.GO_EVP_PKEY_KEYPAIR + } else { + cbytes := C.CBytes(bytes) + defer C.free(cbytes) -+ C.go_openssl_OSSL_PARAM_BLD_push_octet_string(bld, paramPubKey, cbytes, C.size_t(len(bytes))) ++ C.go_openssl_OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, cbytes, C.size_t(len(bytes))) + selection = C.GO_EVP_PKEY_PUBLIC_KEY + } + params := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) @@ -1400,7 +1757,7 @@ index 00000000000000..a1e627eff44699 + } + case 3: + var priv C.GO_BIGNUM_PTR -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, paramPrivKey, &priv) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { + return newOpenSSLError("EVP_PKEY_get_bn_param") + } + defer C.go_openssl_BN_clear_free(priv) @@ -1465,7 +1822,7 @@ index 00000000000000..a1e627eff44699 + return nil, nil, newOpenSSLError("EC_KEY_get0_private_key") + } + case 3: -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, paramPrivKey, &priv) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { + return nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") + } + defer C.go_openssl_BN_clear_free(priv) @@ -1488,10 +1845,10 @@ index 00000000000000..a1e627eff44699 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go new file mode 100644 -index 00000000000000..46b16abf483e65 +index 00000000000000..be7e9455f49d47 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -@@ -0,0 +1,217 @@ +@@ -0,0 +1,215 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1534,8 +1891,8 @@ index 00000000000000..46b16abf483e65 + +var errUnknownCurve = errors.New("openssl: unknown elliptic curve") + -+func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) { -+ pkey, err := newECDSAKey(curve, X, Y, nil) ++func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { ++ pkey, err := newECDSAKey(curve, x, y, nil) + if err != nil { + return nil, err + } @@ -1544,8 +1901,8 @@ index 00000000000000..46b16abf483e65 + return k, nil +} + -+func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error) { -+ pkey, err := newECDSAKey(curve, X, Y, D) ++func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { ++ pkey, err := newECDSAKey(curve, x, y, d) + if err != nil { + return nil, err + } @@ -1554,7 +1911,7 @@ index 00000000000000..46b16abf483e65 + return k, nil +} + -+func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) { ++func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { + // Generate the private key. + pkey, err := generateEVPPKey(C.GO_EVP_PKEY_EC, 0, curve) + if err != nil { @@ -1585,9 +1942,9 @@ index 00000000000000..46b16abf483e65 + // Get Z. We don't need to free it, get0 does not increase the reference count. + bd = C.go_openssl_EC_KEY_get0_private_key(key) + case 3: -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, paramECPubX, &bx) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, paramECPubY, &by) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, paramPrivKey, &bd) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &bx) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &by) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &bd) != 1 { + return nil, nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") + } + defer C.go_openssl_BN_clear_free(bd) @@ -1615,7 +1972,7 @@ index 00000000000000..46b16abf483e65 + return evpHashVerify(pub.withKey, h, msg, sig) == nil +} + -+func newECDSAKey(curve string, X, Y, D BigInt) (C.GO_EVP_PKEY_PTR, error) { ++func newECDSAKey(curve string, x, y, d BigInt) (C.GO_EVP_PKEY_PTR, error) { + nid, err := curveNID(curve) + if err != nil { + return nil, err @@ -1626,10 +1983,10 @@ index 00000000000000..46b16abf483e65 + C.go_openssl_BN_free(by) + C.go_openssl_BN_clear_free(bd) + }() -+ bx = bigToBN(X) -+ by = bigToBN(Y) -+ bd = bigToBN(D) -+ if bx == nil || by == nil || (D != nil && bd == nil) { ++ bx = bigToBN(x) ++ by = bigToBN(y) ++ bd = bigToBN(d) ++ if bx == nil || by == nil || (d != nil && bd == nil) { + return nil, newOpenSSLError("BN_lebin2bn failed") + } + switch vMajor { @@ -1643,9 +2000,8 @@ index 00000000000000..46b16abf483e65 +} + +func newECDSAKey1(nid C.int, bx, by, bd C.GO_BIGNUM_PTR) (pkey C.GO_EVP_PKEY_PTR, err error) { -+ if vMajor != 1 { -+ panic("incorrect vMajor version") -+ } ++ checkMajorVersion(1) ++ + key := C.go_openssl_EC_KEY_new_by_curve_name(nid) + if key == nil { + return nil, newOpenSSLError("EC_KEY_new_by_curve_name failed") @@ -1665,9 +2021,8 @@ index 00000000000000..46b16abf483e65 +} + +func newECDSAKey3(nid C.int, bx, by, bd C.GO_BIGNUM_PTR) (C.GO_EVP_PKEY_PTR, error) { -+ if vMajor != 3 { -+ panic("incorrect vMajor version") -+ } ++ checkMajorVersion(3) ++ + // Create the encoded public key public key from bx and by. + pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group C.GO_EC_GROUP_PTR) (C.GO_EC_POINT_PTR, error) { + pt := C.go_openssl_EC_POINT_new(group) @@ -1689,13 +2044,13 @@ index 00000000000000..46b16abf483e65 + return nil, newOpenSSLError("OSSL_PARAM_BLD_new") + } + defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, paramGroup, C.go_openssl_OBJ_nid2sn(nid), 0) ++ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) + cbytes := C.CBytes(pubBytes) + defer C.free(cbytes) -+ C.go_openssl_OSSL_PARAM_BLD_push_octet_string(bld, paramPubKey, cbytes, C.size_t(len(pubBytes))) ++ C.go_openssl_OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, cbytes, C.size_t(len(pubBytes))) + var selection C.int + if bd != nil { -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, paramPrivKey, bd) != 1 { ++ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, bd) != 1 { + return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") + } + selection = C.GO_EVP_PKEY_KEYPAIR @@ -1935,7 +2290,7 @@ index 00000000000000..f74bd8f8d7a993 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go new file mode 100644 -index 00000000000000..a9237a6a0ce9aa +index 00000000000000..fa557d86be71c5 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go @@ -0,0 +1,471 @@ @@ -1961,15 +2316,15 @@ index 00000000000000..a9237a6a0ce9aa +func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR { + var ch crypto.Hash + switch h.(type) { -+ case *sha1Hash: ++ case *sha1Hash, *sha1Marshal: + ch = crypto.SHA1 -+ case *sha224Hash: ++ case *sha224Hash, *sha224Marshal: + ch = crypto.SHA224 -+ case *sha256Hash: ++ case *sha256Hash, *sha256Marshal: + ch = crypto.SHA256 -+ case *sha384Hash: ++ case *sha384Hash, *sha384Marshal: + ch = crypto.SHA384 -+ case *sha512Hash: ++ case *sha512Hash, *sha512Marshal: + ch = crypto.SHA512 + case *sha3_224Hash: + ch = crypto.SHA3_224 @@ -2636,10 +2991,10 @@ index 00000000000000..1e428d5269f997 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h new file mode 100644 -index 00000000000000..e488bf20142010 +index 00000000000000..a50caa3d82312c --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h -@@ -0,0 +1,255 @@ +@@ -0,0 +1,259 @@ +// This header file describes the OpenSSL ABI as built for use in Go. + +#include // size_t @@ -2670,6 +3025,10 @@ index 00000000000000..e488bf20142010 +int go_openssl_thread_setup(void); +void go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch); +const GO_EVP_MD_PTR go_openssl_EVP_md5_sha1_backport(void); ++void go_openssl_DSA_get0_pqg_backport(const GO_DSA_PTR d, GO_BIGNUM_PTR *p, GO_BIGNUM_PTR *q, GO_BIGNUM_PTR *g); ++int go_openssl_DSA_set0_pqg_backport(GO_DSA_PTR d, GO_BIGNUM_PTR p, GO_BIGNUM_PTR q, GO_BIGNUM_PTR g); ++void go_openssl_DSA_get0_key_backport(const GO_DSA_PTR d, GO_BIGNUM_PTR *pub_key, GO_BIGNUM_PTR *priv_key); ++int go_openssl_DSA_set0_key_backport(GO_DSA_PTR d, GO_BIGNUM_PTR pub_key, GO_BIGNUM_PTR priv_key); + +// Define pointers to all the used OpenSSL functions. +// Calling C function pointers from Go is currently not supported. @@ -2898,10 +3257,10 @@ index 00000000000000..e488bf20142010 \ No newline at end of file diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hash.go b/src/vendor/github.com/golang-fips/openssl/v2/hash.go new file mode 100644 -index 00000000000000..646b4ce295896c +index 00000000000000..6fd3a518906004 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hash.go -@@ -0,0 +1,793 @@ +@@ -0,0 +1,1041 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2914,6 +3273,7 @@ index 00000000000000..646b4ce295896c + "hash" + "runtime" + "strconv" ++ "sync" + "unsafe" +) + @@ -3014,18 +3374,50 @@ index 00000000000000..646b4ce295896c + return +} + ++var isMarshallableCache sync.Map ++ ++// isHashMarshallable returns true if the memory layout of cb ++// is known by this library and can therefore be marshalled. ++func isHashMarshallable(ch crypto.Hash) bool { ++ if vMajor == 1 { ++ return true ++ } ++ if v, ok := isMarshallableCache.Load(ch); ok { ++ return v.(bool) ++ } ++ md := cryptoHashToMD(ch) ++ if md == nil { ++ return false ++ } ++ prov := C.go_openssl_EVP_MD_get0_provider(md) ++ if prov == nil { ++ return false ++ } ++ cname := C.go_openssl_OSSL_PROVIDER_get0_name(prov) ++ if cname == nil { ++ return false ++ } ++ name := C.GoString(cname) ++ // We only know the memory layout of the built-in providers. ++ // See evpHash.hashState for more details. ++ marshallable := name == "default" || name == "fips" ++ isMarshallableCache.Store(ch, marshallable) ++ return marshallable ++} ++ +// evpHash implements generic hash methods. +type evpHash struct { + ctx C.GO_EVP_MD_CTX_PTR + // ctx2 is used in evpHash.sum to avoid changing + // the state of ctx. Having it here allows reusing the + // same allocated object multiple times. -+ ctx2 C.GO_EVP_MD_CTX_PTR -+ size int -+ blockSize int ++ ctx2 C.GO_EVP_MD_CTX_PTR ++ size int ++ blockSize int ++ marshallable bool +} + -+func newEvpHash(ch crypto.Hash, size, blockSize int) *evpHash { ++func newEvpHash(ch crypto.Hash) *evpHash { + md := cryptoHashToMD(ch) + if md == nil { + panic("openssl: unsupported hash function: " + strconv.Itoa(int(ch))) @@ -3036,11 +3428,13 @@ index 00000000000000..646b4ce295896c + panic(newOpenSSLError("EVP_DigestInit_ex")) + } + ctx2 := C.go_openssl_EVP_MD_CTX_new() ++ blockSize := int(C.go_openssl_EVP_MD_get_block_size(md)) + h := &evpHash{ -+ ctx: ctx, -+ ctx2: ctx2, -+ size: size, -+ blockSize: blockSize, ++ ctx: ctx, ++ ctx2: ctx2, ++ size: ch.Size(), ++ blockSize: blockSize, ++ marshallable: isHashMarshallable(ch), + } + runtime.SetFinalizer(h, (*evpHash).finalize) + return h @@ -3099,11 +3493,42 @@ index 00000000000000..646b4ce295896c + runtime.KeepAlive(h) +} + ++// clone returns a new evpHash object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *evpHash) clone() (*evpHash, error) { ++ ctx := C.go_openssl_EVP_MD_CTX_new() ++ if ctx == nil { ++ return nil, newOpenSSLError("EVP_MD_CTX_new") ++ } ++ if C.go_openssl_EVP_MD_CTX_copy_ex(ctx, h.ctx) != 1 { ++ C.go_openssl_EVP_MD_CTX_free(ctx) ++ return nil, newOpenSSLError("EVP_MD_CTX_copy") ++ } ++ ctx2 := C.go_openssl_EVP_MD_CTX_new() ++ if ctx2 == nil { ++ C.go_openssl_EVP_MD_CTX_free(ctx) ++ return nil, newOpenSSLError("EVP_MD_CTX_new") ++ } ++ cloned := &evpHash{ ++ ctx: ctx, ++ ctx2: ctx2, ++ size: h.size, ++ blockSize: h.blockSize, ++ marshallable: h.marshallable, ++ } ++ runtime.SetFinalizer(cloned, (*evpHash).finalize) ++ return cloned, nil ++} ++ +// hashState returns a pointer to the internal hash structure. +// +// The EVP_MD_CTX memory layout has changed in OpenSSL 3 +// and the property holding the internal structure is no longer md_data but algctx. +func (h *evpHash) hashState() unsafe.Pointer { ++ if !h.marshallable { ++ panic("openssl: hash state is not marshallable") ++ } + switch vMajor { + case 1: + // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. @@ -3132,7 +3557,7 @@ index 00000000000000..646b4ce295896c +// encoding.BinaryUnmarshaler. +func NewMD4() hash.Hash { + return &md4Hash{ -+ evpHash: newEvpHash(crypto.MD4, 16, 64), ++ evpHash: newEvpHash(crypto.MD4), + } +} + @@ -3146,11 +3571,24 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *md4Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &md4Hash{evpHash: c}, nil ++} ++ +// NewMD5 returns a new MD5 hash. +func NewMD5() hash.Hash { -+ return &md5Hash{ -+ evpHash: newEvpHash(crypto.MD5, 16, 64), ++ h := md5Hash{evpHash: newEvpHash(crypto.MD5)} ++ if h.marshallable { ++ return &md5Marshal{h} + } ++ return &h +} + +// md5State layout is taken from @@ -3172,29 +3610,32 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *md5Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &md5Hash{evpHash: c}, nil ++} ++ +const ( + md5Magic = "md5\x01" + md5MarshaledSize = len(md5Magic) + 4*4 + 64 + 8 +) + -+func (h *md5Hash) MarshalBinary() ([]byte, error) { -+ d := (*md5State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/md5: can't retrieve hash state") -+ } -+ b := make([]byte, 0, md5MarshaledSize) -+ b = append(b, md5Magic...) -+ b = appendUint32(b, d.h[0]) -+ b = appendUint32(b, d.h[1]) -+ b = appendUint32(b, d.h[2]) -+ b = appendUint32(b, d.h[3]) -+ b = append(b, d.x[:d.nx]...) -+ b = b[:len(b)+len(d.x)-int(d.nx)] // already zero -+ b = appendUint64(b, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return b, nil ++type md5Marshal struct { ++ md5Hash ++} ++ ++func (h *md5Marshal) MarshalBinary() ([]byte, error) { ++ buf := make([]byte, 0, md5MarshaledSize) ++ return h.AppendBinary(buf) +} + -+func (h *md5Hash) UnmarshalBinary(b []byte) error { ++func (h *md5Marshal) UnmarshalBinary(b []byte) error { + if len(b) < len(md5Magic) || string(b[:len(md5Magic)]) != md5Magic { + return errors.New("crypto/md5: invalid hash state identifier") + } @@ -3218,11 +3659,30 @@ index 00000000000000..646b4ce295896c + return nil +} + ++func (h *md5Marshal) AppendBinary(buf []byte) ([]byte, error) { ++ d := (*md5State)(h.hashState()) ++ if d == nil { ++ return nil, errors.New("crypto/md5: can't retrieve hash state") ++ } ++ ++ buf = append(buf, md5Magic...) ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} ++ +// NewSHA1 returns a new SHA1 hash. +func NewSHA1() hash.Hash { -+ return &sha1Hash{ -+ evpHash: newEvpHash(crypto.SHA1, 20, 64), ++ h := sha1Hash{evpHash: newEvpHash(crypto.SHA1)} ++ if h.marshallable { ++ return &sha1Marshal{h} + } ++ return &h +} + +type sha1Hash struct { @@ -3235,6 +3695,17 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha1Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha1Hash{evpHash: c}, nil ++} ++ +// sha1State layout is taken from +// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L34. +type sha1State struct { @@ -3249,25 +3720,16 @@ index 00000000000000..646b4ce295896c + sha1MarshaledSize = len(sha1Magic) + 5*4 + 64 + 8 +) + -+func (h *sha1Hash) MarshalBinary() ([]byte, error) { -+ d := (*sha1State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha1: can't retrieve hash state") -+ } -+ b := make([]byte, 0, sha1MarshaledSize) -+ b = append(b, sha1Magic...) -+ b = appendUint32(b, d.h[0]) -+ b = appendUint32(b, d.h[1]) -+ b = appendUint32(b, d.h[2]) -+ b = appendUint32(b, d.h[3]) -+ b = appendUint32(b, d.h[4]) -+ b = append(b, d.x[:d.nx]...) -+ b = b[:len(b)+len(d.x)-int(d.nx)] // already zero -+ b = appendUint64(b, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return b, nil ++type sha1Marshal struct { ++ sha1Hash ++} ++ ++func (h *sha1Marshal) MarshalBinary() ([]byte, error) { ++ buf := make([]byte, 0, sha1MarshaledSize) ++ return h.AppendBinary(buf) +} + -+func (h *sha1Hash) UnmarshalBinary(b []byte) error { ++func (h *sha1Marshal) UnmarshalBinary(b []byte) error { + if len(b) < len(sha1Magic) || string(b[:len(sha1Magic)]) != sha1Magic { + return errors.New("crypto/sha1: invalid hash state identifier") + } @@ -3292,11 +3754,30 @@ index 00000000000000..646b4ce295896c + return nil +} + ++func (h *sha1Marshal) AppendBinary(buf []byte) ([]byte, error) { ++ d := (*sha1State)(h.hashState()) ++ if d == nil { ++ return nil, errors.New("crypto/sha1: can't retrieve hash state") ++ } ++ buf = append(buf, sha1Magic...) ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} ++ +// NewSHA224 returns a new SHA224 hash. +func NewSHA224() hash.Hash { -+ return &sha224Hash{ -+ evpHash: newEvpHash(crypto.SHA224, 224/8, 64), ++ h := sha224Hash{evpHash: newEvpHash(crypto.SHA224)} ++ if h.marshallable { ++ return &sha224Marshal{h} + } ++ return &h +} + +type sha224Hash struct { @@ -3309,11 +3790,24 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha224Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha224Hash{evpHash: c}, nil ++} ++ +// NewSHA256 returns a new SHA256 hash. +func NewSHA256() hash.Hash { -+ return &sha256Hash{ -+ evpHash: newEvpHash(crypto.SHA256, 256/8, 64), ++ h := sha256Hash{evpHash: newEvpHash(crypto.SHA256)} ++ if h.marshallable { ++ return &sha256Marshal{h} + } ++ return &h +} + +type sha256Hash struct { @@ -3326,6 +3820,17 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha256Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha256Hash{evpHash: c}, nil ++} ++ +const ( + magic224 = "sha\x02" + magic256 = "sha\x03" @@ -3341,49 +3846,25 @@ index 00000000000000..646b4ce295896c + nx uint32 +} + -+func (h *sha224Hash) MarshalBinary() ([]byte, error) { -+ d := (*sha256State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha256: can't retrieve hash state") -+ } -+ b := make([]byte, 0, marshaledSize256) -+ b = append(b, magic224...) -+ b = appendUint32(b, d.h[0]) -+ b = appendUint32(b, d.h[1]) -+ b = appendUint32(b, d.h[2]) -+ b = appendUint32(b, d.h[3]) -+ b = appendUint32(b, d.h[4]) -+ b = appendUint32(b, d.h[5]) -+ b = appendUint32(b, d.h[6]) -+ b = appendUint32(b, d.h[7]) -+ b = append(b, d.x[:d.nx]...) -+ b = b[:len(b)+len(d.x)-int(d.nx)] // already zero -+ b = appendUint64(b, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return b, nil -+} -+ -+func (h *sha256Hash) MarshalBinary() ([]byte, error) { -+ d := (*sha256State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha256: can't retrieve hash state") -+ } -+ b := make([]byte, 0, marshaledSize256) -+ b = append(b, magic256...) -+ b = appendUint32(b, d.h[0]) -+ b = appendUint32(b, d.h[1]) -+ b = appendUint32(b, d.h[2]) -+ b = appendUint32(b, d.h[3]) -+ b = appendUint32(b, d.h[4]) -+ b = appendUint32(b, d.h[5]) -+ b = appendUint32(b, d.h[6]) -+ b = appendUint32(b, d.h[7]) -+ b = append(b, d.x[:d.nx]...) -+ b = b[:len(b)+len(d.x)-int(d.nx)] // already zero -+ b = appendUint64(b, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return b, nil -+} -+ -+func (h *sha224Hash) UnmarshalBinary(b []byte) error { ++type sha224Marshal struct { ++ sha224Hash ++} ++ ++type sha256Marshal struct { ++ sha256Hash ++} ++ ++func (h *sha224Marshal) MarshalBinary() ([]byte, error) { ++ buf := make([]byte, 0, marshaledSize256) ++ return h.AppendBinary(buf) ++} ++ ++func (h *sha256Marshal) MarshalBinary() ([]byte, error) { ++ buf := make([]byte, 0, marshaledSize256) ++ return h.AppendBinary(buf) ++} ++ ++func (h *sha224Marshal) UnmarshalBinary(b []byte) error { + if len(b) < len(magic224) || string(b[:len(magic224)]) != magic224 { + return errors.New("crypto/sha256: invalid hash state identifier") + } @@ -3411,7 +3892,7 @@ index 00000000000000..646b4ce295896c + return nil +} + -+func (h *sha256Hash) UnmarshalBinary(b []byte) error { ++func (h *sha256Marshal) UnmarshalBinary(b []byte) error { + if len(b) < len(magic256) || string(b[:len(magic256)]) != magic256 { + return errors.New("crypto/sha256: invalid hash state identifier") + } @@ -3439,11 +3920,53 @@ index 00000000000000..646b4ce295896c + return nil +} + ++func (h *sha224Marshal) AppendBinary(buf []byte) ([]byte, error) { ++ d := (*sha256State)(h.hashState()) ++ if d == nil { ++ return nil, errors.New("crypto/sha256: can't retrieve hash state") ++ } ++ buf = append(buf, magic224...) ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = appendUint32(buf, d.h[5]) ++ buf = appendUint32(buf, d.h[6]) ++ buf = appendUint32(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} ++ ++func (h *sha256Marshal) AppendBinary(buf []byte) ([]byte, error) { ++ d := (*sha256State)(h.hashState()) ++ if d == nil { ++ return nil, errors.New("crypto/sha256: can't retrieve hash state") ++ } ++ buf = append(buf, magic256...) ++ buf = appendUint32(buf, d.h[0]) ++ buf = appendUint32(buf, d.h[1]) ++ buf = appendUint32(buf, d.h[2]) ++ buf = appendUint32(buf, d.h[3]) ++ buf = appendUint32(buf, d.h[4]) ++ buf = appendUint32(buf, d.h[5]) ++ buf = appendUint32(buf, d.h[6]) ++ buf = appendUint32(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) ++ return buf, nil ++} ++ +// NewSHA384 returns a new SHA384 hash. +func NewSHA384() hash.Hash { -+ return &sha384Hash{ -+ evpHash: newEvpHash(crypto.SHA384, 384/8, 128), ++ h := sha384Hash{evpHash: newEvpHash(crypto.SHA384)} ++ if h.marshallable { ++ return &sha384Marshal{h} + } ++ return &h +} + +type sha384Hash struct { @@ -3456,11 +3979,24 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha384Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha384Hash{evpHash: c}, nil ++} ++ +// NewSHA512 returns a new SHA512 hash. +func NewSHA512() hash.Hash { -+ return &sha512Hash{ -+ evpHash: newEvpHash(crypto.SHA512, 512/8, 128), ++ h := sha512Hash{evpHash: newEvpHash(crypto.SHA512)} ++ if h.marshallable { ++ return &sha512Marshal{h} + } ++ return &h +} + +type sha512Hash struct { @@ -3473,6 +4009,17 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha512Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha512Hash{evpHash: c}, nil ++} ++ +// sha512State layout is taken from +// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L95. +type sha512State struct { @@ -3490,49 +4037,25 @@ index 00000000000000..646b4ce295896c + marshaledSize512 = len(magic512) + 8*8 + 128 + 8 +) + -+func (h *sha384Hash) MarshalBinary() ([]byte, error) { -+ d := (*sha512State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha512: can't retrieve hash state") -+ } -+ b := make([]byte, 0, marshaledSize512) -+ b = append(b, magic384...) -+ b = appendUint64(b, d.h[0]) -+ b = appendUint64(b, d.h[1]) -+ b = appendUint64(b, d.h[2]) -+ b = appendUint64(b, d.h[3]) -+ b = appendUint64(b, d.h[4]) -+ b = appendUint64(b, d.h[5]) -+ b = appendUint64(b, d.h[6]) -+ b = appendUint64(b, d.h[7]) -+ b = append(b, d.x[:d.nx]...) -+ b = b[:len(b)+len(d.x)-int(d.nx)] // already zero -+ b = appendUint64(b, d.nl>>3|d.nh<<61) -+ return b, nil -+} -+ -+func (h *sha512Hash) MarshalBinary() ([]byte, error) { -+ d := (*sha512State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha512: can't retrieve hash state") -+ } -+ b := make([]byte, 0, marshaledSize512) -+ b = append(b, magic512...) -+ b = appendUint64(b, d.h[0]) -+ b = appendUint64(b, d.h[1]) -+ b = appendUint64(b, d.h[2]) -+ b = appendUint64(b, d.h[3]) -+ b = appendUint64(b, d.h[4]) -+ b = appendUint64(b, d.h[5]) -+ b = appendUint64(b, d.h[6]) -+ b = appendUint64(b, d.h[7]) -+ b = append(b, d.x[:d.nx]...) -+ b = b[:len(b)+len(d.x)-int(d.nx)] // already zero -+ b = appendUint64(b, d.nl>>3|d.nh<<61) -+ return b, nil -+} -+ -+func (h *sha384Hash) UnmarshalBinary(b []byte) error { ++type sha384Marshal struct { ++ sha384Hash ++} ++ ++type sha512Marshal struct { ++ sha512Hash ++} ++ ++func (h *sha384Marshal) MarshalBinary() ([]byte, error) { ++ buf := make([]byte, 0, marshaledSize512) ++ return h.AppendBinary(buf) ++} ++ ++func (h *sha512Marshal) MarshalBinary() ([]byte, error) { ++ buf := make([]byte, 0, marshaledSize512) ++ return h.AppendBinary(buf) ++} ++ ++func (h *sha384Marshal) UnmarshalBinary(b []byte) error { + if len(b) < len(magic512) { + return errors.New("crypto/sha512: invalid hash state identifier") + } @@ -3563,7 +4086,7 @@ index 00000000000000..646b4ce295896c + return nil +} + -+func (h *sha512Hash) UnmarshalBinary(b []byte) error { ++func (h *sha512Marshal) UnmarshalBinary(b []byte) error { + if len(b) < len(magic512) { + return errors.New("crypto/sha512: invalid hash state identifier") + } @@ -3594,10 +4117,50 @@ index 00000000000000..646b4ce295896c + return nil +} + ++func (h *sha384Marshal) AppendBinary(buf []byte) ([]byte, error) { ++ d := (*sha512State)(h.hashState()) ++ if d == nil { ++ return nil, errors.New("crypto/sha512: can't retrieve hash state") ++ } ++ buf = append(buf, magic384...) ++ buf = appendUint64(buf, d.h[0]) ++ buf = appendUint64(buf, d.h[1]) ++ buf = appendUint64(buf, d.h[2]) ++ buf = appendUint64(buf, d.h[3]) ++ buf = appendUint64(buf, d.h[4]) ++ buf = appendUint64(buf, d.h[5]) ++ buf = appendUint64(buf, d.h[6]) ++ buf = appendUint64(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, d.nl>>3|d.nh<<61) ++ return buf, nil ++} ++ ++func (h *sha512Marshal) AppendBinary(buf []byte) ([]byte, error) { ++ d := (*sha512State)(h.hashState()) ++ if d == nil { ++ return nil, errors.New("crypto/sha512: can't retrieve hash state") ++ } ++ buf = append(buf, magic512...) ++ buf = appendUint64(buf, d.h[0]) ++ buf = appendUint64(buf, d.h[1]) ++ buf = appendUint64(buf, d.h[2]) ++ buf = appendUint64(buf, d.h[3]) ++ buf = appendUint64(buf, d.h[4]) ++ buf = appendUint64(buf, d.h[5]) ++ buf = appendUint64(buf, d.h[6]) ++ buf = appendUint64(buf, d.h[7]) ++ buf = append(buf, d.x[:d.nx]...) ++ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) ++ buf = appendUint64(buf, d.nl>>3|d.nh<<61) ++ return buf, nil ++} ++ +// NewSHA3_224 returns a new SHA3-224 hash. +func NewSHA3_224() hash.Hash { + return &sha3_224Hash{ -+ evpHash: newEvpHash(crypto.SHA3_224, 224/8, 64), ++ evpHash: newEvpHash(crypto.SHA3_224), + } +} + @@ -3611,10 +4174,21 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha3_224Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha3_224Hash{evpHash: c}, nil ++} ++ +// NewSHA3_256 returns a new SHA3-256 hash. +func NewSHA3_256() hash.Hash { + return &sha3_256Hash{ -+ evpHash: newEvpHash(crypto.SHA3_256, 256/8, 64), ++ evpHash: newEvpHash(crypto.SHA3_256), + } +} + @@ -3628,10 +4202,21 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha3_256Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha3_256Hash{evpHash: c}, nil ++} ++ +// NewSHA3_384 returns a new SHA3-384 hash. +func NewSHA3_384() hash.Hash { + return &sha3_384Hash{ -+ evpHash: newEvpHash(crypto.SHA3_384, 384/8, 128), ++ evpHash: newEvpHash(crypto.SHA3_384), + } +} + @@ -3645,10 +4230,21 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha3_384Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha3_384Hash{evpHash: c}, nil ++} ++ +// NewSHA3_512 returns a new SHA3-512 hash. +func NewSHA3_512() hash.Hash { + return &sha3_512Hash{ -+ evpHash: newEvpHash(crypto.SHA3_512, 512/8, 128), ++ evpHash: newEvpHash(crypto.SHA3_512), + } +} + @@ -3662,6 +4258,17 @@ index 00000000000000..646b4ce295896c + return append(in, h.out[:]...) +} + ++// Clone returns a new [hash.Hash] object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *sha3_512Hash) Clone() (hash.Hash, error) { ++ c, err := h.clone() ++ if err != nil { ++ return nil, err ++ } ++ return &sha3_512Hash{evpHash: c}, nil ++} ++ +// appendUint64 appends x into b as a big endian byte sequence. +func appendUint64(b []byte, x uint64) []byte { + return append(b, @@ -3697,10 +4304,10 @@ index 00000000000000..646b4ce295896c +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go new file mode 100644 -index 00000000000000..61cf483fed2cf4 +index 00000000000000..2e4323cc247a78 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,174 @@ +@@ -0,0 +1,190 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -3715,8 +4322,24 @@ index 00000000000000..61cf483fed2cf4 + "unsafe" +) + ++// SupprtHKDF reports whether the current OpenSSL version supports HKDF. +func SupportsHKDF() bool { -+ return versionAtOrAbove(1, 1, 1) ++ switch vMajor { ++ case 1: ++ return versionAtOrAbove(1, 1, 1) ++ case 3: ++ // Some OpenSSL 3 providers don't support HKDF or don't support it via ++ // the EVP_PKEY API, which is the one we use. ++ // See https://github.com/golang-fips/openssl/issues/189. ++ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_HKDF, nil) ++ if ctx == nil { ++ return false ++ } ++ C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ return true ++ default: ++ panic(errUnsupportedVersion()) ++ } +} + +func newHKDF(h func() hash.Hash, mode C.int) (*hkdf, error) { @@ -3877,10 +4500,10 @@ index 00000000000000..61cf483fed2cf4 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hmac.go b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go new file mode 100644 -index 00000000000000..ef8116ce666bd6 +index 00000000000000..02d0d3732b9b61 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -@@ -0,0 +1,238 @@ +@@ -0,0 +1,276 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -3894,12 +4517,7 @@ index 00000000000000..ef8116ce666bd6 + "unsafe" +) + -+var paramDigest = C.CString("digest") -+ -+var ( -+ fetchHMACOnce sync.Once -+ evpHMAC C.GO_EVP_MAC_PTR -+) ++var OSSL_MAC_PARAM_DIGEST = C.CString("digest") + +// NewHMAC returns a new HMAC using OpenSSL. +// The function h must return a hash implemented by @@ -3921,14 +4539,29 @@ index 00000000000000..ef8116ce666bd6 + key = make([]byte, C.GO_EVP_MAX_MD_SIZE) + } + ++ hmac := &opensslHMAC{ ++ size: ch.Size(), ++ blockSize: ch.BlockSize(), ++ } ++ + switch vMajor { + case 1: -+ return newHMAC1(key, ch, md) ++ ctx := newHMAC1(key, md) ++ if ctx.ctx == nil { ++ return nil ++ } ++ hmac.ctx1 = ctx + case 3: -+ return newHMAC3(key, ch, md) ++ ctx := newHMAC3(key, md) ++ if ctx.ctx == nil { ++ return nil ++ } ++ hmac.ctx3 = ctx + default: + panic(errUnsupportedVersion()) + } ++ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) ++ return hmac +} + +// hmacCtx3 is used for OpenSSL 1. @@ -3950,7 +4583,7 @@ index 00000000000000..ef8116ce666bd6 + sum []byte +} + -+func newHMAC1(key []byte, h hash.Hash, md C.GO_EVP_MD_PTR) *opensslHMAC { ++func newHMAC1(key []byte, md C.GO_EVP_MD_PTR) hmacCtx1 { + ctx := hmacCtxNew() + if ctx == nil { + panic("openssl: EVP_MAC_CTX_new failed") @@ -3958,42 +4591,76 @@ index 00000000000000..ef8116ce666bd6 + if C.go_openssl_HMAC_Init_ex(ctx, unsafe.Pointer(&key[0]), C.int(len(key)), md, nil) == 0 { + panic(newOpenSSLError("HMAC_Init_ex failed")) + } -+ hmac := &opensslHMAC{ -+ size: h.Size(), -+ blockSize: h.BlockSize(), -+ ctx1: hmacCtx1{ctx}, -+ } -+ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) -+ return hmac ++ return hmacCtx1{ctx} +} + -+func newHMAC3(key []byte, h hash.Hash, md C.GO_EVP_MD_PTR) *opensslHMAC { -+ fetchHMACOnce.Do(func() { -+ name := C.CString("HMAC") -+ evpHMAC = C.go_openssl_EVP_MAC_fetch(nil, name, nil) -+ C.free(unsafe.Pointer(name)) -+ }) -+ if evpHMAC == nil { ++var hmacDigestsSupported sync.Map ++var fetchHMAC3 = sync.OnceValue(func() C.GO_EVP_MAC_PTR { ++ name := C.CString("HMAC") ++ mac := C.go_openssl_EVP_MAC_fetch(nil, name, nil) ++ C.free(unsafe.Pointer(name)) ++ if mac == nil { + panic("openssl: HMAC not supported") + } -+ ctx := C.go_openssl_EVP_MAC_CTX_new(evpHMAC) -+ if ctx == nil { -+ panic("openssl: EVP_MAC_CTX_new failed") -+ } -+ digest := C.go_openssl_EVP_MD_get0_name(md) ++ return mac ++}) ++ ++func buildHMAC3Params(digest *C.char) C.GO_OSSL_PARAM_PTR { + bld := C.go_openssl_OSSL_PARAM_BLD_new() + if bld == nil { + panic(newOpenSSLError("OSSL_PARAM_BLD_new")) + } + defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, paramDigest, digest, 0) -+ params := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) ++ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_MAC_PARAM_DIGEST, digest, 0) ++ return C.go_openssl_OSSL_PARAM_BLD_to_param(bld) ++} ++ ++func isHMAC3DigestSupported(digest string) bool { ++ if v, ok := hmacDigestsSupported.Load(digest); ok { ++ return v.(bool) ++ } ++ ctx := C.go_openssl_EVP_MAC_CTX_new(fetchHMAC3()) ++ if ctx == nil { ++ panic(newOpenSSLError("EVP_MAC_CTX_new")) ++ } ++ defer C.go_openssl_EVP_MAC_CTX_free(ctx) ++ ++ cdigest := C.CString(digest) ++ defer C.free(unsafe.Pointer(cdigest)) ++ params := buildHMAC3Params(cdigest) + if params == nil { + panic(newOpenSSLError("OSSL_PARAM_BLD_to_param")) + } + defer C.go_openssl_OSSL_PARAM_free(params) ++ ++ supported := C.go_openssl_EVP_MAC_CTX_set_params(ctx, params) != 0 ++ hmacDigestsSupported.Store(digest, supported) ++ return supported ++} ++ ++func newHMAC3(key []byte, md C.GO_EVP_MD_PTR) hmacCtx3 { ++ digest := C.go_openssl_EVP_MD_get0_name(md) ++ if !isHMAC3DigestSupported(C.GoString(digest)) { ++ // The digest is not supported by the HMAC provider. ++ // Don't panic here so the Go standard library to ++ // fall back to the Go implementation. ++ // See https://github.com/golang-fips/openssl/issues/153. ++ return hmacCtx3{} ++ } ++ params := buildHMAC3Params(digest) ++ if params == nil { ++ panic(newOpenSSLError("OSSL_PARAM_BLD_to_param")) ++ } ++ defer C.go_openssl_OSSL_PARAM_free(params) ++ ++ ctx := C.go_openssl_EVP_MAC_CTX_new(fetchHMAC3()) ++ if ctx == nil { ++ panic(newOpenSSLError("EVP_MAC_CTX_new")) ++ } ++ + if C.go_openssl_EVP_MAC_init(ctx, base(key), C.size_t(len(key)), params) == 0 { -+ panic(newOpenSSLError("EVP_MAC_init failed")) ++ C.go_openssl_EVP_MAC_CTX_free(ctx) ++ panic(newOpenSSLError("EVP_MAC_init")) + } + var hkey []byte + if vMinor == 0 && vPatch <= 2 { @@ -4005,13 +4672,7 @@ index 00000000000000..ef8116ce666bd6 + hkey = make([]byte, len(key)) + copy(hkey, key) + } -+ hmac := &opensslHMAC{ -+ size: h.Size(), -+ blockSize: h.BlockSize(), -+ ctx3: hmacCtx3{ctx, hkey}, -+ } -+ runtime.SetFinalizer(hmac, (*opensslHMAC).finalize) -+ return hmac ++ return hmacCtx3{ctx, hkey} +} + +func (h *opensslHMAC) Reset() { @@ -4270,10 +4931,10 @@ index 00000000000000..3778e21227abb9 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go new file mode 100644 -index 00000000000000..691bb16f728c9d +index 00000000000000..1562cee2685bc8 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,419 @@ +@@ -0,0 +1,434 @@ +//go:build !cmd_go_bootstrap + +// Package openssl provides access to OpenSSL cryptographic functions. @@ -4353,6 +5014,13 @@ index 00000000000000..691bb16f728c9d + return errors.New("openssl: OpenSSL version: " + utoa(vMajor) + "." + utoa(vMinor) + "." + utoa(vPatch)) +} + ++// checkMajorVersion panics if the current major version is not expected. ++func checkMajorVersion(expected uint) { ++ if vMajor != expected { ++ panic("openssl: incorrect major version (" + strconv.Itoa(int(vMajor)) + "), expected " + strconv.Itoa(int(expected))) ++ } ++} ++ +type fail string + +func (e fail) Error() string { return "openssl: " + string(e) + " failed" } @@ -4387,6 +5055,14 @@ index 00000000000000..691bb16f728c9d + } +} + ++// isProviderAvailable checks if the provider with the given name is available. ++// This function is used in export_test.go, but must be defined here as test files can't access C functions. ++func isProviderAvailable(name string) bool { ++ providerName := C.CString(name) ++ defer C.free(unsafe.Pointer(providerName)) ++ return C.go_openssl_OSSL_PROVIDER_available(nil, providerName) == 1 ++} ++ +// SetFIPS enables or disables FIPS mode. +// +// For OpenSSL 3, the `fips` provider is loaded if enabled is true, @@ -4566,7 +5242,7 @@ index 00000000000000..691bb16f728c9d +func (z BigInt) byteSwap() { + for i, d := range z { + var n uint = 0 -+ for j := 0; j < wordBytes; j++ { ++ for j := range wordBytes { + n |= uint(byte(d)) << (8 * (wordBytes - j - 1)) + d >>= 8 + } @@ -4668,7 +5344,7 @@ index 00000000000000..691bb16f728c9d + if pad < 0 { + return errors.New("openssl: destination buffer too small") + } -+ for i := 0; i < pad; i++ { ++ for i := range pad { + to[i] = 0 + } + if int(C.go_openssl_BN_bn2bin(bn, base(to[pad:]))) != n { @@ -4727,6 +5403,98 @@ index 00000000000000..a895eab2d54767 + } + return out, nil +} +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/port_dsa.c b/src/vendor/github.com/golang-fips/openssl/v2/port_dsa.c +new file mode 100644 +index 00000000000000..5a948eafdbc6a7 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/port_dsa.c +@@ -0,0 +1,85 @@ ++// The following is a partial backport of crypto/dsa/dsa_lockl.h ++// and crypto/dsa/dsa_lib.c, commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e ++// on the OpenSSL_1_1_0-stable branch. Only pqg and key getters/setters ++// are backported. ++ ++#include "goopenssl.h" ++ ++struct dsa_st ++{ ++ int _ignored0; ++ long _ignored1; ++ int _ignored2; ++ GO_BIGNUM_PTR p; ++ GO_BIGNUM_PTR q; ++ GO_BIGNUM_PTR g; ++ GO_BIGNUM_PTR pub_key; ++ GO_BIGNUM_PTR priv_key; ++ // The following members are not used by our backport, ++ // so we don't define them here. ++}; ++ ++void go_openssl_DSA_get0_pqg_backport(const GO_DSA_PTR dsa, ++ GO_BIGNUM_PTR *p, GO_BIGNUM_PTR *q, GO_BIGNUM_PTR *g) ++{ ++ const struct dsa_st *d = dsa; ++ if (p != NULL) ++ *p = d->p; ++ if (q != NULL) ++ *q = d->q; ++ if (g != NULL) ++ *g = d->g; ++} ++ ++int go_openssl_DSA_set0_pqg_backport(GO_DSA_PTR dsa, ++ GO_BIGNUM_PTR p, GO_BIGNUM_PTR q, GO_BIGNUM_PTR g) ++{ ++ struct dsa_st *d = dsa; ++ if ((d->p == NULL && p == NULL) ++ || (d->q == NULL && q == NULL) ++ || (d->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ go_openssl_BN_free(d->p); ++ d->p = p; ++ } ++ if (q != NULL) { ++ go_openssl_BN_free(d->q); ++ d->q = q; ++ } ++ if (g != NULL) { ++ go_openssl_BN_free(d->g); ++ d->g = g; ++ } ++ ++ return 1; ++} ++ ++void go_openssl_DSA_get0_key_backport(const GO_DSA_PTR dsa, ++ GO_BIGNUM_PTR *pub_key, GO_BIGNUM_PTR *priv_key) ++{ ++ const struct dsa_st *d = dsa; ++ if (pub_key != NULL) ++ *pub_key = d->pub_key; ++ if (priv_key != NULL) ++ *priv_key = d->priv_key; ++} ++ ++int go_openssl_DSA_set0_key_backport(GO_DSA_PTR dsa, GO_BIGNUM_PTR pub_key, GO_BIGNUM_PTR priv_key) ++{ ++ struct dsa_st *d = dsa; ++ if (d->pub_key == NULL && pub_key == NULL) ++ return 0; ++ ++ if (pub_key != NULL) { ++ go_openssl_BN_free(d->pub_key); ++ d->pub_key = pub_key; ++ } ++ if (priv_key != NULL) { ++ go_openssl_BN_free(d->priv_key); ++ d->priv_key = priv_key; ++ } ++ ++ return 1; ++} +\ No newline at end of file diff --git a/src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c new file mode 100644 index 00000000000000..50d49b1f103351 @@ -4959,10 +5727,10 @@ index 00000000000000..f88150591eceb6 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rsa.go b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go new file mode 100644 -index 00000000000000..f28d323adcbb3a +index 00000000000000..4e45b02d88afc0 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go -@@ -0,0 +1,435 @@ +@@ -0,0 +1,443 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -4979,14 +5747,14 @@ index 00000000000000..f28d323adcbb3a +) + +var ( -+ paramRSA_N = C.CString("n") -+ paramRSA_E = C.CString("e") -+ paramRSA_D = C.CString("d") -+ paramRSA_P = C.CString("rsa-factor1") -+ paramRSA_Q = C.CString("rsa-factor2") -+ paramRSA_Dp = C.CString("rsa-exponent1") -+ paramRSA_Dq = C.CString("rsa-exponent2") -+ paramRSA_Qinv = C.CString("rsa-coefficient1") ++ OSSL_PKEY_PARAM_RSA_N = C.CString("n") ++ OSSL_PKEY_PARAM_RSA_E = C.CString("e") ++ OSSL_PKEY_PARAM_RSA_D = C.CString("d") ++ OSSL_PKEY_PARAM_RSA_FACTOR1 = C.CString("rsa-factor1") ++ OSSL_PKEY_PARAM_RSA_FACTOR2 = C.CString("rsa-factor2") ++ OSSL_PKEY_PARAM_RSA_EXPONENT1 = C.CString("rsa-exponent1") ++ OSSL_PKEY_PARAM_RSA_EXPONENT2 = C.CString("rsa-exponent2") ++ OSSL_PKEY_PARAM_RSA_COEFFICIENT1 = C.CString("rsa-coefficient1") +) + +func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { @@ -5038,14 +5806,14 @@ index 00000000000000..f28d323adcbb3a + C.go_openssl_BN_clear(tmp) + return true + } -+ if !(setBigInt(&N, paramRSA_N) && -+ setBigInt(&E, paramRSA_E) && -+ setBigInt(&D, paramRSA_D) && -+ setBigInt(&P, paramRSA_P) && -+ setBigInt(&Q, paramRSA_Q) && -+ setBigInt(&Dp, paramRSA_Dp) && -+ setBigInt(&Dq, paramRSA_Dq) && -+ setBigInt(&Qinv, paramRSA_Qinv)) { ++ if !(setBigInt(&N, OSSL_PKEY_PARAM_RSA_N) && ++ setBigInt(&E, OSSL_PKEY_PARAM_RSA_E) && ++ setBigInt(&D, OSSL_PKEY_PARAM_RSA_D) && ++ setBigInt(&P, OSSL_PKEY_PARAM_RSA_FACTOR1) && ++ setBigInt(&Q, OSSL_PKEY_PARAM_RSA_FACTOR2) && ++ setBigInt(&Dp, OSSL_PKEY_PARAM_RSA_EXPONENT1) && ++ setBigInt(&Dq, OSSL_PKEY_PARAM_RSA_EXPONENT2) && ++ setBigInt(&Qinv, OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { + return bad(err) + } + default: @@ -5059,7 +5827,7 @@ index 00000000000000..f28d323adcbb3a + _pkey C.GO_EVP_PKEY_PTR +} + -+func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) { ++func NewPublicKeyRSA(n, e BigInt) (*PublicKeyRSA, error) { + var pkey C.GO_EVP_PKEY_PTR + switch vMajor { + case 1: @@ -5067,7 +5835,7 @@ index 00000000000000..f28d323adcbb3a + if key == nil { + return nil, newOpenSSLError("RSA_new failed") + } -+ if !rsaSetKey(key, N, E, nil) { ++ if !rsaSetKey(key, n, e, nil) { + return nil, fail("RSA_set0_key") + } + pkey = C.go_openssl_EVP_PKEY_new() @@ -5082,7 +5850,7 @@ index 00000000000000..f28d323adcbb3a + } + case 3: + var err error -+ if pkey, err = newRSAKey3(false, N, E, nil, nil, nil, nil, nil, nil); err != nil { ++ if pkey, err = newRSAKey3(false, n, e, nil, nil, nil, nil, nil, nil); err != nil { + return nil, err + } + default: @@ -5110,7 +5878,7 @@ index 00000000000000..f28d323adcbb3a + _pkey C.GO_EVP_PKEY_PTR +} + -+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error) { ++func NewPrivateKeyRSA(n, e, d, p, q, dp, dq, qinv BigInt) (*PrivateKeyRSA, error) { + var pkey C.GO_EVP_PKEY_PTR + switch vMajor { + case 1: @@ -5118,16 +5886,16 @@ index 00000000000000..f28d323adcbb3a + if key == nil { + return nil, newOpenSSLError("RSA_new failed") + } -+ if !rsaSetKey(key, N, E, D) { ++ if !rsaSetKey(key, n, e, d) { + return nil, fail("RSA_set0_key") + } -+ if P != nil && Q != nil { -+ if !rsaSetFactors(key, P, Q) { ++ if p != nil && q != nil { ++ if !rsaSetFactors(key, p, q) { + return nil, fail("RSA_set0_factors") + } + } -+ if Dp != nil && Dq != nil && Qinv != nil { -+ if !rsaSetCRTParams(key, Dp, Dq, Qinv) { ++ if dp != nil && dq != nil && qinv != nil { ++ if !rsaSetCRTParams(key, dp, dq, qinv) { + return nil, fail("RSA_set0_crt_params") + } + } @@ -5143,7 +5911,7 @@ index 00000000000000..f28d323adcbb3a + } + case 3: + var err error -+ if pkey, err = newRSAKey3(true, N, E, D, P, Q, Dp, Dq, Qinv); err != nil { ++ if pkey, err = newRSAKey3(true, n, e, d, p, q, dp, dq, qinv); err != nil { + return nil, err + } + default: @@ -5299,7 +6067,7 @@ index 00000000000000..f28d323adcbb3a +func rsaSetKey(key C.GO_RSA_PTR, n, e, d BigInt) bool { + if vMajor == 1 && vMinor == 0 { + r := (*rsa_st_1_0_2)(unsafe.Pointer(key)) -+ //r.d and d will be nil for public keys. ++ // r.d and d will be nil for public keys. + if (r.n == nil && n == nil) || + (r.e == nil && e == nil) { + return false @@ -5341,8 +6109,7 @@ index 00000000000000..f28d323adcbb3a + } + return C.go_openssl_RSA_set0_crt_params(key, bigToBN(dmp1), bigToBN(dmq1), bigToBN(iqmp)) == 1 +} -+ -+func newRSAKey3(isPriv bool, N, E, D, P, Q, Dp, Dq, Qinv BigInt) (C.GO_EVP_PKEY_PTR, error) { ++func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (C.GO_EVP_PKEY_PTR, error) { + // Construct the parameters. + bld := C.go_openssl_OSSL_PARAM_BLD_new() + if bld == nil { @@ -5350,7 +6117,7 @@ index 00000000000000..f28d323adcbb3a + } + defer C.go_openssl_OSSL_PARAM_BLD_free(bld) + -+ type bigIntParam struct{ ++ type bigIntParam struct { + name *C.char + num BigInt + } @@ -5358,19 +6125,28 @@ index 00000000000000..f28d323adcbb3a + comps := make([]bigIntParam, 0, 8) + + required := [...]bigIntParam{ -+ {paramRSA_N, N}, {paramRSA_E, E}, {paramRSA_D, D}, ++ {OSSL_PKEY_PARAM_RSA_N, n}, {OSSL_PKEY_PARAM_RSA_E, e}, {OSSL_PKEY_PARAM_RSA_D, d}, + } + comps = append(comps, required[:]...) + -+ // OpenSSL 3.0 and 3.1 required all the precomputed values if -+ // P and Q are present. See: -+ // https://github.com/openssl/openssl/pull/22334 -+ if P != nil && Q != nil && Dp != nil && Dq != nil && Qinv != nil { -+ precomputed := [...]bigIntParam{ -+ {paramRSA_P, P}, {paramRSA_Q, Q}, -+ {paramRSA_Dp, Dp}, {paramRSA_Dq, Dq}, {paramRSA_Qinv, Qinv}, ++ if p != nil && q != nil { ++ allPrecomputedExists := dp != nil && dq != nil && qinv != nil ++ // The precomputed values should only be passed if P and Q are present ++ // and every precomputed value is present. (If any precomputed value is ++ // missing, don't pass any of them.) ++ // ++ // In OpenSSL 3.0 and 3.1, we must also omit P and Q if any precomputed ++ // value is missing. See https://github.com/openssl/openssl/pull/22334 ++ if vMinor >= 2 || allPrecomputedExists { ++ comps = append(comps, bigIntParam{OSSL_PKEY_PARAM_RSA_FACTOR1, p}, bigIntParam{OSSL_PKEY_PARAM_RSA_FACTOR2, q}) ++ } ++ if allPrecomputedExists { ++ comps = append(comps, ++ bigIntParam{OSSL_PKEY_PARAM_RSA_EXPONENT1, dp}, ++ bigIntParam{OSSL_PKEY_PARAM_RSA_EXPONENT2, dq}, ++ bigIntParam{OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv}, ++ ) + } -+ comps = append(comps, precomputed[:]...) + } + + for _, comp := range comps { @@ -5400,10 +6176,10 @@ index 00000000000000..f28d323adcbb3a +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/shims.h new file mode 100644 -index 00000000000000..99656f0cf20a36 +index 00000000000000..2370b6cc128f5e --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/shims.h -@@ -0,0 +1,371 @@ +@@ -0,0 +1,392 @@ +#include // size_t +#include // uint64_t + @@ -5425,9 +6201,10 @@ index 00000000000000..99656f0cf20a36 + GO_EVP_PKEY_TLS1_PRF = 1021, + GO_EVP_PKEY_HKDF = 1036, + GO_EVP_PKEY_ED25519 = 1087, ++ GO_EVP_PKEY_DSA = 116, + /* This is defined differently in OpenSSL 3 (1 << 11), but in our + * code it is only used in OpenSSL 1. -+ */ ++ */ + GO1_EVP_PKEY_OP_DERIVE = (1 << 10), + GO_EVP_MAX_MD_SIZE = 64, + @@ -5482,7 +6259,9 @@ index 00000000000000..99656f0cf20a36 + GO_EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003, + GO_EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005, + GO_EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009, -+ GO_EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A ++ GO_EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A, ++ GO_EVP_PKEY_CTRL_DSA_PARAMGEN_BITS = 0x1001, ++ GO_EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS = 0x1002 +}; + +typedef void* GO_OPENSSL_INIT_SETTINGS_PTR; @@ -5508,6 +6287,7 @@ index 00000000000000..99656f0cf20a36 +typedef void* GO_OSSL_PARAM_PTR; +typedef void* GO_CRYPTO_THREADID_PTR; +typedef void* GO_EVP_SIGNATURE_PTR; ++typedef void* GO_DSA_PTR; + +// #include +typedef void* GO_MD5_CTX_PTR; @@ -5564,6 +6344,7 @@ index 00000000000000..99656f0cf20a36 +// #include +// #include +// #include ++// #include +// #if OPENSSL_VERSION_NUMBER >= 0x30000000L +// #include +// #include @@ -5596,13 +6377,17 @@ index 00000000000000..99656f0cf20a36 +DEFINEFUNC_3_0(int, EVP_default_properties_enable_fips, (GO_OSSL_LIB_CTX_PTR libctx, int enable), (libctx, enable)) \ +DEFINEFUNC_3_0(int, OSSL_PROVIDER_available, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \ +DEFINEFUNC_3_0(GO_OSSL_PROVIDER_PTR, OSSL_PROVIDER_load, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \ ++DEFINEFUNC_3_0(const char *, OSSL_PROVIDER_get0_name, (const GO_OSSL_PROVIDER_PTR prov), (prov)) \ +DEFINEFUNC_3_0(GO_EVP_MD_PTR, EVP_MD_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ +DEFINEFUNC_3_0(void, EVP_MD_free, (GO_EVP_MD_PTR md), (md)) \ +DEFINEFUNC_3_0(const char *, EVP_MD_get0_name, (const GO_EVP_MD_PTR md), (md)) \ ++DEFINEFUNC_3_0(const GO_OSSL_PROVIDER_PTR, EVP_MD_get0_provider, (const GO_EVP_MD_PTR md), (md)) \ ++DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_block_size, EVP_MD_block_size, (const GO_EVP_MD_PTR md), (md)) \ +DEFINEFUNC(int, RAND_bytes, (unsigned char *arg0, int arg1), (arg0, arg1)) \ +DEFINEFUNC_RENAMED_1_1(GO_EVP_MD_CTX_PTR, EVP_MD_CTX_new, EVP_MD_CTX_create, (void), ()) \ +DEFINEFUNC_RENAMED_1_1(void, EVP_MD_CTX_free, EVP_MD_CTX_destroy, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \ +DEFINEFUNC(int, EVP_MD_CTX_copy, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \ ++DEFINEFUNC(int, EVP_MD_CTX_copy_ex, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \ +DEFINEFUNC(int, EVP_Digest, (const void *data, size_t count, unsigned char *md, unsigned int *size, const GO_EVP_MD_PTR type, GO_ENGINE_PTR impl), (data, count, md, size, type, impl)) \ +DEFINEFUNC(int, EVP_DigestInit_ex, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type, GO_ENGINE_PTR impl), (ctx, type, impl)) \ +DEFINEFUNC(int, EVP_DigestInit, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type), (ctx, type)) \ @@ -5686,6 +6471,9 @@ index 00000000000000..99656f0cf20a36 +DEFINEFUNC(int, EVP_PKEY_verify, (GO_EVP_PKEY_CTX_PTR ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen), (ctx, sig, siglen, tbs, tbslen)) \ +DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new, (GO_EVP_PKEY_PTR arg0, GO_ENGINE_PTR arg1), (arg0, arg1)) \ +DEFINEFUNC(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_id, (int id, GO_ENGINE_PTR e), (id, e)) \ ++DEFINEFUNC_3_0(GO_EVP_PKEY_CTX_PTR, EVP_PKEY_CTX_new_from_pkey, (GO_OSSL_LIB_CTX_PTR libctx, GO_EVP_PKEY_PTR pkey, const char *propquery), (libctx, pkey, propquery)) \ ++DEFINEFUNC(int, EVP_PKEY_paramgen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ ++DEFINEFUNC(int, EVP_PKEY_paramgen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \ +DEFINEFUNC(int, EVP_PKEY_keygen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ +DEFINEFUNC(int, EVP_PKEY_keygen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \ +DEFINEFUNC(void, EVP_PKEY_CTX_free, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ @@ -5702,6 +6490,7 @@ index 00000000000000..99656f0cf20a36 +DEFINEFUNC(int, EVP_PKEY_derive, (GO_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen), (ctx, key, keylen)) \ +DEFINEFUNC_LEGACY_1_0(void*, EVP_PKEY_get0, (GO_EVP_PKEY_PTR pkey), (pkey)) \ +DEFINEFUNC_LEGACY_1_1(GO_EC_KEY_PTR, EVP_PKEY_get0_EC_KEY, (GO_EVP_PKEY_PTR pkey), (pkey)) \ ++DEFINEFUNC_LEGACY_1_1(GO_DSA_PTR, EVP_PKEY_get0_DSA, (GO_EVP_PKEY_PTR pkey), (pkey)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_fromdata_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_fromdata, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *pkey, int selection, GO_OSSL_PARAM_PTR params), (ctx, pkey, selection, params)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_set1_encoded_public_key, (GO_EVP_PKEY_PTR pkey, const unsigned char *pub, size_t publen), (pkey, pub, publen)) \ @@ -5746,6 +6535,7 @@ index 00000000000000..99656f0cf20a36 +DEFINEFUNC(void, EC_GROUP_free, (GO_EC_GROUP_PTR group), (group)) \ +DEFINEFUNC_3_0(GO_EVP_MAC_PTR, EVP_MAC_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ +DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_new, (GO_EVP_MAC_PTR arg0), (arg0)) \ ++DEFINEFUNC_3_0(int, EVP_MAC_CTX_set_params, (GO_EVP_MAC_CTX_PTR ctx, const GO_OSSL_PARAM_PTR params), (ctx, params)) \ +DEFINEFUNC_3_0(void, EVP_MAC_CTX_free, (GO_EVP_MAC_CTX_PTR arg0), (arg0)) \ +DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_dup, (const GO_EVP_MAC_CTX_PTR arg0), (arg0)) \ +DEFINEFUNC_3_0(int, EVP_MAC_init, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const GO_OSSL_PARAM_PTR params), (ctx, key, keylen, params)) \ @@ -5774,6 +6564,13 @@ index 00000000000000..99656f0cf20a36 +DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_private_key, (const GO_EVP_PKEY_PTR pkey, unsigned char *priv, size_t *len), (pkey, priv, len)) \ +DEFINEFUNC_3_0(GO_EVP_SIGNATURE_PTR, EVP_SIGNATURE_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ +DEFINEFUNC_3_0(void, EVP_SIGNATURE_free, (GO_EVP_SIGNATURE_PTR signature), (signature)) \ ++DEFINEFUNC_LEGACY_1(GO_DSA_PTR, DSA_new, (void), ()) \ ++DEFINEFUNC_LEGACY_1(void, DSA_free, (GO_DSA_PTR r), (r)) \ ++DEFINEFUNC_LEGACY_1(int, DSA_generate_key, (GO_DSA_PTR a), (a)) \ ++DEFINEFUNC_LEGACY_1_1(void, DSA_get0_pqg, (const GO_DSA_PTR d, const GO_BIGNUM_PTR *p, const GO_BIGNUM_PTR *q, const GO_BIGNUM_PTR *g), (d, p, q, g)) \ ++DEFINEFUNC_LEGACY_1_1(int, DSA_set0_pqg, (GO_DSA_PTR d, GO_BIGNUM_PTR p, GO_BIGNUM_PTR q, GO_BIGNUM_PTR g), (d, p, q, g)) \ ++DEFINEFUNC_LEGACY_1_1(void, DSA_get0_key, (const GO_DSA_PTR d, const GO_BIGNUM_PTR *pub_key, const GO_BIGNUM_PTR *priv_key), (d, pub_key, priv_key)) \ ++DEFINEFUNC_LEGACY_1_1(int, DSA_set0_key, (GO_DSA_PTR d, GO_BIGNUM_PTR pub_key, GO_BIGNUM_PTR priv_key), (d, pub_key, priv_key)) \ + diff --git a/src/vendor/github.com/golang-fips/openssl/v2/thread_setup.go b/src/vendor/github.com/golang-fips/openssl/v2/thread_setup.go new file mode 100644 @@ -5807,10 +6604,10 @@ index 00000000000000..98d12f82a27c37 +extern volatile unsigned int go_openssl_threads_cleaned_up; diff --git a/src/vendor/github.com/golang-fips/openssl/v2/thread_setup_unix.c b/src/vendor/github.com/golang-fips/openssl/v2/thread_setup_unix.c new file mode 100644 -index 00000000000000..53ea9d03d7d54c +index 00000000000000..c837f9cb4dd7a3 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/thread_setup_unix.c -@@ -0,0 +1,61 @@ +@@ -0,0 +1,64 @@ +//go:build unix + +#include "goopenssl.h" @@ -5841,8 +6638,11 @@ index 00000000000000..53ea9d03d7d54c + // per-thread error state, so this function is guaranteed to be executed at + // least once on any thread with associated error state. The thread-local + // variable needs to be set to a non-NULL value so that the destructor will -+ // be called when the thread exits. The actual value does not matter. -+ (void) pthread_setspecific(destructor_key, (void*)1); ++ // be called when the thread exits. ++ // The actual value does not matter, but should be a pointer with a valid size. ++ // See https://github.com/golang-fips/openssl/pull/162 ++ static char stub; ++ (void) pthread_setspecific(destructor_key, &stub); +} + +static void cleanup_thread_state(void *ignored) @@ -9485,12 +10285,12 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 7562f74b39ada6..95f7d5ee47b3c1 100644 +index 7562f74b39ada6..6e996fecefb628 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.3 -+## explicit; go 1.20 ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 ++## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig +# github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 From 3d1cffdf4fcd75881a20d97d9183fc275d1947d6 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 18 Sep 2024 15:00:11 +0200 Subject: [PATCH 015/887] deduplicate hash support check functions --- .../0002-Add-crypto-backend-foundation.patch | 98 ++++++++++-- patches/0005-Add-CNG-crypto-backend.patch | 139 ++++-------------- 2 files changed, 117 insertions(+), 120 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index a8be14fb16f..bf35b0b69b6 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -33,14 +33,14 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rc4/rc4.go | 18 ++ src/crypto/rsa/boring.go | 4 +- src/crypto/rsa/notboring.go | 2 +- - src/crypto/rsa/pkcs1v15.go | 2 +- + src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pkcs1v15_test.go | 5 + - src/crypto/rsa/pss.go | 2 +- + src/crypto/rsa/pss.go | 6 +- src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- src/crypto/sha1/sha1_test.go | 2 +- - src/crypto/sha256/sha256.go | 2 +- + src/crypto/sha256/sha256.go | 14 +- src/crypto/sha256/sha256_test.go | 2 +- src/crypto/sha512/sha512.go | 2 +- src/crypto/sha512/sha512_test.go | 2 +- @@ -55,7 +55,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 51 files changed, 764 insertions(+), 93 deletions(-) + 51 files changed, 776 insertions(+), 101 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -1030,7 +1030,7 @@ index 2abc0436405f8a..34c22c8fbba7da 100644 func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { panic("boringcrypto: not available") diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 2f958022f98584..9e243dcd6b4af8 100644 +index 2f958022f98584..ea3235da18c3f2 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -7,7 +7,7 @@ package rsa @@ -1042,6 +1042,24 @@ index 2f958022f98584..9e243dcd6b4af8 100644 "crypto/internal/randutil" "crypto/subtle" "errors" +@@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ + return nil, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(hash) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -343,7 +343,7 @@ func pkcs1v15ConstructEM(pub *PublicKey, hash crypto.Hash, hashed []byte) ([]byt + // The inputs are not considered confidential, and may leak through timing side + // channels, or if an attacker has control of part of the inputs. + func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(hash) { + bkey, err := boringPublicKey(pub) + if err != nil { + return err diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go index dfa1eddc886ff3..849dafacf93d0f 100644 --- a/src/crypto/rsa/pkcs1v15_test.go @@ -1066,7 +1084,7 @@ index dfa1eddc886ff3..849dafacf93d0f 100644 _, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) if err == nil { diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index e996e7aaa36b9c..89c5afd83de88a 100644 +index e996e7aaa36b9c..55ca642491ec03 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -9,7 +9,7 @@ package rsa @@ -1078,6 +1096,24 @@ index e996e7aaa36b9c..89c5afd83de88a 100644 "errors" "hash" "io" +@@ -296,7 +296,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, + // well-specified number of random bytes is included in the signature, in a + // well-specified way. + +- if boring.Enabled && rand == boring.RandReader { ++ if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -342,7 +342,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, + // The inputs are not considered confidential, and may leak through timing side + // channels, or if an attacker has control of part of the inputs. + func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(hash) { + bkey, err := boringPublicKey(pub) + if err != nil { + return err diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 4d78d1eaaa6be0..614e63324c2b46 100644 --- a/src/crypto/rsa/rsa.go @@ -1134,7 +1170,7 @@ index 634ab9de1ba4cb..d0a9b1b46727fa 100644 "crypto/rand" "encoding" diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 68244fd63b0c1e..02c597d785ef68 100644 +index 68244fd63b0c1e..2297c2aa71c288 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -8,7 +8,7 @@ package sha256 @@ -1146,6 +1182,46 @@ index 68244fd63b0c1e..02c597d785ef68 100644 "errors" "hash" "internal/byteorder" +@@ -153,7 +153,7 @@ func New() hash.Hash { + + // New224 returns a new hash.Hash computing the SHA224 checksum. + func New224() hash.Hash { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(crypto.SHA224) { + return boring.NewSHA224() + } + d := new(digest) +@@ -172,7 +172,9 @@ func (d *digest) Size() int { + func (d *digest) BlockSize() int { return BlockSize } + + func (d *digest) Write(p []byte) (nn int, err error) { +- boring.Unreachable() ++ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) { ++ boring.Unreachable() ++ } + nn = len(p) + d.len += uint64(nn) + if d.nx > 0 { +@@ -196,7 +198,9 @@ func (d *digest) Write(p []byte) (nn int, err error) { + } + + func (d *digest) Sum(in []byte) []byte { +- boring.Unreachable() ++ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) { ++ boring.Unreachable() ++ } + // Make a copy of d so that caller can keep writing and summing. + d0 := *d + hash := d0.checkSum() +@@ -257,7 +261,7 @@ func Sum256(data []byte) [Size]byte { + + // Sum224 returns the SHA224 checksum of the data. + func Sum224(data []byte) [Size224]byte { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(crypto.SHA224) { + return boring.SHA224(data) + } + var d digest diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go index d91f01e9ba3a5f..755ed4d238ee5a 100644 --- a/src/crypto/sha256/sha256_test.go @@ -1601,10 +1677,10 @@ index 33fd0ed52b1ff6..ffc3eeca9dbf95 100644 k, err := rsa.GenerateKey(rand.Reader, size) if err != nil { diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 9146cae492e8ac..6eea04ef9269af 100644 +index 441cf8d051c934..ca6a512bf95c7e 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -447,7 +447,9 @@ var depsRules = ` +@@ -448,7 +448,9 @@ var depsRules = ` # CRYPTO is core crypto algorithms - no cgo, fmt, net. crypto/internal/boring/sig, @@ -1614,7 +1690,7 @@ index 9146cae492e8ac..6eea04ef9269af 100644 golang.org/x/sys/cpu, hash, embed < crypto -@@ -458,6 +460,7 @@ var depsRules = ` +@@ -459,6 +461,7 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache < crypto/internal/boring @@ -1622,7 +1698,7 @@ index 9146cae492e8ac..6eea04ef9269af 100644 < crypto/boring; crypto/internal/alias -@@ -495,6 +498,7 @@ var depsRules = ` +@@ -496,6 +499,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 5fed3d54c5a..935abac58ee 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + src/crypto/internal/backend/cng_windows.go | 280 ++++++++++++++++++ - src/crypto/internal/backend/common.go | 33 ++- + src/crypto/internal/backend/common.go | 21 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/md5/md5_test.go | 7 + @@ -22,13 +22,12 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/rsa/boring.go | 2 +- src/crypto/rsa/boring_test.go | 2 +- src/crypto/rsa/notboring.go | 2 +- - src/crypto/rsa/pkcs1v15.go | 16 +- - src/crypto/rsa/pss.go | 11 +- + src/crypto/rsa/pkcs1v15.go | 6 +- + src/crypto/rsa/pss.go | 8 +- src/crypto/rsa/pss_test.go | 2 +- src/crypto/rsa/rsa.go | 15 +- src/crypto/rsa/rsa_test.go | 8 +- src/crypto/sha1/sha1_test.go | 7 + - src/crypto/sha256/sha256.go | 12 +- src/crypto/sha256/sha256_test.go | 10 + src/crypto/sha512/sha512_test.go | 10 + src/crypto/tls/boring.go | 2 +- @@ -49,7 +48,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 45 files changed, 495 insertions(+), 40 deletions(-) + 44 files changed, 463 insertions(+), 35 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -477,20 +476,18 @@ index 00000000000000..3d3d13709de5ac + panic("cryptobackend: not available") +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index efdd080a1b7708..9d7f7b849d6485 100644 +index efdd080a1b7708..41e1e0cc69ec57 100644 --- a/src/crypto/internal/backend/common.go +++ b/src/crypto/internal/backend/common.go -@@ -5,7 +5,9 @@ - package backend +@@ -6,6 +6,7 @@ package backend import ( -+ "crypto" "crypto/internal/boring/sig" + "internal/goexperiment" "runtime" "syscall" ) -@@ -67,7 +69,11 @@ func hasSuffix(s, t string) bool { +@@ -67,7 +68,11 @@ func hasSuffix(s, t string) bool { // UnreachableExceptTests marks code that should be unreachable // when backend is in use. It panics. func UnreachableExceptTests() { @@ -503,7 +500,7 @@ index efdd080a1b7708..9d7f7b849d6485 100644 name := runtime_arg0() // If ran on Windows we'd need to allow _test.exe and .test.exe as well. if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { -@@ -76,3 +82,28 @@ func UnreachableExceptTests() { +@@ -76,3 +81,17 @@ func UnreachableExceptTests() { } } } @@ -515,23 +512,12 @@ index efdd080a1b7708..9d7f7b849d6485 100644 + return true +} + -+func IsHashSupported(h crypto.Hash) bool { -+ if goexperiment.CNGCrypto { -+ return h != crypto.MD5SHA1 -+ } -+ return true -+} -+ +func IsSaltSupported(salt int) bool { + if goexperiment.CNGCrypto { + return salt != 0 // rsa.PSSSaltLengthAuto + } + return true +} -+ -+func IsP224Supported() bool { -+ return !goexperiment.CNGCrypto -+} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index 1dc7116efdff2e..b4c321d1d2babb 100644 --- a/src/crypto/internal/boring/fipstls/stub.s @@ -653,87 +639,66 @@ index 933ac569e034a8..0f152b210fdd84 100644 package rsa diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 9e243dcd6b4af8..e4bba544ff12ac 100644 +index ea3235da18c3f2..4b90f2c0e6ecf4 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go -@@ -95,7 +95,9 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b +@@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b return nil, err } - if boring.Enabled { -+ if boring.Enabled && -+ boring.IsRSAKeySupported(len(priv.Primes)) { -+ ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -189,7 +191,9 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, +@@ -189,7 +189,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, return } - if boring.Enabled { -+ if boring.Enabled && -+ boring.IsRSAKeySupported(len(priv.Primes)) { -+ ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { var bkey *boring.PrivateKeyRSA bkey, err = boringPrivateKey(priv) if err != nil { -@@ -293,7 +297,9 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ +@@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ return nil, err } -- if boring.Enabled { -+ if boring.Enabled && -+ boring.IsHashSupported(hash) && boring.IsRSAKeySupported(len(priv.Primes)) { -+ +- if boring.Enabled && boring.SupportsHash(hash) { ++ if boring.Enabled && boring.SupportsHash(hash) && boring.IsRSAKeySupported(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -343,7 +349,9 @@ func pkcs1v15ConstructEM(pub *PublicKey, hash crypto.Hash, hashed []byte) ([]byt - // The inputs are not considered confidential, and may leak through timing side - // channels, or if an attacker has control of part of the inputs. - func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error { -- if boring.Enabled { -+ if boring.Enabled && -+ boring.IsHashSupported(hash) { -+ - bkey, err := boringPublicKey(pub) - if err != nil { - return err diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 89c5afd83de88a..e9e80bcf7e6a26 100644 +index 55ca642491ec03..7ff4d5150d1ddc 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go -@@ -214,7 +214,9 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([ +@@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([ return nil, err } - if boring.Enabled { -+ if boring.Enabled && -+ boring.IsRSAKeySupported(len(priv.Primes)) { -+ ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -295,8 +297,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - // it's probably relied upon by some. It's a tolerable promise because a +@@ -296,7 +296,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, // well-specified number of random bytes is included in the signature, in a // well-specified way. -+ if boring.Enabled && rand == boring.RandReader && -+ boring.IsHashSupported(hash) && boring.IsRSAKeySupported(len(priv.Primes)) { -- if boring.Enabled && rand == boring.RandReader { +- if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) { ++ if boring.Enabled && rand == boring.RandReader && ++ boring.SupportsHash(hash) && boring.IsRSAKeySupported(len(priv.Primes)) { ++ bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -342,7 +345,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, +@@ -342,7 +344,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, // The inputs are not considered confidential, and may leak through timing side // channels, or if an attacker has control of part of the inputs. func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { -- if boring.Enabled { -+ if boring.Enabled && -+ boring.IsSaltSupported(opts.saltLength()) && boring.IsHashSupported(hash) { -+ +- if boring.Enabled && boring.SupportsHash(hash) { ++ if boring.Enabled && boring.IsSaltSupported(opts.saltLength()) && boring.SupportsHash(hash) { bkey, err := boringPublicKey(pub) if err != nil { return err @@ -862,50 +827,6 @@ index d0a9b1b46727fa..10ea3e8eeb6efd 100644 for i, test := range largeUnmarshalTests { h := New() -diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 02c597d785ef68..268f1fdd49ecd3 100644 ---- a/src/crypto/sha256/sha256.go -+++ b/src/crypto/sha256/sha256.go -@@ -153,7 +153,7 @@ func New() hash.Hash { - - // New224 returns a new hash.Hash computing the SHA224 checksum. - func New224() hash.Hash { -- if boring.Enabled { -+ if boring.Enabled && boring.IsP224Supported() { - return boring.NewSHA224() - } - d := new(digest) -@@ -172,7 +172,9 @@ func (d *digest) Size() int { - func (d *digest) BlockSize() int { return BlockSize } - - func (d *digest) Write(p []byte) (nn int, err error) { -- boring.Unreachable() -+ if boring.Enabled && (!d.is224 || boring.IsP224Supported()) { -+ boring.Unreachable() -+ } - nn = len(p) - d.len += uint64(nn) - if d.nx > 0 { -@@ -196,7 +198,9 @@ func (d *digest) Write(p []byte) (nn int, err error) { - } - - func (d *digest) Sum(in []byte) []byte { -- boring.Unreachable() -+ if boring.Enabled && (!d.is224 || boring.IsP224Supported()) { -+ boring.Unreachable() -+ } - // Make a copy of d so that caller can keep writing and summing. - d0 := *d - hash := d0.checkSum() -@@ -257,7 +261,7 @@ func Sum256(data []byte) [Size]byte { - - // Sum224 returns the SHA224 checksum of the data. - func Sum224(data []byte) [Size224]byte { -- if boring.Enabled { -+ if boring.Enabled && boring.IsP224Supported() { - return boring.SHA224(data) - } - var d digest diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go index 755ed4d238ee5a..b7212e3f3c2175 100644 --- a/src/crypto/sha256/sha256_test.go @@ -1147,10 +1068,10 @@ index 138066f5f84b68..31b48ffe22c863 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 26570cdadda16d..b48078b3866fa1 100644 +index e69c1f8901fe74..eb0b0ea4eb4622 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -459,6 +459,10 @@ var depsRules = ` +@@ -460,6 +460,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -1161,7 +1082,7 @@ index 26570cdadda16d..b48078b3866fa1 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -499,6 +503,7 @@ var depsRules = ` +@@ -500,6 +504,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big From 608c262fb6762c7e4a88187c9c2d1abd6dd18858 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 18 Sep 2024 16:17:27 +0200 Subject: [PATCH 016/887] fix rsa unreachable --- .../0002-Add-crypto-backend-foundation.patch | 42 +++++++++++++++++-- patches/0005-Add-CNG-crypto-backend.patch | 40 ++---------------- 2 files changed, 42 insertions(+), 40 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index bf35b0b69b6..9f0f0f591ae 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -36,7 +36,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pkcs1v15_test.go | 5 + src/crypto/rsa/pss.go | 6 +- - src/crypto/rsa/rsa.go | 4 +- + src/crypto/rsa/rsa.go | 19 +- src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- src/crypto/sha1/sha1_test.go | 2 +- @@ -55,7 +55,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 51 files changed, 776 insertions(+), 101 deletions(-) + 51 files changed, 789 insertions(+), 103 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -1115,10 +1115,10 @@ index e996e7aaa36b9c..55ca642491ec03 100644 if err != nil { return err diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 4d78d1eaaa6be0..614e63324c2b46 100644 +index 4d78d1eaaa6be0..e34efc550e3f90 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go -@@ -26,9 +26,9 @@ package rsa +@@ -26,14 +26,15 @@ package rsa import ( "crypto" @@ -1130,6 +1130,40 @@ index 4d78d1eaaa6be0..614e63324c2b46 100644 "crypto/internal/randutil" "crypto/rand" "crypto/subtle" + "errors" + "hash" ++ "internal/goexperiment" + "io" + "math" + "math/big" +@@ -479,7 +480,13 @@ func mgf1XOR(out []byte, hash hash.Hash, seed []byte) { + var ErrMessageTooLong = errors.New("crypto/rsa: message too long for RSA key size") + + func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { +- boring.Unreachable() ++ if goexperiment.BoringCrypto { ++ // encrypt is reached when the hash function or the salt length ++ // are not supported by the crypto backend. BoringCrypto does ++ // support everything, so use it to check that we don't ++ // accidentally reach this code path. ++ boring.Unreachable() ++ } + + N, err := bigmod.NewModulusFromBig(pub.N) + if err != nil { +@@ -638,7 +645,11 @@ const noCheck = false + // m^e is calculated and compared with ciphertext, in order to defend against + // errors in the CRT computation. + func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error) { +- if len(priv.Primes) <= 2 { ++ if goexperiment.BoringCrypto { ++ // decrypt is reached when the hash function or the number of primers ++ // are not supported by the crypto backend. BoringCrypto does ++ // support everything, so use it to check that we don't ++ // accidentally reach this code path. + boring.Unreachable() + } + diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go index 2afa045a3a0bd2..86466e67e87eeb 100644 --- a/src/crypto/rsa/rsa_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 935abac58ee..3bab956285b 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -25,7 +25,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pss.go | 8 +- src/crypto/rsa/pss_test.go | 2 +- - src/crypto/rsa/rsa.go | 15 +- + src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 8 +- src/crypto/sha1/sha1_test.go | 7 + src/crypto/sha256/sha256_test.go | 10 + @@ -48,7 +48,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 44 files changed, 463 insertions(+), 35 deletions(-) + 44 files changed, 454 insertions(+), 33 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -716,42 +716,10 @@ index 7e908d4389d506..9a8311568c806e 100644 t.Fatal(err) } diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 614e63324c2b46..faa47afc515ff4 100644 +index e34efc550e3f90..e625afdde29279 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go -@@ -34,6 +34,7 @@ import ( - "crypto/subtle" - "errors" - "hash" -+ "internal/goexperiment" - "io" - "math" - "math/big" -@@ -479,7 +480,11 @@ func mgf1XOR(out []byte, hash hash.Hash, seed []byte) { - var ErrMessageTooLong = errors.New("crypto/rsa: message too long for RSA key size") - - func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { -- boring.Unreachable() -+ if !goexperiment.CNGCrypto { -+ // CNGCrypto calls encrypt() when the salt length -+ // or the hash function are not supported. -+ boring.Unreachable() -+ } - - N, err := bigmod.NewModulusFromBig(pub.N) - if err != nil { -@@ -638,7 +643,9 @@ const noCheck = false - // m^e is calculated and compared with ciphertext, in order to defend against - // errors in the CRT computation. - func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error) { -- if len(priv.Primes) <= 2 { -+ if len(priv.Primes) <= 2 && !goexperiment.CNGCrypto { -+ // CNGCrypto calls decrypt() when the salt length -+ // or the hash function are not supported. - boring.Unreachable() - } - -@@ -718,7 +725,9 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci +@@ -729,7 +729,9 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci return nil, ErrDecryption } From d252e5c638dd957ad330442ec9e4450df649211e Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 18 Sep 2024 17:03:32 +0200 Subject: [PATCH 017/887] fix zero hash case --- patches/0002-Add-crypto-backend-foundation.patch | 8 ++++---- patches/0005-Add-CNG-crypto-backend.patch | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 9f0f0f591ae..6507170b41a 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -1030,7 +1030,7 @@ index 2abc0436405f8a..34c22c8fbba7da 100644 func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { panic("boringcrypto: not available") diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 2f958022f98584..ea3235da18c3f2 100644 +index 2f958022f98584..552c6886813f46 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -7,7 +7,7 @@ package rsa @@ -1047,7 +1047,7 @@ index 2f958022f98584..ea3235da18c3f2 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.SupportsHash(hash) { ++ if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1056,7 +1056,7 @@ index 2f958022f98584..ea3235da18c3f2 100644 // channels, or if an attacker has control of part of the inputs. func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error { - if boring.Enabled { -+ if boring.Enabled && boring.SupportsHash(hash) { ++ if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) { bkey, err := boringPublicKey(pub) if err != nil { return err @@ -1115,7 +1115,7 @@ index e996e7aaa36b9c..55ca642491ec03 100644 if err != nil { return err diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 4d78d1eaaa6be0..e34efc550e3f90 100644 +index 4d78d1eaaa6be0..c3753872872cce 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -26,14 +26,15 @@ package rsa diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 3bab956285b..162013280cf 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -639,7 +639,7 @@ index 933ac569e034a8..0f152b210fdd84 100644 package rsa diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index ea3235da18c3f2..4b90f2c0e6ecf4 100644 +index 552c6886813f46..7b3c9211992f6b 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b @@ -664,8 +664,8 @@ index ea3235da18c3f2..4b90f2c0e6ecf4 100644 return nil, err } -- if boring.Enabled && boring.SupportsHash(hash) { -+ if boring.Enabled && boring.SupportsHash(hash) && boring.IsRSAKeySupported(len(priv.Primes)) { +- if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) { ++ if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) && boring.IsRSAKeySupported(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -716,7 +716,7 @@ index 7e908d4389d506..9a8311568c806e 100644 t.Fatal(err) } diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index e34efc550e3f90..e625afdde29279 100644 +index c3753872872cce..e0f6cd17900e10 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -729,7 +729,9 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci From a61ad4c40c19f952981ca5dfc1e40b55a3c25ee2 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 18 Sep 2024 18:00:52 +0200 Subject: [PATCH 018/887] boring supports crypto.MD5SHA1 --- patches/0003-Add-BoringSSL-crypto-backend.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index a9e5bb2cbee..75a7a08b4f0 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -59,7 +59,7 @@ index 00000000000000..7c5fbeea717618 + +func SupportsHash(h crypto.Hash) bool { + switch h { -+ case crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512: ++ case crypto.MD5SHA1, crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512: + return true + default: + return false From a4aa3c3b71ae344e712e2db6b4bff6ee336134fd Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 20 Sep 2024 12:53:53 +0200 Subject: [PATCH 019/887] run gh codeql only for eng/_utils --- .github/workflows/codeql.yml | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 408662547a2..a5f294d5682 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -18,13 +18,6 @@ jobs: permissions: security-events: write - strategy: - fail-fast: false - matrix: - language: - - 'cpp' - - 'go' - steps: - name: Checkout repository uses: actions/checkout@v4 @@ -32,13 +25,14 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} - build-mode: manual + languages: go - - run: pwsh eng/run.ps1 submodule-refresh -shallow - - run: pwsh eng/run.ps1 build + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + with: + working-directory: eng/_util - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: - category: /language:${{matrix.language}} \ No newline at end of file + category: /language:go \ No newline at end of file From 9875b1d54bb65f5686b70d0913098258e2f7c51f Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 18 Sep 2024 12:18:12 +0200 Subject: [PATCH 020/887] bump stage0 to go1.22.6 --- eng/utilities.ps1 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/eng/utilities.ps1 b/eng/utilities.ps1 index b8bfc5ca3cc..e95e586668b 100644 --- a/eng/utilities.ps1 +++ b/eng/utilities.ps1 @@ -24,17 +24,17 @@ function Get-Stage0GoRoot() { # pre-installed. This CI script installs a consistent, official version of Go to a directory in # $HOME to handle this. This also makes it easier to locally repro issues in CI that involve a # specific version of Go. The downloaded copy of Go is called the "stage 0" version. - $stage0_go_version = '1.20.6' + $stage0_go_version = '1.22.6' $proc_arch = ([System.Runtime.InteropServices.RuntimeInformation]::ProcessArchitecture).ToString().ToLowerInvariant() if ($IsWindows) { switch ($proc_arch) { 'x64' { - $stage0_go_sha256 = 'b67dd7f2b4589701e53c98e348e1b4d9a7c3536dc316941172b2f0b60ae4ce5f' + $stage0_go_sha256 = '6023083a6e4d3199b44c37e9ba7b25d9674da20fd846a35ee5f9589d81c21a6a' $stage0_go_suffix = 'windows-amd64.zip' } 'arm64' { - $stage0_go_sha256 = '9027e52be386e779ef1a0c938994ee2361689496ac832100407238f5ed0fd82a' + $stage0_go_sha256 = '7cf55f357ba8116cd3bff992980e20a704ba451b3dab341cf1787b133d900512' $stage0_go_suffix = 'windows-arm64.zip' } Default { throw "Unable to match Windows '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } @@ -42,11 +42,11 @@ function Get-Stage0GoRoot() { } elseif ($IsLinux) { switch ($proc_arch) { 'x64' { - $stage0_go_sha256 = 'b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb' + $stage0_go_sha256 = '999805bed7d9039ec3da1a53bfbcafc13e367da52aa823cb60b68ba22d44c616' $stage0_go_suffix = 'linux-amd64.tar.gz' } 'arm64' { - $stage0_go_sha256 = '4e15ab37556e979181a1a1cc60f6d796932223a0f5351d7c83768b356f84429b' + $stage0_go_sha256 = 'c15fa895341b8eaf7f219fada25c36a610eb042985dc1a912410c1c90098eaf2' $stage0_go_suffix = 'linux-arm64.tar.gz' } Default { throw "Unable to match Linux '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } From 708063d2ce584dbd03cb70d9b5f29db955a632df Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 23 Sep 2024 10:03:48 +0200 Subject: [PATCH 021/887] Update .github/workflows/codeql.yml Co-authored-by: Martijn Verburg --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a5f294d5682..779e872958e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,7 @@ jobs: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: working-directory: eng/_util From acc3204cf06d8ef5aa0f571fbe8e873b03826da3 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 23 Sep 2024 10:04:37 +0200 Subject: [PATCH 022/887] Update codeql.yml --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 779e872958e..3e6fab493f9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: languages: go @@ -33,6 +33,6 @@ jobs: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: - category: /language:go \ No newline at end of file + category: /language:go From 4d0e8cadcd7bd9b588bc4414bbdfe3984b2509d8 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 24 Sep 2024 07:56:51 +0200 Subject: [PATCH 023/887] Update codeql.yml --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3e6fab493f9..4a92e3f76d1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 From ef08af6238d62d1c01a744d08b31652f4aca698c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 10:55:35 +0000 Subject: [PATCH 024/887] Bump github/codeql-action from 3.26.8 to 3.26.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.8 to 3.26.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/294a9d92911152fe08befb9ec03e240add280cb3...461ef6c76dfe95d5c364de2f431ddbd31a417628) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4a92e3f76d1..a434d5e5699 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: category: /language:go From 684de312793804f59c32ef7440dda2ac05ccacda Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 25 Sep 2024 16:07:51 +0000 Subject: [PATCH 025/887] Update submodule to latest master (6cb10745): runtime: print fatal messages without interleaving --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 6b2ffc72b67..6cb107452a5 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 6b2ffc72b67713de4f08915937a64392aa4dbff0 +Subproject commit 6cb107452a5a5551a04baf6bc4ff0b8299dfb596 From 510d587fe827085a403b9c4402e65367ae6f089a Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 25 Sep 2024 10:33:08 -0700 Subject: [PATCH 026/887] Update CNG backend to fdc07bead050 (#1332) --- patches/0005-Add-CNG-crypto-backend.patch | 10 +- patches/0006-Vendor-crypto-backends.patch | 622 +++++++++++++++++++++- 2 files changed, 615 insertions(+), 17 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 5793da59290..0bfcded3093 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -1012,26 +1012,26 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 7a6455fefb4bed..84460ce0490727 100644 +index 7a6455fefb4bed..ac91a5201b6581 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 require ( github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 138066f5f84b68..31b48ffe22c863 100644 +index b8e460e0a13c1c..19b381f6211587 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 h1:KQsPPal3pKvKzAPTaR7sEriaqrHmRWw0dWG/7E5FNNk= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103/go.mod h1:fveERXKbeK+XLmOyU24caKnIT/S5nniAX9XCRHfnrM4= ++github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050 h1:DYP8AiC/xuYDxOkvZQy9QVnFee4rBUCmzN54Iit5pkQ= ++github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050/go.mod h1:fveERXKbeK+XLmOyU24caKnIT/S5nniAX9XCRHfnrM4= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 9a63450ecdd..f5de3e8682e 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -47,23 +47,24 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../go-crypto-winnative/cng/cipher.go | 56 + .../microsoft/go-crypto-winnative/cng/cng.go | 130 ++ .../microsoft/go-crypto-winnative/cng/des.go | 107 ++ + .../microsoft/go-crypto-winnative/cng/dsa.go | 473 ++++++++ .../microsoft/go-crypto-winnative/cng/ecdh.go | 260 ++++ .../go-crypto-winnative/cng/ecdsa.go | 175 +++ .../microsoft/go-crypto-winnative/cng/hash.go | 320 +++++ .../microsoft/go-crypto-winnative/cng/hkdf.go | 179 +++ .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + - .../microsoft/go-crypto-winnative/cng/keys.go | 178 +++ + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ .../go-crypto-winnative/cng/pbkdf2.go | 74 ++ .../microsoft/go-crypto-winnative/cng/rand.go | 28 + .../microsoft/go-crypto-winnative/cng/rc4.go | 61 + .../microsoft/go-crypto-winnative/cng/rsa.go | 374 ++++++ .../go-crypto-winnative/cng/tls1prf.go | 92 ++ - .../internal/bcrypt/bcrypt_windows.go | 284 +++++ + .../internal/bcrypt/bcrypt_windows.go | 359 ++++++ .../internal/bcrypt/zsyscall_windows.go | 389 ++++++ .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 58 files changed, 9828 insertions(+) + 59 files changed, 10418 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md @@ -106,6 +107,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/cng.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdh.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdsa.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go @@ -7547,7 +7549,7 @@ index 00000000000000..844c087287cabe +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go new file mode 100644 -index 00000000000000..2172f03e860418 +index 00000000000000..b0784affba0aa4 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go @@ -0,0 +1,107 @@ @@ -7576,7 +7578,7 @@ index 00000000000000..2172f03e860418 +} + +func NewDESCipher(key []byte) (cipher.Block, error) { -+ kh, err := newCipherHandle(bcrypt.DES_ALGORITHM, "", key) ++ kh, err := newCipherHandle(bcrypt.DES_ALGORITHM, bcrypt.CHAIN_MODE_ECB, key) + if err != nil { + return nil, err + } @@ -7587,7 +7589,7 @@ index 00000000000000..2172f03e860418 +} + +func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ kh, err := newCipherHandle(bcrypt.DES3_ALGORITHM, "", key) ++ kh, err := newCipherHandle(bcrypt.DES3_ALGORITHM, bcrypt.CHAIN_MODE_ECB, key) + if err != nil { + return nil, err + } @@ -7658,6 +7660,485 @@ index 00000000000000..2172f03e860418 +func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { + return newCBC(false, c.alg, c.key, iv) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go +new file mode 100644 +index 00000000000000..bd3e19dcf7f035 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go +@@ -0,0 +1,473 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build windows ++// +build windows ++ ++package cng ++ ++import ( ++ "errors" ++ "runtime" ++ "strconv" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-winnative/internal/bcrypt" ++) ++ ++// As of FIPS 186-4 the maximum Q size is 32 bytes. ++// ++// See also: cbGroupSize at ++// https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_dsa_key_blob_v2 ++const maxGroupSize = 32 ++ ++// crypto/dsa doesn't support passing the seed around, but CNG expects it. ++// CNG will skip seed verification if the count and seed parameters is all 0xff bytes. ++var ( ++ dsaCountNil = [4]byte{0xff, 0xff, 0xff, 0xff} ++ dsaSeedNil = [maxGroupSize]byte{ ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, ++ } ++) ++ ++type dsaAlgorithm struct { ++ handle bcrypt.ALG_HANDLE ++ allowedKeyLengths bcrypt.KEY_LENGTHS_STRUCT ++} ++ ++func loadDSA() (h dsaAlgorithm, err error) { ++ v, err := loadOrStoreAlg(bcrypt.DSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ lengths, err := getKeyLengths(bcrypt.HANDLE(h)) ++ if err != nil { ++ return nil, err ++ } ++ return dsaAlgorithm{h, lengths}, nil ++ }) ++ if err != nil { ++ return dsaAlgorithm{}, err ++ } ++ return v.(dsaAlgorithm), nil ++} ++ ++// DSAParameters contains the DSA parameters. ++type DSAParameters struct { ++ P, Q, G BigInt ++} ++ ++func (p DSAParameters) keySize() uint32 { ++ return uint32(len(p.P)) ++} ++ ++func (p DSAParameters) groupSize() uint32 { ++ return uint32(len(p.Q)) ++} ++ ++// GenerateDSAParameters generates a set of DSA parameters for a key of size L bytes. ++// If L is less than or equal to 1024, the parameters are generated according to FIPS 186-2. ++// If L is greater than 1024, the parameters are generated according to FIPS 186-3. ++// The returned parameters are suitable for use in GenerateKey. ++func GenerateDSAParameters(L int) (params DSAParameters, err error) { ++ h, err := loadDSA() ++ if err != nil { ++ return DSAParameters{}, err ++ } ++ if !keyIsAllowed(h.allowedKeyLengths, uint32(L)) { ++ return DSAParameters{}, errors.New("crypto/dsa: invalid key size") ++ } ++ // To generate the parameters, we need to generate a key pair and then export the public key. ++ // The public key contains the parameters. We then discard the key pair. ++ var hkey bcrypt.KEY_HANDLE ++ if err := bcrypt.GenerateKeyPair(h.handle, &hkey, uint32(L), 0); err != nil { ++ return DSAParameters{}, err ++ } ++ defer bcrypt.DestroyKey(hkey) ++ ++ if err := bcrypt.FinalizeKeyPair(hkey, 0); err != nil { ++ return DSAParameters{}, err ++ } ++ params, _, _, err = decodeDSAKey(hkey, false) ++ return params, err ++} ++ ++// PrivateKeyDSA represents a DSA private key. ++type PrivateKeyDSA struct { ++ DSAParameters ++ X, Y BigInt ++ ++ hkey bcrypt.KEY_HANDLE ++} ++ ++func (k *PrivateKeyDSA) finalize() { ++ bcrypt.DestroyKey(k.hkey) ++} ++ ++// PublicKeyDSA represents a DSA public key. ++type PublicKeyDSA struct { ++ DSAParameters ++ Y BigInt ++ ++ hkey bcrypt.KEY_HANDLE ++} ++ ++func (k *PublicKeyDSA) finalize() { ++ bcrypt.DestroyKey(k.hkey) ++} ++ ++// GenerateKeyDSA generates a new private DSA key using the given parameters. ++func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) { ++ h, err := loadDSA() ++ if err != nil { ++ return nil, err ++ } ++ keySize := params.keySize() ++ if !keyIsAllowed(h.allowedKeyLengths, keySize*8) { ++ return nil, errors.New("crypto/dsa: invalid key size") ++ } ++ var hkey bcrypt.KEY_HANDLE ++ if err := bcrypt.GenerateKeyPair(h.handle, &hkey, keySize*8, 0); err != nil { ++ return nil, err ++ } ++ if err := setDSAParameter(hkey, params); err != nil { ++ bcrypt.DestroyKey(hkey) ++ return nil, err ++ } ++ if err := bcrypt.FinalizeKeyPair(hkey, 0); err != nil { ++ bcrypt.DestroyKey(hkey) ++ return nil, err ++ } ++ _, x, y, err := decodeDSAKey(hkey, true) ++ if err != nil { ++ bcrypt.DestroyKey(hkey) ++ return nil, err ++ } ++ k := &PrivateKeyDSA{params, x, y, hkey} ++ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) ++ return k, nil ++} ++ ++// NewPrivateKeyDSA creates a new DSA private key from the given parameters. ++func NewPrivateKeyDSA(params DSAParameters, X, Y BigInt) (*PrivateKeyDSA, error) { ++ h, err := loadDSA() ++ if err != nil { ++ return nil, err ++ } ++ keySize := params.keySize() ++ if !keyIsAllowed(h.allowedKeyLengths, keySize*8) { ++ return nil, errors.New("crypto/dsa: invalid key size") ++ } ++ hkey, err := encodeDSAKey(h.handle, params, X, Y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PrivateKeyDSA{params, X, Y, hkey} ++ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) ++ return k, nil ++} ++ ++// NewPublicKeyDSA creates a new DSA public key from the given parameters. ++func NewPublicKeyDSA(params DSAParameters, Y BigInt) (*PublicKeyDSA, error) { ++ h, err := loadDSA() ++ if err != nil { ++ return nil, err ++ } ++ keySize := params.keySize() ++ if !keyIsAllowed(h.allowedKeyLengths, keySize*8) { ++ return nil, errors.New("crypto/dsa: invalid key size") ++ } ++ hkey, err := encodeDSAKey(h.handle, params, nil, Y) ++ if err != nil { ++ return nil, err ++ } ++ k := &PublicKeyDSA{params, Y, hkey} ++ runtime.SetFinalizer(k, (*PublicKeyDSA).finalize) ++ return k, nil ++} ++ ++// SignDSA signs a hash (which should be the result of hashing a larger message). ++func SignDSA(priv *PrivateKeyDSA, hashed []byte) (r, s BigInt, err error) { ++ defer runtime.KeepAlive(priv) ++ size, err := getUint32(bcrypt.HANDLE(priv.hkey), bcrypt.SIGNATURE_LENGTH) ++ if err != nil { ++ return nil, nil, err ++ } ++ var buf [maxGroupSize]byte ++ hashed, err = dsaAdjustHashSize(priv.hkey, hashed, buf[:]) ++ if err != nil { ++ return nil, nil, err ++ } ++ sig := make([]byte, size) ++ err = bcrypt.SignHash(priv.hkey, nil, hashed, sig, &size, 0) ++ if err != nil { ++ return nil, nil, err ++ } ++ sig = sig[:size] ++ // BCRYPTSignHash generates DSA signatures in P1363 format, ++ // which is simply (r, s), each of them exactly half of the array. ++ if len(sig)%2 != 0 { ++ return nil, nil, errors.New("crypto/dsa: invalid signature size from bcrypt") ++ } ++ return sig[:len(sig)/2], sig[len(sig)/2:], nil ++} ++ ++// VerifyDSA verifies the signature in r, s of hashed using the public key, pub. ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt) bool { ++ defer runtime.KeepAlive(pub) ++ var buf [maxGroupSize]byte ++ hashed, err := dsaAdjustHashSize(pub.hkey, hashed, buf[:]) ++ if err != nil { ++ return false ++ } ++ size, err := getUint32(bcrypt.HANDLE(pub.hkey), bcrypt.SIGNATURE_LENGTH) ++ if err != nil { ++ return false ++ } ++ // r and s might be shorter than size ++ // if the original big number contained leading zeros, ++ // but they must not be longer than the public key size. ++ if len(r) > int(size/2) || len(s) > int(size/2) { ++ return false ++ } ++ sig := make([]byte, 0, 2*maxGroupSize) ++ prependZeros := func(nonZeroBytes int) { ++ if zeros := int(size/2) - nonZeroBytes; zeros > 0 { ++ sig = append(sig, make([]byte, zeros)...) ++ } ++ } ++ prependZeros(len(r)) ++ sig = append(sig, r...) ++ prependZeros(len(s)) ++ sig = append(sig, s...) ++ return keyVerify(pub.hkey, nil, hashed, sig, 0) == nil ++} ++ ++func encodeDSAKey(h bcrypt.ALG_HANDLE, params DSAParameters, X, Y BigInt) (bcrypt.KEY_HANDLE, error) { ++ keySize := params.keySize() ++ groupSize := params.groupSize() ++ private := X != nil ++ var blob []byte ++ if keySize*8 <= 1024 { ++ size := sizeOfDSABlobHeader + keySize*3 ++ hdr := bcrypt.DSA_KEY_BLOB{ ++ Magic: bcrypt.DSA_PUBLIC_MAGIC, ++ KeySize: keySize, ++ Count: dsaCountNil, ++ } ++ if private { ++ size += uint32(len(hdr.Q)) // private key is always 20 bytes ++ hdr.Magic = bcrypt.DSA_PRIVATE_MAGIC ++ } ++ copy(hdr.Seed[:], dsaSeedNil[:]) ++ copy(hdr.Q[:], params.Q[:]) ++ blob = make([]byte, size) ++ copy(blob, (*(*[sizeOfDSABlobHeader]byte)(unsafe.Pointer(&hdr)))[:]) ++ data := blob[sizeOfDSABlobHeader:] ++ if err := encodeBigInt(data, []sizedBigInt{ ++ {params.P, keySize}, ++ {params.G, keySize}, ++ {Y, keySize}, ++ {X, groupSize}, ++ }); err != nil { ++ return 0, err ++ } ++ } else { ++ size := sizeOfDSAV2BlobHeader + 3*keySize + 2*groupSize ++ hashAlg := hashAlgFromGroup(int(groupSize)) ++ hdr := bcrypt.DSA_KEY_BLOB_V2{ ++ Magic: bcrypt.DSA_PUBLIC_MAGIC_V2, ++ KeySize: keySize, ++ GroupSize: groupSize, ++ HashAlgorithm: hashAlg, ++ StandardVersion: bcrypt.DSA_FIPS186_3, ++ SeedLength: groupSize, // crypto/dsa doesn't use the seed, but it must be equal to groupSize. ++ Count: dsaCountNil, ++ } ++ if private { ++ size += groupSize ++ hdr.Magic = bcrypt.DSA_PRIVATE_MAGIC_V2 ++ } ++ blob = make([]byte, size) ++ copy(blob, (*(*[sizeOfDSAV2BlobHeader]byte)(unsafe.Pointer(&hdr)))[:]) ++ data := blob[sizeOfDSAV2BlobHeader:] ++ if err := encodeBigInt(data, []sizedBigInt{ ++ {dsaSeedNil[:], groupSize}, ++ {params.Q, groupSize}, ++ {params.P, keySize}, ++ {params.G, keySize}, ++ {Y, keySize}, ++ {X, groupSize}, ++ }); err != nil { ++ return 0, err ++ } ++ } ++ kind := bcrypt.DSA_PUBLIC_BLOB ++ if private { ++ kind = bcrypt.DSA_PRIVATE_BLOB ++ } ++ var hkey bcrypt.KEY_HANDLE ++ err := bcrypt.ImportKeyPair(h, 0, utf16PtrFromString(kind), &hkey, blob, 0) ++ if err != nil { ++ return 0, err ++ } ++ return hkey, nil ++} ++ ++// decodeDSAKey decodes a DSA key. If private is true, the private exponent, X, is also returned. ++func decodeDSAKey(hkey bcrypt.KEY_HANDLE, private bool) (params DSAParameters, X, Y BigInt, err error) { ++ var data []byte ++ consumeBigInt := func(size uint32) BigInt { ++ b := data[:size] ++ data = data[size:] ++ return b ++ } ++ var L uint32 ++ L, err = getUint32(bcrypt.HANDLE(hkey), bcrypt.KEY_LENGTH) ++ if err != nil { ++ return ++ } ++ if L <= 1024 { ++ var hdr bcrypt.DSA_KEY_BLOB ++ hdr, data, err = exportDSAKey(hkey, private) ++ if err != nil { ++ return ++ } ++ magic := bcrypt.DSA_PUBLIC_MAGIC ++ if private { ++ magic = bcrypt.DSA_PRIVATE_MAGIC ++ } ++ if hdr.Magic != magic || hdr.KeySize*8 != uint32(L) { ++ err = errors.New("crypto/dsa: exported key is corrupted") ++ return ++ } ++ params = DSAParameters{ ++ Q: hdr.Q[:], ++ P: consumeBigInt(hdr.KeySize), ++ G: consumeBigInt(hdr.KeySize), ++ } ++ Y = consumeBigInt(hdr.KeySize) ++ if private { ++ X = consumeBigInt(uint32(len(hdr.Q))) // private key is always 20 bytes ++ } ++ } else { ++ var hdr bcrypt.DSA_KEY_BLOB_V2 ++ hdr, data, err = exporDSAV2Key(hkey, private) ++ if err != nil { ++ return ++ } ++ magic := bcrypt.DSA_PUBLIC_MAGIC_V2 ++ if private { ++ magic = bcrypt.DSA_PRIVATE_MAGIC_V2 ++ } ++ if hdr.Magic != magic || hdr.KeySize*8 != uint32(L) { ++ err = errors.New("crypto/dsa: exported key is corrupted") ++ return ++ } ++ // Discard the seed, crypto/dsa doesn't use it. ++ consumeBigInt(hdr.SeedLength) ++ params = DSAParameters{ ++ Q: consumeBigInt(hdr.GroupSize), ++ P: consumeBigInt(hdr.KeySize), ++ G: consumeBigInt(hdr.KeySize), ++ } ++ Y = consumeBigInt(hdr.KeySize) ++ if private { ++ X = consumeBigInt(hdr.GroupSize) ++ } ++ } ++ return params, X, Y, nil ++} ++ ++// setDSAParameter sets the DSA parameters for the given key. ++func setDSAParameter(hkey bcrypt.KEY_HANDLE, params DSAParameters) error { ++ keySize := params.keySize() ++ groupSize := params.groupSize() ++ var blob []byte ++ if keySize*8 <= 1024 { ++ blob = make([]byte, sizeOfDSAParamsHeader+keySize*2) ++ hdr := bcrypt.DSA_PARAMETER_HEADER{ ++ Length: uint32(len(blob)), ++ Magic: bcrypt.DSA_PARAMETERS_MAGIC, ++ KeySize: keySize, ++ Count: dsaCountNil, ++ } ++ copy(hdr.Seed[:], dsaSeedNil[:]) ++ copy(hdr.Q[:], params.Q[:]) ++ copy(blob, (*(*[sizeOfDSAParamsHeader]byte)(unsafe.Pointer(&hdr)))[:]) ++ data := blob[sizeOfDSAParamsHeader:] ++ if err := encodeBigInt(data, []sizedBigInt{ ++ {params.P, keySize}, ++ {params.G, keySize}, ++ }); err != nil { ++ return err ++ } ++ } else { ++ blob = make([]byte, sizeOfDSAParamsV2Header+2*keySize+2*groupSize) ++ hashAlg := hashAlgFromGroup(int(groupSize)) ++ hdr := bcrypt.DSA_PARAMETER_HEADER_V2{ ++ Length: uint32(len(blob)), ++ Magic: bcrypt.DSA_PARAMETERS_MAGIC_V2, ++ KeySize: keySize, ++ GroupSize: groupSize, ++ HashAlgorithm: hashAlg, ++ StandardVersion: bcrypt.DSA_FIPS186_3, ++ SeedLength: groupSize, // crypto/dsa doesn't use the seed, but CNG expects it to be groupSize. ++ Count: dsaCountNil, ++ } ++ copy(blob, (*(*[sizeOfDSAParamsV2Header]byte)(unsafe.Pointer(&hdr)))[:]) ++ data := blob[sizeOfDSAParamsV2Header:] ++ if err := encodeBigInt(data, []sizedBigInt{ ++ {dsaSeedNil[:], groupSize}, ++ {params.Q, groupSize}, ++ {params.P, keySize}, ++ {params.G, keySize}, ++ }); err != nil { ++ return err ++ } ++ ++ } ++ return bcrypt.SetProperty(bcrypt.HANDLE(hkey), utf16PtrFromString(bcrypt.DSA_PARAMETERS), blob, 0) ++} ++ ++func dsaAdjustHashSize(hkey bcrypt.KEY_HANDLE, hashed []byte, buf []byte) ([]byte, error) { ++ // Windows CNG requires that the hash output and Q match sizes, but we can better ++ // interoperate with other FIPS 186-3 implementations if we perform truncation ++ // here, before sending it to CNG. ++ // ++ // If, on the other hand, Q is too big, we need to left-pad the hash with zeroes ++ // (since it gets treated as a big-endian number). ++ params, _, _, err := decodeDSAKey(hkey, false) ++ if err != nil { ++ return nil, err ++ } ++ groupSize := int(params.groupSize()) ++ if groupSize > len(buf) { ++ panic("output buffer too small") ++ } ++ if groupSize == len(hashed) { ++ return hashed, nil ++ } ++ if groupSize < len(hashed) { ++ return hashed[:groupSize], nil ++ } ++ if err := encodeBigInt(buf, []sizedBigInt{ ++ {hashed, uint32(groupSize)}, ++ }); err != nil { ++ return nil, err ++ } ++ return buf[:groupSize], nil ++} ++ ++func hashAlgFromGroup(groupSize int) bcrypt.HASHALGORITHM_ENUM { ++ switch groupSize { ++ case 20: ++ return bcrypt.DSA_HASH_ALGORITHM_SHA1 ++ case 32: ++ return bcrypt.DSA_HASH_ALGORITHM_SHA256 ++ case 64: ++ return bcrypt.DSA_HASH_ALGORITHM_SHA512 ++ default: ++ panic("invalid group size: " + strconv.Itoa(groupSize)) ++ } ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdh.go new file mode 100644 index 00000000000000..cd6e9a98f6f967 @@ -8659,10 +9140,10 @@ index 00000000000000..2d9fd36ce7252e +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/keys.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/keys.go new file mode 100644 -index 00000000000000..95c3bcdc5e788d +index 00000000000000..bc150a7bd39272 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/keys.go -@@ -0,0 +1,178 @@ +@@ -0,0 +1,220 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8682,8 +9163,50 @@ index 00000000000000..95c3bcdc5e788d + sizeOfECCBlobHeader = uint32(unsafe.Sizeof(bcrypt.ECCKEY_BLOB{})) + sizeOfRSABlobHeader = uint32(unsafe.Sizeof(bcrypt.RSAKEY_BLOB{})) + sizeOfKeyDataBlobHeader = uint32(unsafe.Sizeof(bcrypt.KEY_DATA_BLOB_HEADER{})) ++ sizeOfDSABlobHeader = uint32(unsafe.Sizeof(bcrypt.DSA_KEY_BLOB{})) ++ sizeOfDSAV2BlobHeader = uint32(unsafe.Sizeof(bcrypt.DSA_KEY_BLOB_V2{})) ++ sizeOfDSAParamsHeader = uint32(unsafe.Sizeof(bcrypt.DSA_PARAMETER_HEADER{})) ++ sizeOfDSAParamsV2Header = uint32(unsafe.Sizeof(bcrypt.DSA_PARAMETER_HEADER_V2{})) +) + ++// exportDSAKey exports hkey into a bcrypt.DSA_KEY_BLOB header and data. ++func exportDSAKey(hkey bcrypt.KEY_HANDLE, private bool) (bcrypt.DSA_KEY_BLOB, []byte, error) { ++ var magic string ++ if private { ++ magic = bcrypt.DSA_PRIVATE_BLOB ++ } else { ++ magic = bcrypt.DSA_PUBLIC_BLOB ++ } ++ blob, err := exportKey(hkey, magic) ++ if err != nil { ++ return bcrypt.DSA_KEY_BLOB{}, nil, err ++ } ++ if len(blob) < int(sizeOfDSABlobHeader) { ++ return bcrypt.DSA_KEY_BLOB{}, nil, errors.New("cng: exported key is corrupted") ++ } ++ hdr := (*(*bcrypt.DSA_KEY_BLOB)(unsafe.Pointer(&blob[0]))) ++ return hdr, blob[sizeOfDSABlobHeader:], nil ++} ++ ++// exporDSAV2Key exports hkey into a bcrypt.DSA_KEY_BLOB_V2 header and data. ++func exporDSAV2Key(hkey bcrypt.KEY_HANDLE, private bool) (bcrypt.DSA_KEY_BLOB_V2, []byte, error) { ++ var magic string ++ if private { ++ magic = bcrypt.DSA_PRIVATE_BLOB ++ } else { ++ magic = bcrypt.DSA_PUBLIC_BLOB ++ } ++ blob, err := exportKey(hkey, magic) ++ if err != nil { ++ return bcrypt.DSA_KEY_BLOB_V2{}, nil, err ++ } ++ if len(blob) < int(sizeOfDSAV2BlobHeader) { ++ return bcrypt.DSA_KEY_BLOB_V2{}, nil, errors.New("cng: exported key is corrupted") ++ } ++ hdr := (*(*bcrypt.DSA_KEY_BLOB_V2)(unsafe.Pointer(&blob[0]))) ++ return hdr, blob[sizeOfDSAV2BlobHeader:], nil ++} ++ +// exportRSAKey exports hkey into a bcrypt.ECCKEY_BLOB header and data. +func exportECCKey(hkey bcrypt.KEY_HANDLE, private bool) (bcrypt.ECCKEY_BLOB, []byte, error) { + var magic string @@ -9502,15 +10025,19 @@ index 00000000000000..30ef2242bc3cf3 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go new file mode 100644 -index 00000000000000..37c64ba6a7fa96 +index 00000000000000..090c74a894e170 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go -@@ -0,0 +1,284 @@ +@@ -0,0 +1,359 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +//go:generate go run github.com/microsoft/go-crypto-winnative/cmd/mksyscall -output zsyscall_windows.go bcrypt_windows.go + ++// Package bcrypt implements interop with bcrypt.dll, a component of Windows CNG. ++// See https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ ++// ++// Note: this package is not related to the bcrypt password hashing algorithm. +package bcrypt + +import ( @@ -9539,6 +10066,7 @@ index 00000000000000..37c64ba6a7fa96 + DES3_ALGORITHM = "3DES" // 3DES_ALGORITHM + TLS1_1_KDF_ALGORITHM = "TLS1_1_KDF" + TLS1_2_KDF_ALGORITHM = "TLS1_2_KDF" ++ DSA_ALGORITHM = "DSA" +) + +const ( @@ -9558,6 +10086,7 @@ index 00000000000000..37c64ba6a7fa96 + CHAIN_MODE_GCM = "ChainingModeGCM" + KEY_LENGTH = "KeyLength" + KEY_LENGTHS = "KeyLengths" ++ SIGNATURE_LENGTH = "SignatureLength" + BLOCK_LENGTH = "BlockLength" + ECC_CURVE_NAME = "ECCCurveName" +) @@ -9567,6 +10096,8 @@ index 00000000000000..37c64ba6a7fa96 + RSAFULLPRIVATE_BLOB = "RSAFULLPRIVATEBLOB" + ECCPUBLIC_BLOB = "ECCPUBLICBLOB" + ECCPRIVATE_BLOB = "ECCPRIVATEBLOB" ++ DSA_PUBLIC_BLOB = "DSAPUBLICBLOB" ++ DSA_PRIVATE_BLOB = "DSAPRIVATEBLOB" +) + +const ( @@ -9617,6 +10148,45 @@ index 00000000000000..37c64ba6a7fa96 + KDF_RAW_SECRET = "TRUNCATE" +) + ++const ( ++ DSA_PARAMETERS = "DSAParameters" ++) ++ ++type HASHALGORITHM_ENUM uint32 ++ ++const ( ++ DSA_HASH_ALGORITHM_SHA1 HASHALGORITHM_ENUM = iota ++ DSA_HASH_ALGORITHM_SHA256 ++ DSA_HASH_ALGORITHM_SHA512 ++) ++ ++type DSAFIPSVERSION_ENUM uint32 ++ ++const ( ++ DSA_FIPS186_2 DSAFIPSVERSION_ENUM = iota ++ DSA_FIPS186_3 ++) ++ ++type DSA_PARAMETER_HEADER struct { ++ Length uint32 ++ Magic KeyBlobMagicNumber ++ KeySize uint32 ++ Count [4]uint8 ++ Seed [20]uint8 ++ Q [20]uint8 ++} ++ ++type DSA_PARAMETER_HEADER_V2 struct { ++ Length uint32 ++ Magic KeyBlobMagicNumber ++ KeySize uint32 ++ HashAlgorithm HASHALGORITHM_ENUM ++ StandardVersion DSAFIPSVERSION_ENUM ++ SeedLength uint32 ++ GroupSize uint32 ++ Count [4]uint8 ++} ++ +type PadMode uint32 + +const ( @@ -9645,6 +10215,14 @@ index 00000000000000..37c64ba6a7fa96 + + ECDH_PUBLIC_GENERIC_MAGIC KeyBlobMagicNumber = 0x504B4345 + ECDH_PRIVATE_GENERIC_MAGIC KeyBlobMagicNumber = 0x564B4345 ++ ++ DSA_PARAMETERS_MAGIC KeyBlobMagicNumber = 0x4d505344 ++ DSA_PUBLIC_MAGIC KeyBlobMagicNumber = 0x42505344 ++ DSA_PRIVATE_MAGIC KeyBlobMagicNumber = 0x56505344 ++ ++ DSA_PARAMETERS_MAGIC_V2 KeyBlobMagicNumber = 0x324d5044 ++ DSA_PUBLIC_MAGIC_V2 KeyBlobMagicNumber = 0x32425044 ++ DSA_PRIVATE_MAGIC_V2 KeyBlobMagicNumber = 0x32565044 +) + +type ( @@ -9731,6 +10309,26 @@ index 00000000000000..37c64ba6a7fa96 + KeySize uint32 +} + ++// https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_dsa_key_blob ++type DSA_KEY_BLOB struct { ++ Magic KeyBlobMagicNumber ++ KeySize uint32 ++ Count [4]uint8 ++ Seed [20]uint8 ++ Q [20]uint8 ++} ++ ++// https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_dsa_key_blob_v2 ++type DSA_KEY_BLOB_V2 struct { ++ Magic KeyBlobMagicNumber ++ KeySize uint32 ++ HashAlgorithm HASHALGORITHM_ENUM ++ StandardVersion DSAFIPSVERSION_ENUM ++ SeedLength uint32 ++ GroupSize uint32 ++ Count [4]uint8 ++} ++ +func Encrypt(hKey KEY_HANDLE, plaintext []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) { + var pInput *byte + if len(plaintext) > 0 { @@ -10285,7 +10883,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 7562f74b39ada6..6e996fecefb628 100644 +index 7562f74b39ada6..d4e66e028cbf17 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -10293,7 +10891,7 @@ index 7562f74b39ada6..6e996fecefb628 100644 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050 +## explicit; go 1.17 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From 8b60bc202539e1c0960f26293207e14f410cafa1 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 27 Sep 2024 10:30:59 +0200 Subject: [PATCH 027/887] upgrade microsoft/go-crypto-winnative --- patches/0005-Add-CNG-crypto-backend.patch | 6 +++--- patches/0006-Vendor-crypto-backends.patch | 22 +++++++++++++--------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 0bfcded3093..bddb17b6408 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -1019,7 +1019,7 @@ index 7a6455fefb4bed..ac91a5201b6581 100644 require ( github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) @@ -1030,8 +1030,8 @@ index b8e460e0a13c1c..19b381f6211587 100644 @@ -1,5 +1,7 @@ github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050 h1:DYP8AiC/xuYDxOkvZQy9QVnFee4rBUCmzN54Iit5pkQ= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050/go.mod h1:fveERXKbeK+XLmOyU24caKnIT/S5nniAX9XCRHfnrM4= ++github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb h1:b8TGHZrQVCwpRzl9gFJLf3/1IgkdbEc7C8MBatQTgMA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index f5de3e8682e..a6c7db91367 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -56,7 +56,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ .../go-crypto-winnative/cng/pbkdf2.go | 74 ++ .../microsoft/go-crypto-winnative/cng/rand.go | 28 + - .../microsoft/go-crypto-winnative/cng/rc4.go | 61 + + .../microsoft/go-crypto-winnative/cng/rc4.go | 65 + .../microsoft/go-crypto-winnative/cng/rsa.go | 374 ++++++ .../go-crypto-winnative/cng/tls1prf.go | 92 ++ .../internal/bcrypt/bcrypt_windows.go | 359 ++++++ @@ -64,7 +64,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 59 files changed, 10418 insertions(+) + 59 files changed, 10422 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md @@ -7351,7 +7351,7 @@ index 00000000000000..36f0e0c6e278bc +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go new file mode 100644 -index 00000000000000..61f5dc878d6c56 +index 00000000000000..b6f25a1a64794a --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go @@ -0,0 +1,56 @@ @@ -7391,7 +7391,7 @@ index 00000000000000..61f5dc878d6c56 + return cipherAlgorithm{h, lengths}, nil + }) + if err != nil { -+ return cipherAlgorithm{}, nil ++ return cipherAlgorithm{}, err + } + return v.(cipherAlgorithm), nil +} @@ -9480,10 +9480,10 @@ index 00000000000000..cdd845ab5bea98 +const RandReader = randReader(0) diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rc4.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rc4.go new file mode 100644 -index 00000000000000..e0d45070f26723 +index 00000000000000..f484a3e2211e04 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rc4.go -@@ -0,0 +1,61 @@ +@@ -0,0 +1,65 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9533,6 +9533,10 @@ index 00000000000000..e0d45070f26723 + if c.kh == 0 || len(src) == 0 { + return + } ++ // rc4.Cipher.XORKeyStream throws an out of bounds panic if ++ // dst is smaller than src. Replicate the same behavior here. ++ _ = dst[len(src)-1] ++ + if subtle.InexactOverlap(dst[:len(src)], src) { + panic("crypto/rc4: invalid buffer overlap") + } @@ -10883,7 +10887,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 7562f74b39ada6..d4e66e028cbf17 100644 +index 7562f74b39ada6..4a5212f108557c 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -10891,8 +10895,8 @@ index 7562f74b39ada6..d4e66e028cbf17 100644 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20240925150332-fdc07bead050 -+## explicit; go 1.17 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb ++## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig +github.com/microsoft/go-crypto-winnative/internal/bcrypt From 07e4fd05bb4c3deb46641f055a573d7f8a729d49 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 27 Sep 2024 14:09:13 +0200 Subject: [PATCH 028/887] resolve conflicts --- .../0002-Add-crypto-backend-foundation.patch | 16 +- .../0003-Add-BoringSSL-crypto-backend.patch | 2 +- ...0010-Support-TLS-1.3-in-fipstls-mode.patch | 281 ------------------ ...OFIPS-when-running-the-Go-toolchain.patch} | 0 ...pport-for-logging-used-Windows-APIs.patch} | 0 ... 0012-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 7 files changed, 9 insertions(+), 290 deletions(-) delete mode 100644 patches/0010-Support-TLS-1.3-in-fipstls-mode.patch rename patches/{0011-unset-GOFIPS-when-running-the-Go-toolchain.patch => 0010-unset-GOFIPS-when-running-the-Go-toolchain.patch} (100%) rename patches/{0012-add-support-for-logging-used-Windows-APIs.patch => 0011-add-support-for-logging-used-Windows-APIs.patch} (100%) rename patches/{0013-remove-long-path-support-hack.patch => 0012-remove-long-path-support-hack.patch} (100%) rename patches/{0014-Omit-internal-go.mod-files-used-for-codegen.patch => 0013-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 6507170b41a..a9494e5bb94 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -877,8 +877,8 @@ index 843678702bf93f..28f4ae5621921d 100644 "hash" "internal/byteorder" @@ -99,6 +100,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { - // implements [encoding.BinaryMarshaler] and [encoding.BinaryUnmarshaler] to - // marshal and unmarshal the internal state of the hash. + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. func New() hash.Hash { + if boring.Enabled && boring.SupportsHash(crypto.MD5) { + return boring.NewMD5() @@ -1217,8 +1217,8 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 "hash" "internal/byteorder" @@ -153,7 +153,7 @@ func New() hash.Hash { - - // New224 returns a new hash.Hash computing the SHA224 checksum. + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. func New224() hash.Hash { - if boring.Enabled { + if boring.Enabled && boring.SupportsHash(crypto.SHA224) { @@ -1308,9 +1308,9 @@ index be10b71bd2269b..d879139773d1d7 100644 + fipstls.Abandon() +} + - func TestBoringServerProtocolVersion(t *testing.T) { - test := func(t *testing.T, name string, v uint16, msg string) { - t.Run(name, func(t *testing.T) { + func allCipherSuitesIncludingTLS13() []uint16 { + s := allCipherSuites() + for _, suite := range cipherSuitesTLS13 { diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go index eebc66880d631f..42a26005ff31f2 100644 --- a/src/crypto/tls/cipher_suites.go @@ -1708,8 +1708,8 @@ index 33fd0ed52b1ff6..ffc3eeca9dbf95 100644 +} + func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey { + t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) - if err != nil { diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 441cf8d051c934..ca6a512bf95c7e 100644 --- a/src/go/build/deps_test.go diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 75a7a08b4f0..430b91187d5 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -84,7 +84,7 @@ index 00000000000000..7c5fbeea717618 + +func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) } +func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) } -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS13(c) } + +type PublicKeyECDSA = boring.PublicKeyECDSA +type PrivateKeyECDSA = boring.PrivateKeyECDSA diff --git a/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch b/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch deleted file mode 100644 index 83e36728eef..00000000000 --- a/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch +++ /dev/null @@ -1,281 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: qmuntal -Date: Tue, 30 Jan 2024 11:40:31 +0100 -Subject: [PATCH] Support TLS 1.3 in fipstls mode - ---- - src/crypto/tls/boring_test.go | 54 +++++++++++++++++++----- - src/crypto/tls/cipher_suites.go | 15 +++++-- - src/crypto/tls/defaults.go | 3 +- - src/crypto/tls/handshake_client.go | 13 +++++- - src/crypto/tls/handshake_client_tls13.go | 4 -- - src/crypto/tls/handshake_server_test.go | 3 ++ - src/crypto/tls/handshake_server_tls13.go | 7 ++- - 7 files changed, 73 insertions(+), 26 deletions(-) - -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 1b47fc8bffdf1d..eda147261bbc96 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -30,6 +30,31 @@ func init() { - fipstls.Abandon() - } - -+func allCipherSuitesIncludingTLS13() []uint16 { -+ s := allCipherSuites() -+ for _, suite := range cipherSuitesTLS13 { -+ s = append(s, suite.id) -+ } -+ return s -+} -+ -+func isTLS13CipherSuite(id uint16) bool { -+ for _, suite := range cipherSuitesTLS13 { -+ if id == suite.id { -+ return true -+ } -+ } -+ return false -+} -+ -+func generateKeyShare(group CurveID) keyShare { -+ key, err := generateECDHEKey(rand.Reader, group) -+ if err != nil { -+ panic(err) -+ } -+ return keyShare{group: group, data: key.PublicKey().Bytes()} -+} -+ - func TestBoringServerProtocolVersion(t *testing.T) { - test := func(t *testing.T, name string, v uint16, msg string) { - t.Run(name, func(t *testing.T) { -@@ -65,22 +90,22 @@ func TestBoringServerProtocolVersion(t *testing.T) { - test(t, "VersionTLS10", VersionTLS10, "supported versions") - test(t, "VersionTLS11", VersionTLS11, "supported versions") - test(t, "VersionTLS12", VersionTLS12, "") -- test(t, "VersionTLS13", VersionTLS13, "supported versions") -+ test(t, "VersionTLS13", VersionTLS13, "") - }) - } - - func isBoringVersion(v uint16) bool { -- return v == VersionTLS12 -+ return v == VersionTLS12 || v == VersionTLS13 - } - - func isBoringCipherSuite(id uint16) bool { - switch id { -- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -+ case TLS_AES_128_GCM_SHA256, -+ TLS_AES_256_GCM_SHA384, -+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, -- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -- TLS_RSA_WITH_AES_128_GCM_SHA256, -- TLS_RSA_WITH_AES_256_GCM_SHA384: -+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: - return true - } - return false -@@ -100,7 +125,7 @@ func isECDSA(id uint16) bool { - return suite.flags&suiteECSign == suiteECSign - } - } -- panic(fmt.Sprintf("unknown cipher suite %#x", id)) -+ return false // TLS 1.3 cipher suites are not tied to the signature algorithm. - } - - func isBoringSignatureScheme(alg SignatureScheme) bool { -@@ -123,10 +148,9 @@ func isBoringSignatureScheme(alg SignatureScheme) bool { - - func TestBoringServerCipherSuites(t *testing.T) { - serverConfig := testConfig.Clone() -- serverConfig.CipherSuites = allCipherSuites() - serverConfig.Certificates = make([]Certificate, 1) - -- for _, id := range allCipherSuites() { -+ for _, id := range allCipherSuitesIncludingTLS13() { - if isECDSA(id) { - serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} - serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey -@@ -135,14 +159,22 @@ func TestBoringServerCipherSuites(t *testing.T) { - serverConfig.Certificates[0].PrivateKey = testRSAPrivateKey - } - serverConfig.BuildNameToCertificate() -- t.Run(fmt.Sprintf("suite=%#x", id), func(t *testing.T) { -+ t.Run(fmt.Sprintf("suite=%#x", CipherSuiteName(id)), func(t *testing.T) { - clientHello := &clientHelloMsg{ - vers: VersionTLS12, - random: make([]byte, 32), - cipherSuites: []uint16{id}, - compressionMethods: []uint8{compressionNone}, - supportedCurves: defaultCurvePreferences(), -+ keyShares: []keyShare{generateKeyShare(CurveP256)}, - supportedPoints: []uint8{pointFormatUncompressed}, -+ supportedVersions: []uint16{VersionTLS12}, -+ } -+ // This test runs for both TLS 1.2 and 1.3. For TLS 1.3, we need to -+ // specify more about the supported versions/algorithms. -+ if isTLS13CipherSuite(id) { -+ clientHello.supportedVersions = []uint16{VersionTLS13} -+ clientHello.supportedSignatureAlgorithms = supportedSignatureAlgorithms() - } - - testClientHello(t, serverConfig, clientHello) -@@ -293,7 +325,7 @@ func TestBoringClientHello(t *testing.T) { - } - - if !isBoringVersion(hello.vers) { -- t.Errorf("client vers=%#x, want %#x (TLS 1.2)", hello.vers, VersionTLS12) -+ t.Errorf("client vers=%#x", hello.vers) - } - for _, v := range hello.supportedVersions { - if !isBoringVersion(v) { -diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 42a26005ff31f2..0c16bd8a884e14 100644 ---- a/src/crypto/tls/cipher_suites.go -+++ b/src/crypto/tls/cipher_suites.go -@@ -17,6 +17,7 @@ import ( - "fmt" - "hash" - "internal/cpu" -+ "internal/goexperiment" - "runtime" - _ "unsafe" // for linkname - -@@ -552,9 +553,17 @@ func aeadAESGCMTLS13(key, nonceMask []byte) aead { - if err != nil { - panic(err) - } -- aead, err := cipher.NewGCM(aes) -- if err != nil { -- panic(err) -+ var aead cipher.AEAD -+ if boring.Enabled { -+ if goexperiment.BoringCrypto { -+ // TODO: remove this once BoringCrypto supports TLS 1.3. -+ aead, err = cipher.NewGCM(aes) -+ } else { -+ aead, err = boring.NewGCMTLS13(aes) -+ } -+ } else { -+ boring.Unreachable() -+ aead, err = cipher.NewGCM(aes) - } - - ret := &xorNonceAEAD{aead: aead} -diff --git a/src/crypto/tls/defaults.go b/src/crypto/tls/defaults.go -index 9b28acdc2d866a..3e780f447b522b 100644 ---- a/src/crypto/tls/defaults.go -+++ b/src/crypto/tls/defaults.go -@@ -92,6 +92,7 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ - - var defaultSupportedVersionsFIPS = []uint16{ - VersionTLS12, -+ VersionTLS13, - } - - // defaultCurvePreferencesFIPS are the FIPS-allowed curves, -@@ -118,8 +119,6 @@ var defaultCipherSuitesFIPS = []uint16{ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -- TLS_RSA_WITH_AES_128_GCM_SHA256, -- TLS_RSA_WITH_AES_256_GCM_SHA384, - } - - // defaultCipherSuitesTLS13FIPS are the FIPS-allowed cipher suites for TLS 1.3. -diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 6873e8daf631a7..585640d4b1a4d5 100644 ---- a/src/crypto/tls/handshake_client.go -+++ b/src/crypto/tls/handshake_client.go -@@ -141,13 +141,22 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon - if len(hello.supportedVersions) == 1 { - hello.cipherSuites = nil - } -- if hasAESGCMHardwareSupport { -+ if needFIPS() { -+ hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13FIPS...) -+ } else if hasAESGCMHardwareSupport { - hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...) - } else { - hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...) - } - -- curveID := config.curvePreferences(maxVersion)[0] -+ curveIDs := config.curvePreferences(maxVersion) -+ if len(curveIDs) == 0 { -+ // If TLS 1.3 FIPS restrictions are enabled, the filter applied by -+ // curvePreferences() may exclude all curves specified by config. -+ // In this case, there are certainly no supported curves. -+ return nil, nil, nil, errors.New("tls: CurvePreferences includes no supported curves") -+ } -+ curveID := curveIDs[0] - keyShareKeys = &keySharePrivateKeys{curveID: curveID} - if curveID == x25519Kyber768Draft00 { - keyShareKeys.ecdhe, err = generateECDHEKey(config.rand(), X25519) -diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go -index 6744e713c9ffa8..5b4c4568555d3d 100644 ---- a/src/crypto/tls/handshake_client_tls13.go -+++ b/src/crypto/tls/handshake_client_tls13.go -@@ -45,10 +45,6 @@ type clientHandshakeStateTLS13 struct { - func (hs *clientHandshakeStateTLS13) handshake() error { - c := hs.c - -- if needFIPS() { -- return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") -- } -- - // The server must not select TLS 1.3 in a renegotiation. See RFC 8446, - // sections 4.1.2 and 4.1.3. - if c.handshakes > 0 { -diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go -index bc45a289c1ed70..47e2ce17bb9e8e 100644 ---- a/src/crypto/tls/handshake_server_test.go -+++ b/src/crypto/tls/handshake_server_test.go -@@ -27,6 +27,7 @@ import ( - ) - - func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) { -+ t.Helper() - testClientHelloFailure(t, serverConfig, m, "") - } - -@@ -84,9 +85,11 @@ func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessa - t.Helper() - if len(expectedSubStr) == 0 { - if err != nil && err != io.EOF { -+ t.Helper() - t.Errorf("Got error: %s; expected to succeed", err) - } - } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) { -+ t.Helper() - t.Errorf("Got error: %v; expected to match substring '%s'", err, expectedSubStr) - } - } -diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index f88fcad4e78f0d..b95299a44c8fc1 100644 ---- a/src/crypto/tls/handshake_server_tls13.go -+++ b/src/crypto/tls/handshake_server_tls13.go -@@ -48,10 +48,6 @@ type serverHandshakeStateTLS13 struct { - func (hs *serverHandshakeStateTLS13) handshake() error { - c := hs.c - -- if needFIPS() { -- return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") -- } -- - // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2. - if err := hs.processClientHello(); err != nil { - return err -@@ -166,6 +162,9 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error { - if !hasAESGCMHardwareSupport || !aesgcmPreferred(hs.clientHello.cipherSuites) { - preferenceList = defaultCipherSuitesTLS13NoAES - } -+ if needFIPS() { -+ preferenceList = defaultCipherSuitesTLS13FIPS -+ } - for _, suiteID := range preferenceList { - hs.suite = mutualCipherSuiteTLS13(hs.clientHello.cipherSuites, suiteID) - if hs.suite != nil { diff --git a/patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch similarity index 100% rename from patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch rename to patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch diff --git a/patches/0012-add-support-for-logging-used-Windows-APIs.patch b/patches/0011-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0012-add-support-for-logging-used-Windows-APIs.patch rename to patches/0011-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0013-remove-long-path-support-hack.patch b/patches/0012-remove-long-path-support-hack.patch similarity index 100% rename from patches/0013-remove-long-path-support-hack.patch rename to patches/0012-remove-long-path-support-hack.patch diff --git a/patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch From 40b70842a14dcf4c1fc30eff538450aa4f2eaeb3 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 30 Sep 2024 09:39:07 +0200 Subject: [PATCH 029/887] bump go-crypto-winnative --- patches/0005-Add-CNG-crypto-backend.patch | 6 +- patches/0006-Vendor-crypto-backends.patch | 294 ++++++++++------------ 2 files changed, 133 insertions(+), 167 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index bddb17b6408..b2bf22f27fa 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -1019,7 +1019,7 @@ index 7a6455fefb4bed..ac91a5201b6581 100644 require ( github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb ++ github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) @@ -1030,8 +1030,8 @@ index b8e460e0a13c1c..19b381f6211587 100644 @@ -1,5 +1,7 @@ github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb h1:b8TGHZrQVCwpRzl9gFJLf3/1IgkdbEc7C8MBatQTgMA= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index a6c7db91367..e33acea7273 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -41,30 +41,30 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../openssl/v2/thread_setup_windows.c | 64 + .../golang-fips/openssl/v2/tls1prf.go | 104 ++ .../microsoft/go-crypto-winnative/LICENSE | 21 + - .../microsoft/go-crypto-winnative/cng/aes.go | 389 ++++++ + .../microsoft/go-crypto-winnative/cng/aes.go | 393 +++++++ .../go-crypto-winnative/cng/bbig/big.go | 31 + .../microsoft/go-crypto-winnative/cng/big.go | 30 + - .../go-crypto-winnative/cng/cipher.go | 56 + - .../microsoft/go-crypto-winnative/cng/cng.go | 130 ++ + .../go-crypto-winnative/cng/cipher.go | 52 + + .../microsoft/go-crypto-winnative/cng/cng.go | 131 +++ .../microsoft/go-crypto-winnative/cng/des.go | 107 ++ - .../microsoft/go-crypto-winnative/cng/dsa.go | 473 ++++++++ - .../microsoft/go-crypto-winnative/cng/ecdh.go | 260 ++++ - .../go-crypto-winnative/cng/ecdsa.go | 175 +++ - .../microsoft/go-crypto-winnative/cng/hash.go | 320 +++++ - .../microsoft/go-crypto-winnative/cng/hkdf.go | 179 +++ + .../microsoft/go-crypto-winnative/cng/dsa.go | 469 ++++++++ + .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 ++++ + .../go-crypto-winnative/cng/ecdsa.go | 169 +++ + .../microsoft/go-crypto-winnative/cng/hash.go | 316 +++++ + .../microsoft/go-crypto-winnative/cng/hkdf.go | 175 +++ .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ - .../go-crypto-winnative/cng/pbkdf2.go | 74 ++ + .../go-crypto-winnative/cng/pbkdf2.go | 70 ++ .../microsoft/go-crypto-winnative/cng/rand.go | 28 + .../microsoft/go-crypto-winnative/cng/rc4.go | 65 + - .../microsoft/go-crypto-winnative/cng/rsa.go | 374 ++++++ - .../go-crypto-winnative/cng/tls1prf.go | 92 ++ + .../microsoft/go-crypto-winnative/cng/rsa.go | 370 ++++++ + .../go-crypto-winnative/cng/tls1prf.go | 88 ++ .../internal/bcrypt/bcrypt_windows.go | 359 ++++++ .../internal/bcrypt/zsyscall_windows.go | 389 ++++++ .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 59 files changed, 10422 insertions(+) + 59 files changed, 10388 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md @@ -6883,10 +6883,10 @@ index 00000000000000..9e841e7a26e4eb + SOFTWARE diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go new file mode 100644 -index 00000000000000..7fda49a773097a +index 00000000000000..caac632894556e --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -@@ -0,0 +1,389 @@ +@@ -0,0 +1,393 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -6929,16 +6929,28 @@ index 00000000000000..7fda49a773097a + +func (c *aesCipher) BlockSize() int { return aesBlockSize } + -+func (c *aesCipher) Encrypt(dst, src []byte) { -+ if subtle.InexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } ++// validateAndClipInputs checks that dst and src meet the [cipher.Block] ++// interface requirements and clips them to a single block. ++func (c *aesCipher) validateAndClipInputs(dst, src []byte) (d, s []byte) { + if len(src) < aesBlockSize { + panic("crypto/aes: input not full block") + } + if len(dst) < aesBlockSize { + panic("crypto/aes: output not full block") + } ++ // cypher.Block methods are documented to operate on ++ // one block at a time, so we truncate the input and output ++ // to the block size. ++ d, s = dst[:aesBlockSize], src[:aesBlockSize] ++ if subtle.InexactOverlap(d, s) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ return d, s ++} ++ ++func (c *aesCipher) Encrypt(dst, src []byte) { ++ dst, src = c.validateAndClipInputs(dst, src) ++ + var ret uint32 + err := bcrypt.Encrypt(c.kh, src, nil, nil, dst, &ret, 0) + if err != nil { @@ -6951,15 +6963,7 @@ index 00000000000000..7fda49a773097a +} + +func (c *aesCipher) Decrypt(dst, src []byte) { -+ if subtle.InexactOverlap(dst, src) { -+ panic("crypto/cipher: invalid buffer overlap") -+ } -+ if len(src) < aesBlockSize { -+ panic("crypto/aes: input not full block") -+ } -+ if len(dst) < aesBlockSize { -+ panic("crypto/aes: output not full block") -+ } ++ dst, src = c.validateAndClipInputs(dst, src) + + var ret uint32 + err := bcrypt.Decrypt(c.kh, src, nil, nil, dst, &ret, 0) @@ -7351,10 +7355,10 @@ index 00000000000000..36f0e0c6e278bc +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go new file mode 100644 -index 00000000000000..b6f25a1a64794a +index 00000000000000..c1365f8d399d21 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cipher.go -@@ -0,0 +1,56 @@ +@@ -0,0 +1,52 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -7375,25 +7379,21 @@ index 00000000000000..b6f25a1a64794a +} + +func loadCipher(id, mode string) (cipherAlgorithm, error) { -+ v, err := loadOrStoreAlg(id, bcrypt.ALG_NONE_FLAG, mode, func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(id, bcrypt.ALG_NONE_FLAG, mode, func(h bcrypt.ALG_HANDLE) (cipherAlgorithm, error) { + if mode != "" { + // Windows 8 added support to set the CipherMode value on a key, + // but Windows 7 requires that it be set on the algorithm before key creation. + err := setString(bcrypt.HANDLE(h), bcrypt.CHAINING_MODE, mode) + if err != nil { -+ return nil, err ++ return cipherAlgorithm{}, err + } + } + lengths, err := getKeyLengths(bcrypt.HANDLE(h)) + if err != nil { -+ return nil, err ++ return cipherAlgorithm{}, err + } + return cipherAlgorithm{h, lengths}, nil + }) -+ if err != nil { -+ return cipherAlgorithm{}, err -+ } -+ return v.(cipherAlgorithm), nil +} + +func newCipherHandle(id, mode string, key []byte) (bcrypt.KEY_HANDLE, error) { @@ -7413,10 +7413,10 @@ index 00000000000000..b6f25a1a64794a +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cng.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cng.go new file mode 100644 -index 00000000000000..844c087287cabe +index 00000000000000..d1916f94a0a76d --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/cng.go -@@ -0,0 +1,130 @@ +@@ -0,0 +1,131 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -7455,9 +7455,10 @@ index 00000000000000..844c087287cabe + +var algCache sync.Map + -+type newAlgEntryFn func(h bcrypt.ALG_HANDLE) (interface{}, error) -+ -+func loadOrStoreAlg(id string, flags bcrypt.AlgorithmProviderFlags, mode string, fn newAlgEntryFn) (interface{}, error) { ++// loadOrStoreAlg loads an algorithm with the given id, flags, and mode from the cache. ++// If the algorithm is not in the cache, a new one is created and then initialized using fn. ++// The returned algorithm handle should not be closed by the caller. ++func loadOrStoreAlg[T any](id string, flags bcrypt.AlgorithmProviderFlags, mode string, fn func(h bcrypt.ALG_HANDLE) (T, error)) (T, error) { + var entryKey = struct { + id string + flags bcrypt.AlgorithmProviderFlags @@ -7465,22 +7466,22 @@ index 00000000000000..844c087287cabe + }{id, flags, mode} + + if v, ok := algCache.Load(entryKey); ok { -+ return v, nil ++ return v.(T), nil + } + var h bcrypt.ALG_HANDLE + err := bcrypt.OpenAlgorithmProvider(&h, utf16PtrFromString(id), nil, flags) + if err != nil { -+ return nil, err ++ return *new(T), err + } + v, err := fn(h) + if err != nil { + bcrypt.CloseAlgorithmProvider(h, 0) -+ return nil, err ++ return *new(T), err + } + if existing, loaded := algCache.LoadOrStore(entryKey, v); loaded { + // We can safely use a provider that has already been cached in another concurrent goroutine. + bcrypt.CloseAlgorithmProvider(h, 0) -+ v = existing ++ v = existing.(T) + } + return v, nil +} @@ -7662,10 +7663,10 @@ index 00000000000000..b0784affba0aa4 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go new file mode 100644 -index 00000000000000..bd3e19dcf7f035 +index 00000000000000..5d4d3974d0c52c --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go -@@ -0,0 +1,473 @@ +@@ -0,0 +1,469 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -7707,17 +7708,13 @@ index 00000000000000..bd3e19dcf7f035 +} + +func loadDSA() (h dsaAlgorithm, err error) { -+ v, err := loadOrStoreAlg(bcrypt.DSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(bcrypt.DSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (dsaAlgorithm, error) { + lengths, err := getKeyLengths(bcrypt.HANDLE(h)) + if err != nil { -+ return nil, err ++ return dsaAlgorithm{}, err + } + return dsaAlgorithm{h, lengths}, nil + }) -+ if err != nil { -+ return dsaAlgorithm{}, err -+ } -+ return v.(dsaAlgorithm), nil +} + +// DSAParameters contains the DSA parameters. @@ -8141,10 +8138,10 @@ index 00000000000000..bd3e19dcf7f035 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdh.go new file mode 100644 -index 00000000000000..cd6e9a98f6f967 +index 00000000000000..2738728eb1b66f --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdh.go -@@ -0,0 +1,260 @@ +@@ -0,0 +1,255 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8167,36 +8164,31 @@ index 00000000000000..cd6e9a98f6f967 + +type ecdhAlgorithm struct { + handle bcrypt.ALG_HANDLE -+} -+ -+func loadECDH(curve string) (h ecdhAlgorithm, bits uint32, err error) { -+ var id string -+ switch curve { -+ case "P-256": -+ id, bits = bcrypt.ECC_CURVE_NISTP256, 256 -+ case "P-384": -+ id, bits = bcrypt.ECC_CURVE_NISTP384, 384 -+ case "P-521": -+ id, bits = bcrypt.ECC_CURVE_NISTP521, 521 -+ case "X25519": -+ id, bits = bcrypt.ECC_CURVE_25519, 255 -+ default: -+ err = errUnknownCurve -+ } -+ if err != nil { -+ return -+ } -+ v, err := loadOrStoreAlg(bcrypt.ECDH_ALGORITHM, bcrypt.ALG_NONE_FLAG, id, func(h bcrypt.ALG_HANDLE) (interface{}, error) { -+ err := setString(bcrypt.HANDLE(h), bcrypt.ECC_CURVE_NAME, id) ++ bits uint32 ++} ++ ++func loadECDH(curve string) (ecdhAlgorithm, error) { ++ return loadOrStoreAlg(bcrypt.ECDH_ALGORITHM, bcrypt.ALG_NONE_FLAG, curve, func(h bcrypt.ALG_HANDLE) (ecdhAlgorithm, error) { ++ var name string ++ var bits uint32 ++ switch curve { ++ case "P-256": ++ name, bits = bcrypt.ECC_CURVE_NISTP256, 256 ++ case "P-384": ++ name, bits = bcrypt.ECC_CURVE_NISTP384, 384 ++ case "P-521": ++ name, bits = bcrypt.ECC_CURVE_NISTP521, 521 ++ case "X25519": ++ name, bits = bcrypt.ECC_CURVE_25519, 255 ++ default: ++ return ecdhAlgorithm{}, errUnknownCurve ++ } ++ err := setString(bcrypt.HANDLE(h), bcrypt.ECC_CURVE_NAME, name) + if err != nil { -+ return nil, err ++ return ecdhAlgorithm{}, err + } -+ return ecdhAlgorithm{h}, nil ++ return ecdhAlgorithm{h, bits}, nil + }) -+ if err != nil { -+ return ecdhAlgorithm{}, 0, err -+ } -+ return v.(ecdhAlgorithm), bits, nil +} + +type PublicKeyECDH struct { @@ -8262,12 +8254,12 @@ index 00000000000000..cd6e9a98f6f967 +} + +func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { -+ h, bits, err := loadECDH(curve) ++ h, err := loadECDH(curve) + if err != nil { + return nil, nil, err + } + var hkey bcrypt.KEY_HANDLE -+ err = bcrypt.GenerateKeyPair(h.handle, &hkey, bits, 0) ++ err = bcrypt.GenerateKeyPair(h.handle, &hkey, h.bits, 0) + if err != nil { + return nil, nil, err + } @@ -8301,7 +8293,7 @@ index 00000000000000..cd6e9a98f6f967 + if len(bytes) == 0 || (nist && bytes[0] != ecdhUncompressedPrefix) { + return nil, errInvalidPublicKey + } -+ h, bits, err := loadECDH(curve) ++ h, err := loadECDH(curve) + if err != nil { + return nil, err + } @@ -8316,11 +8308,11 @@ index 00000000000000..cd6e9a98f6f967 + ncomponents = 1 + keyWithoutEncoding = bytes + } -+ keySize := int(bits+7) / 8 ++ keySize := int(h.bits+7) / 8 + if len(keyWithoutEncoding) != keySize*ncomponents { + return nil, errInvalidPublicKey + } -+ hkey, err := importECCKey(h.handle, bcrypt.ECDH_ALGORITHM, bits, keyWithoutEncoding[:keySize], keyWithoutEncoding[keySize:], nil) ++ hkey, err := importECCKey(h.handle, bcrypt.ECDH_ALGORITHM, h.bits, keyWithoutEncoding[:keySize], keyWithoutEncoding[keySize:], nil) + if err != nil { + return nil, err + } @@ -8332,11 +8324,11 @@ index 00000000000000..cd6e9a98f6f967 +func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } + +func NewPrivateKeyECDH(curve string, key []byte) (*PrivateKeyECDH, error) { -+ h, bits, err := loadECDH(curve) ++ h, err := loadECDH(curve) + if err != nil { + return nil, err + } -+ keySize := int(bits+7) / 8 ++ keySize := int(h.bits+7) / 8 + if len(key) != keySize { + return nil, errInvalidPrivateKey + } @@ -8349,7 +8341,7 @@ index 00000000000000..cd6e9a98f6f967 + // To trigger this behavior we pass a zeroed X/Y with keySize length. + // zero is big enough to fit P-521 curves, the largest we handle, in the stack. + var zero [(521 + 7) / 8]byte -+ hkey, err := importECCKey(h.handle, bcrypt.ECDH_ALGORITHM, bits, zero[:keySize], zero[:keySize], key) ++ hkey, err := importECCKey(h.handle, bcrypt.ECDH_ALGORITHM, h.bits, zero[:keySize], zero[:keySize], key) + if err != nil { + return nil, err + } @@ -8407,10 +8399,10 @@ index 00000000000000..cd6e9a98f6f967 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdsa.go new file mode 100644 -index 00000000000000..a77ff97bb8f521 +index 00000000000000..586e9ae2ebb0c9 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/ecdsa.go -@@ -0,0 +1,175 @@ +@@ -0,0 +1,169 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8430,47 +8422,41 @@ index 00000000000000..a77ff97bb8f521 + +type ecdsaAlgorithm struct { + handle bcrypt.ALG_HANDLE -+} -+ -+func loadECDSA(curve string) (h ecdsaAlgorithm, bits uint32, err error) { -+ var id string -+ switch curve { -+ case "P-224": -+ id, bits = bcrypt.ECC_CURVE_NISTP224, 224 -+ case "P-256": -+ id, bits = bcrypt.ECC_CURVE_NISTP256, 256 -+ case "P-384": -+ id, bits = bcrypt.ECC_CURVE_NISTP384, 384 -+ case "P-521": -+ id, bits = bcrypt.ECC_CURVE_NISTP521, 521 -+ default: -+ err = errUnknownCurve -+ } -+ if err != nil { -+ return -+ } -+ v, err := loadOrStoreAlg(bcrypt.ECDSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, id, func(h bcrypt.ALG_HANDLE) (interface{}, error) { -+ err := setString(bcrypt.HANDLE(h), bcrypt.ECC_CURVE_NAME, id) ++ bits uint32 ++} ++ ++func loadECDSA(curve string) (ecdsaAlgorithm, error) { ++ return loadOrStoreAlg(bcrypt.ECDSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, curve, func(h bcrypt.ALG_HANDLE) (ecdsaAlgorithm, error) { ++ var name string ++ var bits uint32 ++ switch curve { ++ case "P-224": ++ name, bits = bcrypt.ECC_CURVE_NISTP224, 224 ++ case "P-256": ++ name, bits = bcrypt.ECC_CURVE_NISTP256, 256 ++ case "P-384": ++ name, bits = bcrypt.ECC_CURVE_NISTP384, 384 ++ case "P-521": ++ name, bits = bcrypt.ECC_CURVE_NISTP521, 521 ++ default: ++ return ecdsaAlgorithm{}, errUnknownCurve ++ } ++ err := setString(bcrypt.HANDLE(h), bcrypt.ECC_CURVE_NAME, name) + if err != nil { -+ return nil, err ++ return ecdsaAlgorithm{}, err + } -+ return ecdsaAlgorithm{h}, nil ++ return ecdsaAlgorithm{h, bits}, nil + }) -+ if err != nil { -+ return ecdsaAlgorithm{}, 0, err -+ } -+ return v.(ecdsaAlgorithm), bits, nil +} + +func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) { + var h ecdsaAlgorithm -+ var bits uint32 -+ h, bits, err = loadECDSA(curve) ++ h, err = loadECDSA(curve) + if err != nil { + return + } + var hkey bcrypt.KEY_HANDLE -+ err = bcrypt.GenerateKeyPair(h.handle, &hkey, bits, 0) ++ err = bcrypt.GenerateKeyPair(h.handle, &hkey, h.bits, 0) + if err != nil { + return + } @@ -8500,11 +8486,11 @@ index 00000000000000..a77ff97bb8f521 +} + +func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) { -+ h, bits, err := loadECDSA(curve) ++ h, err := loadECDSA(curve) + if err != nil { + return nil, err + } -+ hkey, err := importECCKey(h.handle, bcrypt.ECDSA_ALGORITHM, bits, X, Y, nil) ++ hkey, err := importECCKey(h.handle, bcrypt.ECDSA_ALGORITHM, h.bits, X, Y, nil) + if err != nil { + return nil, err + } @@ -8522,11 +8508,11 @@ index 00000000000000..a77ff97bb8f521 +} + +func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error) { -+ h, bits, err := loadECDSA(curve) ++ h, err := loadECDSA(curve) + if err != nil { + return nil, err + } -+ hkey, err := importECCKey(h.handle, bcrypt.ECDSA_ALGORITHM, bits, X, Y, D) ++ hkey, err := importECCKey(h.handle, bcrypt.ECDSA_ALGORITHM, h.bits, X, Y, D) + if err != nil { + return nil, err + } @@ -8588,10 +8574,10 @@ index 00000000000000..a77ff97bb8f521 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go new file mode 100644 -index 00000000000000..bebbc999337efb +index 00000000000000..c4f01e17dd4ca1 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -0,0 +1,320 @@ +@@ -0,0 +1,316 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8751,7 +8737,7 @@ index 00000000000000..bebbc999337efb +} + +func loadHash(id string, flags bcrypt.AlgorithmProviderFlags) (*hashAlgorithm, error) { -+ v, err := loadOrStoreAlg(id, flags, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(id, flags, "", func(h bcrypt.ALG_HANDLE) (*hashAlgorithm, error) { + size, err := getUint32(bcrypt.HANDLE(h), bcrypt.HASH_LENGTH) + if err != nil { + return nil, err @@ -8762,10 +8748,6 @@ index 00000000000000..bebbc999337efb + } + return &hashAlgorithm{h, id, size, blockSize}, nil + }) -+ if err != nil { -+ return nil, err -+ } -+ return v.(*hashAlgorithm), nil +} + +// hashToID converts a hash.Hash implementation from this package @@ -8914,10 +8896,10 @@ index 00000000000000..bebbc999337efb +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go new file mode 100644 -index 00000000000000..6f164ced8a9656 +index 00000000000000..655926ef635224 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -@@ -0,0 +1,179 @@ +@@ -0,0 +1,175 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8943,13 +8925,9 @@ index 00000000000000..6f164ced8a9656 +} + +func loadHKDF() (bcrypt.ALG_HANDLE, error) { -+ h, err := loadOrStoreAlg(bcrypt.HKDF_ALGORITHM, 0, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(bcrypt.HKDF_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (bcrypt.ALG_HANDLE, error) { + return h, nil + }) -+ if err != nil { -+ return 0, err -+ } -+ return h.(bcrypt.ALG_HANDLE), nil +} + +type hkdf struct { @@ -9366,10 +9344,10 @@ index 00000000000000..bc150a7bd39272 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/pbkdf2.go new file mode 100644 -index 00000000000000..42614c9c748f80 +index 00000000000000..5466b180e60e5a --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/pbkdf2.go -@@ -0,0 +1,74 @@ +@@ -0,0 +1,70 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9387,13 +9365,9 @@ index 00000000000000..42614c9c748f80 +) + +func loadPBKDF2() (bcrypt.ALG_HANDLE, error) { -+ h, err := loadOrStoreAlg(bcrypt.PBKDF2_ALGORITHM, 0, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(bcrypt.PBKDF2_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (bcrypt.ALG_HANDLE, error) { + return h, nil + }) -+ if err != nil { -+ return 0, err -+ } -+ return h.(bcrypt.ALG_HANDLE), nil +} + +func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { @@ -9551,10 +9525,10 @@ index 00000000000000..f484a3e2211e04 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go new file mode 100644 -index 00000000000000..7e3f7abe3487cb +index 00000000000000..e9e2a09083a05c --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go -@@ -0,0 +1,374 @@ +@@ -0,0 +1,370 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9579,17 +9553,13 @@ index 00000000000000..7e3f7abe3487cb +} + +func loadRsa() (rsaAlgorithm, error) { -+ v, err := loadOrStoreAlg(bcrypt.RSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(bcrypt.RSA_ALGORITHM, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (rsaAlgorithm, error) { + lengths, err := getKeyLengths(bcrypt.HANDLE(h)) + if err != nil { -+ return nil, err ++ return rsaAlgorithm{}, err + } + return rsaAlgorithm{h, lengths}, nil + }) -+ if err != nil { -+ return rsaAlgorithm{}, err -+ } -+ return v.(rsaAlgorithm), nil +} + +func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { @@ -9931,10 +9901,10 @@ index 00000000000000..7e3f7abe3487cb +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go new file mode 100644 -index 00000000000000..30ef2242bc3cf3 +index 00000000000000..5a3fb01606ef95 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go -@@ -0,0 +1,92 @@ +@@ -0,0 +1,88 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9952,13 +9922,9 @@ index 00000000000000..30ef2242bc3cf3 +) + +func loadTLS1PRF(id string) (bcrypt.ALG_HANDLE, error) { -+ h, err := loadOrStoreAlg(id, 0, "", func(h bcrypt.ALG_HANDLE) (interface{}, error) { ++ return loadOrStoreAlg(id, bcrypt.ALG_NONE_FLAG, "", func(h bcrypt.ALG_HANDLE) (bcrypt.ALG_HANDLE, error) { + return h, nil + }) -+ if err != nil { -+ return 0, err -+ } -+ return h.(bcrypt.ALG_HANDLE), nil +} + +// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil, @@ -10887,7 +10853,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 7562f74b39ada6..4a5212f108557c 100644 +index cf5c0b83c9eeef..499d0cde63f7c9 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -10895,7 +10861,7 @@ index 7562f74b39ada6..4a5212f108557c 100644 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20240927070024-fde854564ffb ++# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From 0efbe47e6bd5319c72401ba3ffbfea7dc8ddc3da Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 30 Sep 2024 14:54:06 +0200 Subject: [PATCH 030/887] Support curve P-521 when TLS fipsonly mode is enabled --- ...521-when-TLS-fipsonly-mode-is-enable.patch | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch diff --git a/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch new file mode 100644 index 00000000000..8b24dad80c1 --- /dev/null +++ b/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch @@ -0,0 +1,49 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: qmuntal +Date: Mon, 30 Sep 2024 14:41:28 +0200 +Subject: [PATCH] Support curve P-521 when TLS fipsonly mode is enabled + +We have historically supported P-521 in TLS when fipsonly mode is +enabled, as this aligns with CNG, OpenSSL and SymCrypt FIPs policies. + +Upstream follows the boringssl FIPS policy, which doesn't allow P-521. + +This change adds support for P-521 in TLS when fipsonly mode is enabled. +--- + src/crypto/tls/boring_test.go | 1 + + src/crypto/tls/defaults.go | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go +index 3cdde9780352a4..7db181ab5b03a4 100644 +--- a/src/crypto/tls/boring_test.go ++++ b/src/crypto/tls/boring_test.go +@@ -137,6 +137,7 @@ func isBoringSignatureScheme(alg SignatureScheme) bool { + PKCS1WithSHA384, + ECDSAWithP384AndSHA384, + PKCS1WithSHA512, ++ ECDSAWithP521AndSHA512, + PSSWithSHA256, + PSSWithSHA384, + PSSWithSHA512: +diff --git a/src/crypto/tls/defaults.go b/src/crypto/tls/defaults.go +index ad4070df4a8883..26b6602b841209 100644 +--- a/src/crypto/tls/defaults.go ++++ b/src/crypto/tls/defaults.go +@@ -99,7 +99,7 @@ var defaultSupportedVersionsFIPS = []uint16{ + + // defaultCurvePreferencesFIPS are the FIPS-allowed curves, + // in preference order (most preferable first). +-var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384} ++var defaultCurvePreferencesFIPS = []CurveID{CurveP256, CurveP384, CurveP521} + + // defaultSupportedSignatureAlgorithmsFIPS currently are a subset of + // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1. +@@ -112,6 +112,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{ + PKCS1WithSHA384, + ECDSAWithP384AndSHA384, + PKCS1WithSHA512, ++ ECDSAWithP521AndSHA512, + } + + // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites. From 57ee7ecacfe0e62b8d94c0748e9d8dfe3ce0123d Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 30 Sep 2024 15:19:27 +0200 Subject: [PATCH 031/887] fix test --- ...e-P-521-when-TLS-fipsonly-mode-is-enable.patch | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch index 8b24dad80c1..8000003204f 100644 --- a/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch +++ b/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch @@ -10,14 +10,23 @@ Upstream follows the boringssl FIPS policy, which doesn't allow P-521. This change adds support for P-521 in TLS when fipsonly mode is enabled. --- - src/crypto/tls/boring_test.go | 1 + + src/crypto/tls/boring_test.go | 3 ++- src/crypto/tls/defaults.go | 3 ++- - 2 files changed, 3 insertions(+), 1 deletion(-) + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 3cdde9780352a4..7db181ab5b03a4 100644 +index 3cdde9780352a4..0682dfb162268c 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go +@@ -113,7 +113,7 @@ func isBoringCipherSuite(id uint16) bool { + + func isBoringCurve(id CurveID) bool { + switch id { +- case CurveP256, CurveP384: ++ case CurveP256, CurveP384, CurveP521: + return true + } + return false @@ -137,6 +137,7 @@ func isBoringSignatureScheme(alg SignatureScheme) bool { PKCS1WithSHA384, ECDSAWithP384AndSHA384, From 2a920676a352c81f2f8af0b25aaf1c156f1450a3 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Mon, 30 Sep 2024 16:07:07 +0000 Subject: [PATCH 032/887] Update submodule to latest master (f4b7291d): crypto/internal/randutil: use math/rand/v2 --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 6cb107452a5..f4b7291d73c 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 6cb107452a5a5551a04baf6bc4ff0b8299dfb596 +Subproject commit f4b7291d73c40af90fdbc5fa0d72a26c5f127931 From 324e76d36775c51f99113b65acdc143671a0624a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 10:26:22 +0000 Subject: [PATCH 033/887] Bump github/codeql-action from 3.26.9 to 3.26.10 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.26.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/461ef6c76dfe95d5c364de2f431ddbd31a417628...e2b3eafc8d227b0241d48be5f425d47c2d750a13) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a434d5e5699..362c195be96 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 with: category: /language:go From 0d4c62cd962b7bf370796265503dc85f151a7d55 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 1 Oct 2024 16:22:11 +0200 Subject: [PATCH 034/887] fix conflicts --- patches/0002-Add-crypto-backend-foundation.patch | 6 +++--- patches/0005-Add-CNG-crypto-backend.patch | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index a9494e5bb94..a0dbe6a934b 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -1097,8 +1097,8 @@ index e996e7aaa36b9c..55ca642491ec03 100644 "hash" "io" @@ -296,7 +296,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - // well-specified number of random bytes is included in the signature, in a - // well-specified way. + hash = opts.Hash + } - if boring.Enabled && rand == boring.RandReader { + if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) { @@ -1731,7 +1731,7 @@ index 441cf8d051c934..ca6a512bf95c7e 100644 + < crypto/internal/backend < crypto/boring; - crypto/internal/alias + crypto/internal/alias, math/rand/v2 @@ -496,6 +499,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index b2bf22f27fa..c15e818ba43 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -683,8 +683,8 @@ index 55ca642491ec03..7ff4d5150d1ddc 100644 if err != nil { return nil, err @@ -296,7 +296,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - // well-specified number of random bytes is included in the signature, in a - // well-specified way. + hash = opts.Hash + } - if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) { + if boring.Enabled && rand == boring.RandReader && From 93d60432aa94b426294ab97f434c7bd58bba18d2 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 2 Oct 2024 16:07:16 +0000 Subject: [PATCH 035/887] Update submodule to latest master (03103a54): hash/maphash: add WriteComparable and Comparable --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index f4b7291d73c..03103a54d83 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit f4b7291d73c40af90fdbc5fa0d72a26c5f127931 +Subproject commit 03103a54d830ee14187aac7720e42000927a6ce9 From 0f8f7953861884551709684080c69eae1e187373 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 2 Oct 2024 18:21:05 +0200 Subject: [PATCH 036/887] fall back to Go crypto when using different hashes when verifying with RSA OAEP --- eng/doc/fips/UserGuide.md | 1 + .../0002-Add-crypto-backend-foundation.patch | 75 +++++++++++-------- patches/0005-Add-CNG-crypto-backend.patch | 62 ++++++++------- 3 files changed, 73 insertions(+), 65 deletions(-) diff --git a/eng/doc/fips/UserGuide.md b/eng/doc/fips/UserGuide.md index 2ed486e3204..7053637c545 100644 --- a/eng/doc/fips/UserGuide.md +++ b/eng/doc/fips/UserGuide.md @@ -1665,6 +1665,7 @@ The decrypt function depends on `opts`: - If `opts` is nil, it calls [rsa.DecryptPKCS1v15](#func-decryptpkcs1v15)`(rand, priv, ciphertext)`. - If `opts` type is `*rsa.OAEPOptions`, it calls [rsa.DecryptOAEP](#func-decryptoaep)`(opts.Hash.New(), rand, priv, ciphertext, opts.Label)`. +- If `opts` type is `*rsa.OAEPOptions` and `ops.Hash` is different than `opts.MGFHash`, it falls back to standard Go crypto. - If `opts` type is `*rsa.PKCS1v15DecryptOptions` and `opts.SessionKeyLen > 0`, it calls [rsa.DecryptPKCS1v15SessionKey](#func-decryptpkcs1v15sessionkey)`(rand, priv, ciphertext, plaintext)` with a random `plaintext`. - If `opts` type is `*rsa.PKCS1v15DecryptOptions` and `opts.SessionKeyLen == 0`, it calls [rsa.DecryptPKCS1v15](#func-decryptpkcs1v15)`(rand, priv, ciphertext)`. - Else it returns an error. diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index a0dbe6a934b..3e2698ba414 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -36,7 +36,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pkcs1v15_test.go | 5 + src/crypto/rsa/pss.go | 6 +- - src/crypto/rsa/rsa.go | 19 +- + src/crypto/rsa/rsa.go | 21 +- src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- src/crypto/sha1/sha1_test.go | 2 +- @@ -55,7 +55,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 51 files changed, 789 insertions(+), 103 deletions(-) + 51 files changed, 790 insertions(+), 104 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -865,7 +865,7 @@ index 00000000000000..5e4b436554d44d +// from complaining about the missing body +// (because the implementation might be here). diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go -index 843678702bf93f..28f4ae5621921d 100644 +index c984c3f4968598..229dd457f8d53c 100644 --- a/src/crypto/md5/md5.go +++ b/src/crypto/md5/md5.go @@ -12,6 +12,7 @@ package md5 @@ -876,7 +876,7 @@ index 843678702bf93f..28f4ae5621921d 100644 "errors" "hash" "internal/byteorder" -@@ -99,6 +100,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { +@@ -103,6 +104,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal // state of the hash. func New() hash.Hash { @@ -886,7 +886,7 @@ index 843678702bf93f..28f4ae5621921d 100644 d := new(digest) d.Reset() return d -@@ -176,6 +180,9 @@ func (d *digest) checkSum() [Size]byte { +@@ -180,6 +184,9 @@ func (d *digest) checkSum() [Size]byte { // Sum returns the MD5 checksum of the data. func Sum(data []byte) [Size]byte { @@ -897,7 +897,7 @@ index 843678702bf93f..28f4ae5621921d 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index a5b661126dd716..7031d0abdaa13b 100644 +index 6a8258a67e860c..3a973eebd284a4 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -6,6 +6,7 @@ package md5 @@ -908,7 +908,7 @@ index a5b661126dd716..7031d0abdaa13b 100644 "crypto/internal/cryptotest" "crypto/rand" "encoding" -@@ -145,6 +146,9 @@ func TestLarge(t *testing.T) { +@@ -157,6 +158,9 @@ func TestLarge(t *testing.T) { // Tests that blockGeneric (pure Go) and block (in assembly for amd64, 386, arm) match. func TestBlockGeneric(t *testing.T) { @@ -1084,7 +1084,7 @@ index dfa1eddc886ff3..849dafacf93d0f 100644 _, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) if err == nil { diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index e996e7aaa36b9c..55ca642491ec03 100644 +index 5716c464ca0a33..63f1100cabab64 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -9,7 +9,7 @@ package rsa @@ -1096,7 +1096,7 @@ index e996e7aaa36b9c..55ca642491ec03 100644 "errors" "hash" "io" -@@ -296,7 +296,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, +@@ -300,7 +300,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, hash = opts.Hash } @@ -1115,7 +1115,7 @@ index e996e7aaa36b9c..55ca642491ec03 100644 if err != nil { return err diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 4d78d1eaaa6be0..c3753872872cce 100644 +index 4d78d1eaaa6be0..72a06ac902a252 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -26,14 +26,15 @@ package rsa @@ -1164,6 +1164,15 @@ index 4d78d1eaaa6be0..c3753872872cce 100644 boring.Unreachable() } +@@ -718,7 +729,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci + return nil, ErrDecryption + } + +- if boring.Enabled { ++ if boring.Enabled && hash == mgfHash { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go index 2afa045a3a0bd2..86466e67e87eeb 100644 --- a/src/crypto/rsa/rsa_test.go @@ -1178,7 +1187,7 @@ index 2afa045a3a0bd2..86466e67e87eeb 100644 . "crypto/rsa" "crypto/sha1" diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go -index c0742b9d83c527..3c89bd61e5ee2c 100644 +index 8189d1946d8ea5..8f5f7f27f26fea 100644 --- a/src/crypto/sha1/sha1.go +++ b/src/crypto/sha1/sha1.go @@ -10,7 +10,7 @@ package sha1 @@ -1191,7 +1200,7 @@ index c0742b9d83c527..3c89bd61e5ee2c 100644 "hash" "internal/byteorder" diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index 634ab9de1ba4cb..d0a9b1b46727fa 100644 +index d03892c57d4e61..d44f70b92661b4 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go @@ -8,7 +8,7 @@ package sha1 @@ -1204,7 +1213,7 @@ index 634ab9de1ba4cb..d0a9b1b46727fa 100644 "crypto/rand" "encoding" diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 68244fd63b0c1e..2297c2aa71c288 100644 +index 7844f191e16b57..5c04e4bb83f2f2 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -8,7 +8,7 @@ package sha256 @@ -1216,7 +1225,7 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 "errors" "hash" "internal/byteorder" -@@ -153,7 +153,7 @@ func New() hash.Hash { +@@ -159,7 +159,7 @@ func New() hash.Hash { // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal // state of the hash. func New224() hash.Hash { @@ -1225,7 +1234,7 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 return boring.NewSHA224() } d := new(digest) -@@ -172,7 +172,9 @@ func (d *digest) Size() int { +@@ -178,7 +178,9 @@ func (d *digest) Size() int { func (d *digest) BlockSize() int { return BlockSize } func (d *digest) Write(p []byte) (nn int, err error) { @@ -1236,7 +1245,7 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 nn = len(p) d.len += uint64(nn) if d.nx > 0 { -@@ -196,7 +198,9 @@ func (d *digest) Write(p []byte) (nn int, err error) { +@@ -202,7 +204,9 @@ func (d *digest) Write(p []byte) (nn int, err error) { } func (d *digest) Sum(in []byte) []byte { @@ -1247,7 +1256,7 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 // Make a copy of d so that caller can keep writing and summing. d0 := *d hash := d0.checkSum() -@@ -257,7 +261,7 @@ func Sum256(data []byte) [Size]byte { +@@ -263,7 +267,7 @@ func Sum256(data []byte) [Size]byte { // Sum224 returns the SHA224 checksum of the data. func Sum224(data []byte) [Size224]byte { @@ -1257,7 +1266,7 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 } var d digest diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index d91f01e9ba3a5f..755ed4d238ee5a 100644 +index 3237c6a73e6a1e..5a8f4901451018 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1270,7 +1279,7 @@ index d91f01e9ba3a5f..755ed4d238ee5a 100644 "crypto/rand" "encoding" diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go -index dde83625f7b852..d2fed3c2bb4533 100644 +index 0e2a34a1e347cf..132b9495e38644 100644 --- a/src/crypto/sha512/sha512.go +++ b/src/crypto/sha512/sha512.go @@ -12,7 +12,7 @@ package sha512 @@ -1283,7 +1292,7 @@ index dde83625f7b852..d2fed3c2bb4533 100644 "hash" "internal/byteorder" diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index a1ff571383e542..b63e3af59f3829 100644 +index cfe6b571975b27..de28aa927044a6 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 @@ -1296,7 +1305,7 @@ index a1ff571383e542..b63e3af59f3829 100644 "crypto/rand" "encoding" diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index be10b71bd2269b..d879139773d1d7 100644 +index 56050421985927..dcbd33167e4499 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -25,6 +25,11 @@ import ( @@ -1312,7 +1321,7 @@ index be10b71bd2269b..d879139773d1d7 100644 s := allCipherSuites() for _, suite := range cipherSuitesTLS13 { diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index eebc66880d631f..42a26005ff31f2 100644 +index 917a1eff42d34f..f6f57130b64f41 100644 --- a/src/crypto/tls/cipher_suites.go +++ b/src/crypto/tls/cipher_suites.go @@ -10,7 +10,7 @@ import ( @@ -1325,10 +1334,10 @@ index eebc66880d631f..42a26005ff31f2 100644 "crypto/sha1" "crypto/sha256" diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 5025657590d32c..bdbdee94af1bab 100644 +index 760e827f467f15..99b44d259e1e02 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go -@@ -765,12 +765,16 @@ func (hs *clientHandshakeState) doFullHandshake() error { +@@ -770,12 +770,16 @@ func (hs *clientHandshakeState) doFullHandshake() error { if hs.serverHello.extendedMasterSecret { c.extMasterSecret = true @@ -1347,7 +1356,7 @@ index 5025657590d32c..bdbdee94af1bab 100644 if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil { c.sendAlert(alertInternalError) return errors.New("tls: failed to write to key log: " + err.Error()) -@@ -831,8 +835,12 @@ func (hs *clientHandshakeState) doFullHandshake() error { +@@ -836,8 +840,12 @@ func (hs *clientHandshakeState) doFullHandshake() error { func (hs *clientHandshakeState) establishKeys() error { c := hs.c @@ -1361,7 +1370,7 @@ index 5025657590d32c..bdbdee94af1bab 100644 var clientCipher, serverCipher any var clientHash, serverHash hash.Hash if hs.suite.cipher != nil { -@@ -972,7 +980,11 @@ func (hs *clientHandshakeState) readFinished(out []byte) error { +@@ -977,7 +985,11 @@ func (hs *clientHandshakeState) readFinished(out []byte) error { return unexpectedMessageError(serverFinished, msg) } @@ -1374,7 +1383,7 @@ index 5025657590d32c..bdbdee94af1bab 100644 if len(verify) != len(serverFinished.verifyData) || subtle.ConstantTimeCompare(verify, serverFinished.verifyData) != 1 { c.sendAlert(alertHandshakeFailure) -@@ -1040,7 +1052,10 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { +@@ -1045,7 +1057,10 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { } finished := new(finishedMsg) @@ -1387,7 +1396,7 @@ index 5025657590d32c..bdbdee94af1bab 100644 return err } diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go -index ac3d915d1746d7..631db82b9ab3ae 100644 +index bc4e51ba364cf1..8b4fc36e49fdf8 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go @@ -686,12 +686,16 @@ func (hs *serverHandshakeState) doFullHandshake() error { @@ -1695,7 +1704,7 @@ index 8233985a62bd22..f46d4636557714 100644 serverMACString := hex.EncodeToString(serverMAC) clientKeyString := hex.EncodeToString(clientKey) diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index 33fd0ed52b1ff6..ffc3eeca9dbf95 100644 +index 319ac61f49c994..1b2454dbaab264 100644 --- a/src/crypto/x509/boring_test.go +++ b/src/crypto/x509/boring_test.go @@ -26,6 +26,11 @@ const ( @@ -1711,10 +1720,10 @@ index 33fd0ed52b1ff6..ffc3eeca9dbf95 100644 t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 441cf8d051c934..ca6a512bf95c7e 100644 +index e233535f752dfc..6b023f055b24ea 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -448,7 +448,9 @@ var depsRules = ` +@@ -447,7 +447,9 @@ var depsRules = ` # CRYPTO is core crypto algorithms - no cgo, fmt, net. crypto/internal/boring/sig, @@ -1724,7 +1733,7 @@ index 441cf8d051c934..ca6a512bf95c7e 100644 golang.org/x/sys/cpu, hash, embed < crypto -@@ -459,6 +461,7 @@ var depsRules = ` +@@ -458,6 +460,7 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache < crypto/internal/boring @@ -1732,7 +1741,7 @@ index 441cf8d051c934..ca6a512bf95c7e 100644 < crypto/boring; crypto/internal/alias, math/rand/v2 -@@ -496,6 +499,7 @@ var depsRules = ` +@@ -495,6 +498,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index c15e818ba43..14ee01ca9ed 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -25,7 +25,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pss.go | 8 +- src/crypto/rsa/pss_test.go | 2 +- - src/crypto/rsa/rsa.go | 4 +- + src/crypto/rsa/rsa.go | 2 +- src/crypto/rsa/rsa_test.go | 8 +- src/crypto/sha1/sha1_test.go | 7 + src/crypto/sha256/sha256_test.go | 10 + @@ -48,7 +48,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 44 files changed, 454 insertions(+), 33 deletions(-) + 44 files changed, 452 insertions(+), 33 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -545,7 +545,7 @@ index f5b4827c688f3b..12df96069f6b83 100644 // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 7031d0abdaa13b..ada2d5be13f986 100644 +index 3a973eebd284a4..5e24e07e2787e2 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -12,6 +12,7 @@ import ( @@ -566,7 +566,7 @@ index 7031d0abdaa13b..ada2d5be13f986 100644 for _, g := range golden { h := New() h2 := New() -@@ -196,6 +200,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -208,6 +212,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -670,7 +670,7 @@ index 552c6886813f46..7b3c9211992f6b 100644 if err != nil { return nil, err diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 55ca642491ec03..7ff4d5150d1ddc 100644 +index 63f1100cabab64..94fac3f1a1ce55 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([ @@ -682,7 +682,7 @@ index 55ca642491ec03..7ff4d5150d1ddc 100644 bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -296,7 +296,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, +@@ -300,7 +300,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, hash = opts.Hash } @@ -703,10 +703,10 @@ index 55ca642491ec03..7ff4d5150d1ddc 100644 if err != nil { return err diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index 7e908d4389d506..9a8311568c806e 100644 +index 637d07e18cff2e..21435b86b52dad 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go -@@ -283,7 +283,7 @@ func fromHex(hexStr string) []byte { +@@ -284,7 +284,7 @@ func fromHex(hexStr string) []byte { } func TestInvalidPSSSaltLength(t *testing.T) { @@ -716,17 +716,15 @@ index 7e908d4389d506..9a8311568c806e 100644 t.Fatal(err) } diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index c3753872872cce..e0f6cd17900e10 100644 +index 72a06ac902a252..a016c4f8362cf5 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go -@@ -729,7 +729,9 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci +@@ -729,7 +729,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci return nil, ErrDecryption } -- if boring.Enabled { -+ if boring.Enabled && -+ boring.IsRSAKeySupported(len(priv.Primes)) { -+ +- if boring.Enabled && hash == mgfHash { ++ if boring.Enabled && hash == mgfHash && boring.IsRSAKeySupported(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -764,7 +762,7 @@ index dbcc1bec58bd46..b1e9d8e94c2c9e 100644 enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) if err == ErrMessageTooLong { diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index d0a9b1b46727fa..10ea3e8eeb6efd 100644 +index d44f70b92661b4..76726556f80fbd 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go @@ -14,6 +14,7 @@ import ( @@ -785,7 +783,7 @@ index d0a9b1b46727fa..10ea3e8eeb6efd 100644 h := New() h2 := New() for _, g := range golden { -@@ -198,6 +202,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -210,6 +214,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -796,7 +794,7 @@ index d0a9b1b46727fa..10ea3e8eeb6efd 100644 h := New() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 755ed4d238ee5a..b7212e3f3c2175 100644 +index 5a8f4901451018..f9549bba2dee59 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -14,6 +14,7 @@ import ( @@ -817,7 +815,7 @@ index 755ed4d238ee5a..b7212e3f3c2175 100644 tests := []struct { name string newHash func() hash.Hash -@@ -185,6 +189,9 @@ func TestGoldenMarshal(t *testing.T) { +@@ -197,6 +201,9 @@ func TestGoldenMarshal(t *testing.T) { } func TestMarshalTypeMismatch(t *testing.T) { @@ -827,7 +825,7 @@ index 755ed4d238ee5a..b7212e3f3c2175 100644 h1 := New() h2 := New224() -@@ -274,6 +281,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -286,6 +293,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -838,7 +836,7 @@ index 755ed4d238ee5a..b7212e3f3c2175 100644 h := New() diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index b63e3af59f3829..121cf04e54cd87 100644 +index de28aa927044a6..dedebd20e6a2ed 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -15,6 +15,7 @@ import ( @@ -859,7 +857,7 @@ index b63e3af59f3829..121cf04e54cd87 100644 tests := []struct { name string newHash func() hash.Hash -@@ -767,6 +771,9 @@ func TestGoldenMarshal(t *testing.T) { +@@ -779,6 +783,9 @@ func TestGoldenMarshal(t *testing.T) { } func TestMarshalMismatch(t *testing.T) { @@ -869,7 +867,7 @@ index b63e3af59f3829..121cf04e54cd87 100644 h := []func() hash.Hash{ New, New384, -@@ -873,6 +880,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -885,6 +892,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -893,7 +891,7 @@ index 698efc6751e12c..575d51b02298c8 100644 package tls diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 50330a2cd77cf7..1b47fc8bffdf1d 100644 +index 1f577fd1d4d9ec..3cdde9780352a4 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -2,7 +2,7 @@ @@ -932,7 +930,7 @@ index 9c1d3d279c472f..0ca7a863b73690 100644 package fipsonly diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 503a732e05765e..db8919aaf9cbdd 100644 +index b8cf4c3fa50b24..dd2c36ab1bef0b 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -14,6 +14,7 @@ import ( @@ -943,7 +941,7 @@ index 503a732e05765e..db8919aaf9cbdd 100644 "io" "slices" "time" -@@ -442,6 +443,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { +@@ -441,6 +442,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { } marshaler, ok := in.(binaryMarshaler) if !ok { @@ -986,7 +984,7 @@ index 9aec21dbcd3bff..05324f731bedc4 100644 package x509 diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index b3227dc2560ff8..49639cd1ebaa8a 100644 +index 8cfc61049d0a08..8948d51dfabd20 100644 --- a/src/crypto/x509/boring_test.go +++ b/src/crypto/x509/boring_test.go @@ -2,7 +2,7 @@ @@ -1012,7 +1010,7 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 7a6455fefb4bed..ac91a5201b6581 100644 +index e3bab6c545819d..76f44dcd249e4b 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 @@ -1024,7 +1022,7 @@ index 7a6455fefb4bed..ac91a5201b6581 100644 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index b8e460e0a13c1c..19b381f6211587 100644 +index 8ec2c59f2c63e5..87b5f8e316f388 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ @@ -1036,10 +1034,10 @@ index b8e460e0a13c1c..19b381f6211587 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e69c1f8901fe74..eb0b0ea4eb4622 100644 +index 097bffd599bc96..af0d39d1a84f76 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -460,6 +460,10 @@ var depsRules = ` +@@ -459,6 +459,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -1050,7 +1048,7 @@ index e69c1f8901fe74..eb0b0ea4eb4622 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -500,6 +504,7 @@ var depsRules = ` +@@ -499,6 +503,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -1136,7 +1134,7 @@ index 00000000000000..99ee2542ca38a9 +const CNGCrypto = true +const CNGCryptoInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index ef00871d619651..c0f1a8a0322dbf 100644 +index 9c8b16735cd4f1..2e6bf5d7f8284d 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go @@ -60,6 +60,7 @@ type Flags struct { From 3813ef3ccd1444c5dd55b480f50af12617ebb4ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 4 Oct 2024 10:39:06 +0000 Subject: [PATCH 037/887] Bump github/codeql-action from 3.26.10 to 3.26.11 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.11. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e2b3eafc8d227b0241d48be5f425d47c2d750a13...6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 362c195be96..e2c60e9e61c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e2b3eafc8d227b0241d48be5f425d47c2d750a13 # v3.26.10 + uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 with: category: /language:go From ebaa601f71211da0e29de40a74b2822e2b7b258b Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Fri, 4 Oct 2024 16:07:24 +0000 Subject: [PATCH 038/887] Update submodule to latest master (065c1359): internal/cpu: add CPU feature LAMCAS and LAM_BH detection on loong64 --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 03103a54d83..065c1359e1b 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 03103a54d830ee14187aac7720e42000927a6ce9 +Subproject commit 065c1359e1bc3d6744a925339484592b13d713dd From 08f655ae4b6a06ffb959bd6fed3570429817cff6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 10:53:56 +0000 Subject: [PATCH 039/887] Bump golang.org/x/sys from 0.25.0 to 0.26.0 in /eng/_util Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.25.0 to 0.26.0. - [Commits](https://github.com/golang/sys/compare/v0.25.0...v0.26.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 8070ff56995..3215f0670b7 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,7 @@ go 1.21 require ( github.com/microsoft/go-infra v0.0.5 - golang.org/x/sys v0.25.0 + golang.org/x/sys v0.26.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index da93b1e3eb9..f318609f8b8 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -79,8 +79,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From 28cba716eb6fe8c6c5691996806497cb5200920a Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 7 Oct 2024 16:04:02 +0200 Subject: [PATCH 040/887] only support 2-primes RSA keys --- .../0002-Add-crypto-backend-foundation.patch | 65 ++++++++--- patches/0005-Add-CNG-crypto-backend.patch | 101 ++---------------- 2 files changed, 63 insertions(+), 103 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 3e2698ba414..1b897e267b6 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -21,7 +21,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/hmac/hmac_test.go | 2 +- src/crypto/internal/backend/backend_test.go | 30 +++ src/crypto/internal/backend/bbig/big.go | 17 ++ - src/crypto/internal/backend/common.go | 78 ++++++++ + src/crypto/internal/backend/common.go | 92 +++++++++ src/crypto/internal/backend/isrequirefips.go | 9 + src/crypto/internal/backend/nobackend.go | 193 +++++++++++++++++++ src/crypto/internal/backend/norequirefips.go | 9 + @@ -33,9 +33,9 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rc4/rc4.go | 18 ++ src/crypto/rsa/boring.go | 4 +- src/crypto/rsa/notboring.go | 2 +- - src/crypto/rsa/pkcs1v15.go | 6 +- + src/crypto/rsa/pkcs1v15.go | 10 +- src/crypto/rsa/pkcs1v15_test.go | 5 + - src/crypto/rsa/pss.go | 6 +- + src/crypto/rsa/pss.go | 8 +- src/crypto/rsa/rsa.go | 21 +- src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- @@ -55,7 +55,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 51 files changed, 790 insertions(+), 104 deletions(-) + 51 files changed, 807 insertions(+), 107 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -537,10 +537,10 @@ index 00000000000000..85bd3ed083f5b2 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..efdd080a1b7708 +index 00000000000000..f83ff4abacc1dc --- /dev/null +++ b/src/crypto/internal/backend/common.go -@@ -0,0 +1,78 @@ +@@ -0,0 +1,92 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -549,6 +549,7 @@ index 00000000000000..efdd080a1b7708 + +import ( + "crypto/internal/boring/sig" ++ "internal/goexperiment" + "runtime" + "syscall" +) @@ -619,6 +620,19 @@ index 00000000000000..efdd080a1b7708 + } + } +} ++ ++func IsRSAKeySupported(primes int) bool { ++ if goexperiment.BoringCrypto { ++ return true ++ } ++ // CNG only support 2-prime RSA keys. ++ // The built-in OpenSSL providers do support n-prime RSA keys, ++ // but the SymCrypt provider for OpenSSL only supports 2-prime RSA keys. ++ // Only 2-prime RSA keys are FIPS compliant, other n having compatibility ++ // and security issues. Even crypto/rsa recently deprecated rsa.GenerateMultiPrimeKey. ++ // Given the above reasons, we only support 2-prime RSA keys. ++ return primes == 2 ++} diff --git a/src/crypto/internal/backend/isrequirefips.go b/src/crypto/internal/backend/isrequirefips.go new file mode 100644 index 00000000000000..e5d7570d6d4363 @@ -1030,7 +1044,7 @@ index 2abc0436405f8a..34c22c8fbba7da 100644 func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { panic("boringcrypto: not available") diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 2f958022f98584..552c6886813f46 100644 +index 2f958022f98584..790d9cef5d3563 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -7,7 +7,7 @@ package rsa @@ -1042,12 +1056,30 @@ index 2f958022f98584..552c6886813f46 100644 "crypto/internal/randutil" "crypto/subtle" "errors" +@@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b + return nil, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -189,7 +189,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, + return + } + +- if boring.Enabled { ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { + var bkey *boring.PrivateKeyRSA + bkey, err = boringPrivateKey(priv) + if err != nil { @@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ return nil, err } - if boring.Enabled { -+ if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) { ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) && (hash == 0 || boring.SupportsHash(hash)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1084,7 +1116,7 @@ index dfa1eddc886ff3..849dafacf93d0f 100644 _, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) if err == nil { diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 5716c464ca0a33..63f1100cabab64 100644 +index 5716c464ca0a33..4aac87d7952081 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -9,7 +9,7 @@ package rsa @@ -1096,12 +1128,21 @@ index 5716c464ca0a33..63f1100cabab64 100644 "errors" "hash" "io" +@@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([ + return nil, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err @@ -300,7 +300,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, hash = opts.Hash } - if boring.Enabled && rand == boring.RandReader { -+ if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) { ++ if boring.Enabled && rand == boring.RandReader && boring.IsRSAKeySupported(len(priv.Primes)) && boring.SupportsHash(hash) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1115,7 +1156,7 @@ index 5716c464ca0a33..63f1100cabab64 100644 if err != nil { return err diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 4d78d1eaaa6be0..72a06ac902a252 100644 +index 4d78d1eaaa6be0..a016c4f8362cf5 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -26,14 +26,15 @@ package rsa @@ -1169,7 +1210,7 @@ index 4d78d1eaaa6be0..72a06ac902a252 100644 } - if boring.Enabled { -+ if boring.Enabled && hash == mgfHash { ++ if boring.Enabled && hash == mgfHash && boring.IsRSAKeySupported(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 14ee01ca9ed..8a62095f84d 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + src/crypto/internal/backend/cng_windows.go | 280 ++++++++++++++++++ - src/crypto/internal/backend/common.go | 21 +- + src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/md5/md5_test.go | 7 + @@ -22,10 +22,8 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/rsa/boring.go | 2 +- src/crypto/rsa/boring_test.go | 2 +- src/crypto/rsa/notboring.go | 2 +- - src/crypto/rsa/pkcs1v15.go | 6 +- - src/crypto/rsa/pss.go | 8 +- + src/crypto/rsa/pss.go | 2 +- src/crypto/rsa/pss_test.go | 2 +- - src/crypto/rsa/rsa.go | 2 +- src/crypto/rsa/rsa_test.go | 8 +- src/crypto/sha1/sha1_test.go | 7 + src/crypto/sha256/sha256_test.go | 10 + @@ -48,7 +46,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 44 files changed, 452 insertions(+), 33 deletions(-) + 42 files changed, 436 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -476,18 +474,10 @@ index 00000000000000..3d3d13709de5ac + panic("cryptobackend: not available") +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index efdd080a1b7708..41e1e0cc69ec57 100644 +index f83ff4abacc1dc..b05374a9d62a97 100644 --- a/src/crypto/internal/backend/common.go +++ b/src/crypto/internal/backend/common.go -@@ -6,6 +6,7 @@ package backend - - import ( - "crypto/internal/boring/sig" -+ "internal/goexperiment" - "runtime" - "syscall" - ) -@@ -67,7 +68,11 @@ func hasSuffix(s, t string) bool { +@@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool { // UnreachableExceptTests marks code that should be unreachable // when backend is in use. It panics. func UnreachableExceptTests() { @@ -500,18 +490,11 @@ index efdd080a1b7708..41e1e0cc69ec57 100644 name := runtime_arg0() // If ran on Windows we'd need to allow _test.exe and .test.exe as well. if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { -@@ -76,3 +81,17 @@ func UnreachableExceptTests() { - } - } +@@ -90,3 +94,10 @@ func IsRSAKeySupported(primes int) bool { + // Given the above reasons, we only support 2-prime RSA keys. + return primes == 2 } + -+func IsRSAKeySupported(primes int) bool { -+ if goexperiment.CNGCrypto { -+ return primes == 2 -+ } -+ return true -+} -+ +func IsSaltSupported(salt int) bool { + if goexperiment.CNGCrypto { + return salt != 0 // rsa.PSSSaltLengthAuto @@ -638,62 +621,11 @@ index 933ac569e034a8..0f152b210fdd84 100644 package rsa -diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 552c6886813f46..7b3c9211992f6b 100644 ---- a/src/crypto/rsa/pkcs1v15.go -+++ b/src/crypto/rsa/pkcs1v15.go -@@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -189,7 +189,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, - return - } - -- if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { - var bkey *boring.PrivateKeyRSA - bkey, err = boringPrivateKey(priv) - if err != nil { -@@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ - return nil, err - } - -- if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) { -+ if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) && boring.IsRSAKeySupported(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 63f1100cabab64..94fac3f1a1ce55 100644 +index 4aac87d7952081..010ee1467501c3 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go -@@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([ - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -300,7 +300,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - hash = opts.Hash - } - -- if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) { -+ if boring.Enabled && rand == boring.RandReader && -+ boring.SupportsHash(hash) && boring.IsRSAKeySupported(len(priv.Primes)) { -+ - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -342,7 +344,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, +@@ -342,7 +342,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, // The inputs are not considered confidential, and may leak through timing side // channels, or if an attacker has control of part of the inputs. func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { @@ -715,19 +647,6 @@ index 637d07e18cff2e..21435b86b52dad 100644 if err != nil { t.Fatal(err) } -diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 72a06ac902a252..a016c4f8362cf5 100644 ---- a/src/crypto/rsa/rsa.go -+++ b/src/crypto/rsa/rsa.go -@@ -729,7 +729,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci - return nil, ErrDecryption - } - -- if boring.Enabled && hash == mgfHash { -+ if boring.Enabled && hash == mgfHash && boring.IsRSAKeySupported(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go index dbcc1bec58bd46..b1e9d8e94c2c9e 100644 --- a/src/crypto/rsa/rsa_test.go From a9a1f0383a672d251e7394cc63ed26397c69b0de Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 7 Oct 2024 20:39:10 +0200 Subject: [PATCH 041/887] Apply suggestions from code review Co-authored-by: Davis Goodin --- patches/0002-Add-crypto-backend-foundation.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 1b897e267b6..5ef56279654 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -625,11 +625,11 @@ index 00000000000000..f83ff4abacc1dc + if goexperiment.BoringCrypto { + return true + } -+ // CNG only support 2-prime RSA keys. -+ // The built-in OpenSSL providers do support n-prime RSA keys, ++ // CNG only supports 2-prime RSA keys. ++ // The built-in OpenSSL 3 providers and OpenSSL 1 do support n-prime RSA keys, + // but the SymCrypt provider for OpenSSL only supports 2-prime RSA keys. + // Only 2-prime RSA keys are FIPS compliant, other n having compatibility -+ // and security issues. Even crypto/rsa recently deprecated rsa.GenerateMultiPrimeKey. ++ // and security issues. Even crypto/rsa deprecated rsa.GenerateMultiPrimeKey as of Go 1.21. + // Given the above reasons, we only support 2-prime RSA keys. + return primes == 2 +} From 6611df5356bdb55aa155863d8c47dd4fba7c4941 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Mon, 7 Oct 2024 23:25:38 +0000 Subject: [PATCH 042/887] Update submodule to latest master (356ba0f0): net: detect EAI_ADDRFAMILY for cgo host lookup on FreeBSD --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 065c1359e1b..356ba0f0658 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 065c1359e1bc3d6744a925339484592b13d713dd +Subproject commit 356ba0f06586a833cd8de9c04af0d2adddf95851 From 6590cd50093d666051b9f5e323cfcc3199987851 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 8 Oct 2024 10:26:10 +0200 Subject: [PATCH 043/887] fix conflicts --- .../0002-Add-crypto-backend-foundation.patch | 32 +++++++++++++------ patches/0005-Add-CNG-crypto-backend.patch | 28 ++-------------- 2 files changed, 25 insertions(+), 35 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 3e2698ba414..3de70f202f3 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -29,7 +29,8 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/md5/md5.go | 7 + src/crypto/md5/md5_test.go | 4 + src/crypto/purego_test.go | 2 +- - src/crypto/rand/rand_unix.go | 2 +- + src/crypto/rand/rand.go | 2 +- + src/crypto/rand/rand_test.go | 2 +- src/crypto/rc4/rc4.go | 18 ++ src/crypto/rsa/boring.go | 4 +- src/crypto/rsa/notboring.go | 2 +- @@ -55,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 51 files changed, 790 insertions(+), 104 deletions(-) + 52 files changed, 791 insertions(+), 105 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -931,19 +932,32 @@ index 62be347e0c6822..d284b5cf7814a6 100644 continue } -diff --git a/src/crypto/rand/rand_unix.go b/src/crypto/rand/rand_unix.go -index 40fce36314adfa..1d6231ae91d5ae 100644 ---- a/src/crypto/rand/rand_unix.go -+++ b/src/crypto/rand/rand_unix.go -@@ -10,7 +10,7 @@ +diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go +index 7c18d595c2eeaa..6750262c4241e5 100644 +--- a/src/crypto/rand/rand.go ++++ b/src/crypto/rand/rand.go +@@ -7,7 +7,7 @@ package rand import ( - "crypto/internal/boring" + boring "crypto/internal/backend" - "errors" + "internal/godebug" "io" "os" +diff --git a/src/crypto/rand/rand_test.go b/src/crypto/rand/rand_test.go +index 2372413279dafe..55e68ed21ca68e 100644 +--- a/src/crypto/rand/rand_test.go ++++ b/src/crypto/rand/rand_test.go +@@ -7,7 +7,7 @@ package rand + import ( + "bytes" + "compress/flate" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "errors" + "internal/race" + "internal/testenv" diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go index 67452ec39f0fd4..47726d0ebe38d9 100644 --- a/src/crypto/rc4/rc4.go @@ -1720,7 +1734,7 @@ index 319ac61f49c994..1b2454dbaab264 100644 t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e233535f752dfc..6b023f055b24ea 100644 +index 3adc26ae2b6e29..f05cec9d7c3253 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -447,7 +447,9 @@ var depsRules = ` diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 14ee01ca9ed..c9384e3853c 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -18,7 +18,6 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/md5/md5_test.go | 7 + - src/crypto/rand/rand_windows.go | 9 +- src/crypto/rsa/boring.go | 2 +- src/crypto/rsa/boring_test.go | 2 +- src/crypto/rsa/notboring.go | 2 +- @@ -48,7 +47,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 44 files changed, 452 insertions(+), 33 deletions(-) + 43 files changed, 444 insertions(+), 32 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -576,29 +575,6 @@ index 3a973eebd284a4..5e24e07e2787e2 100644 for i, test := range largeUnmarshalTests { h := New() -diff --git a/src/crypto/rand/rand_windows.go b/src/crypto/rand/rand_windows.go -index 7380f1f0f1e6e6..35318d8fa67336 100644 ---- a/src/crypto/rand/rand_windows.go -+++ b/src/crypto/rand/rand_windows.go -@@ -8,10 +8,17 @@ - package rand - - import ( -+ boring "crypto/internal/backend" - "internal/syscall/windows" - ) - --func init() { Reader = &rngReader{} } -+func init() { -+ if boring.Enabled { -+ Reader = boring.RandReader -+ return -+ } -+ Reader = &rngReader{} -+} - - type rngReader struct{} - diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go index 220f8c05c3d94b..dd20b4af2e0472 100644 --- a/src/crypto/rsa/boring.go @@ -1034,7 +1010,7 @@ index 8ec2c59f2c63e5..87b5f8e316f388 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 097bffd599bc96..af0d39d1a84f76 100644 +index 03005f247513cf..c77db5a856b7f6 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -459,6 +459,10 @@ var depsRules = ` From 206337cc8e9f45c4cd477f3126f628224280ed8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 09:39:05 -0700 Subject: [PATCH 044/887] Bump github/codeql-action from 3.26.11 to 3.26.12 (#1358) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.11 to 3.26.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea...c36620d31ac7c881962c3d9dd939c40ec9434f2b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e2c60e9e61c..7d31134b2da 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: category: /language:go From 495f7d6c57bc6342e67a92e2eb2de3a1d0b31215 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 10:23:44 +0000 Subject: [PATCH 045/887] Bump github/codeql-action from 3.26.12 to 3.26.13 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c36620d31ac7c881962c3d9dd939c40ec9434f2b...f779452ac5af1c261dce0346a8f964149f49322b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7d31134b2da..917fb1736ae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: category: /language:go From f1b7c61826922a8d2a4b7b6c2663c901203c776e Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Fri, 18 Oct 2024 16:05:44 +0000 Subject: [PATCH 046/887] Update submodule to latest master (6853d894): syscall: keep write access when O_TRUNC is used on Windows --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 356ba0f0658..6853d89477e 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 356ba0f06586a833cd8de9c04af0d2adddf95851 +Subproject commit 6853d89477e0886c7c96b08e7efaf74abedfcf71 From 75c43266c1fd0f38b10c3e6781b1e58db573cbd8 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Mon, 21 Oct 2024 16:06:37 +0000 Subject: [PATCH 047/887] Update submodule to latest master (acd072a0): runtime: execute publicationBarrier in noscan case for delayed zeroing --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 6853d89477e..acd072a0784 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 6853d89477e0886c7c96b08e7efaf74abedfcf71 +Subproject commit acd072a0784863dfbdf32da9d770753722270a26 From 0f1de95b82da55c9a0f237396ccedcd86abb757c Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 23 Oct 2024 11:07:23 +0200 Subject: [PATCH 048/887] update eng/run.ps1 documentation --- eng/README.md | 4 +++- eng/_util/cmd/build/build.go | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/eng/README.md b/eng/README.md index b9982ebc896..93498669919 100644 --- a/eng/README.md +++ b/eng/README.md @@ -33,7 +33,9 @@ pwsh eng/run.ps1 build -refresh patches) before the command builds the repository. Remove `-refresh` if you've made changes in the submodule (`go`) that you want to keep. * Add `-test` to run tests after the build completes. -* Add `-pack` to create an archive file containing the Go build in +* Add `-packbuild` to create an archive file containing the Go build in + `eng/artifacts/bin`. (A `.tar.gz` or `.zip` file, depending on GOOS) +* Add `-packsource` to create an archive file containing the Go sources in `eng/artifacts/bin`. (A `.tar.gz` or `.zip` file, depending on GOOS) Run this command for more information: diff --git a/eng/_util/cmd/build/build.go b/eng/_util/cmd/build/build.go index 7af05339872..03d39428e6a 100644 --- a/eng/_util/cmd/build/build.go +++ b/eng/_util/cmd/build/build.go @@ -33,7 +33,7 @@ in 'src' such as 'src/run.bash' instead of this script. Example: Build Go, run tests, and produce an archive file: - eng/run.ps1 build -test -pack + eng/run.ps1 build -test -packbuild ` func main() { From 164cb277575d3bba98c12129a9cd53f3fb0398e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 10:35:55 +0000 Subject: [PATCH 049/887] Bump github/codeql-action from 3.26.13 to 3.27.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...662472033e021d55d94146f66f6058822b0b39fd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 917fb1736ae..1e6c5589053 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: category: /language:go From 788f76ea8da43ae61ac948ce43e583ef18a777a0 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 23 Oct 2024 18:37:01 +0100 Subject: [PATCH 050/887] workflow: add automerge job to approve PRs from microsoft-golang-bot (#1366) --- .github/workflows/auto-merge.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/auto-merge.yml diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml new file mode 100644 index 00000000000..1afdb677ec6 --- /dev/null +++ b/.github/workflows/auto-merge.yml @@ -0,0 +1,25 @@ +name: Pull Request auto-merge +on: pull_request_target + +permissions: + contents: write + pull-requests: write + +jobs: + automerge: + # Only run for the microsoft-golang-bot + if: github.actor == 'microsoft-golang-bot' + runs-on: ubuntu-latest + + steps: + - name: Approve pull request + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} + + - name: Enable auto-merge for pull request + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} From 563fd270ac8e2e5c30b989c514c47597d1a15e88 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 23 Oct 2024 18:17:06 +0000 Subject: [PATCH 051/887] Update submodule to latest master (87a89fa4): runtime: add the checkPtraceScope to skip certain tests --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index acd072a0784..87a89fa4513 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit acd072a0784863dfbdf32da9d770753722270a26 +Subproject commit 87a89fa45130d4406fa4d9f0882b9c5014240d03 From 6176ea40c20f1a68ac1d95dcbc51b971fc4a9e78 Mon Sep 17 00:00:00 2001 From: Martijn Verburg Date: Thu, 24 Oct 2024 07:48:23 +1300 Subject: [PATCH 052/887] Update eng/README.md Co-authored-by: Davis Goodin --- eng/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/README.md b/eng/README.md index 93498669919..d127a437b4e 100644 --- a/eng/README.md +++ b/eng/README.md @@ -35,8 +35,8 @@ pwsh eng/run.ps1 build -refresh * Add `-test` to run tests after the build completes. * Add `-packbuild` to create an archive file containing the Go build in `eng/artifacts/bin`. (A `.tar.gz` or `.zip` file, depending on GOOS) -* Add `-packsource` to create an archive file containing the Go sources in - `eng/artifacts/bin`. (A `.tar.gz` or `.zip` file, depending on GOOS) +* Add `-packsource` to create a `.tar.gz` file containing the Go sources in + `eng/artifacts/bin`. Run this command for more information: From c4456d8d809abf77cbea97f59a1e4091b5abc119 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 23 Oct 2024 15:34:36 -0700 Subject: [PATCH 053/887] Add more patching docs, mention git-go-patch --- eng/README.md | 39 ++++++++++++++++++++++++++++----------- patches/README.md | 8 ++++++++ 2 files changed, 36 insertions(+), 11 deletions(-) create mode 100644 patches/README.md diff --git a/eng/README.md b/eng/README.md index d127a437b4e..9aa1ec0faf0 100644 --- a/eng/README.md +++ b/eng/README.md @@ -56,14 +56,31 @@ complete, to match the content of the official binary releases of Go. ## Patch files -The Microsoft Go repository uses patch files to apply changes to the `go` -submodule. The patch files are found in [`/patches`](/patches). The `-refresh` -argument to the `build` tool applies patches. Or, try: - -``` -pwsh eng/run.ps1 submodule-refresh -h -``` - -These patch files contain all the changes made to the upstream Go source code. -To explore them with Git, run `pwsh eng/run.ps1 submodule-refresh -commits` and -look at Git history inside the `go` submodule. +The Microsoft Go repository uses patch files to store changes to the `go` +submodule. The patch files are found in [`/patches`](/patches). + +We created [the `git-go-patch` tool][git-go-patch] to develop and maintain the +patch files. We wrote this tool specifically for the Microsoft Go project. It's +a Go program that can be invoked as `git go-patch` after it's installed. See +[the `git-go-patch` readme][git-go-patch] for more information. + +We also have some utilities in this repository to apply patches without +installing `git-go-patch`: + +* `pwsh eng/run.ps1 submodule-refresh` updates the submodule and applies the + patches. + * Pass `-commits` to apply each patch as a separate commit. +* `pwsh eng/run.ps1 build -refresh` refreshes the submodule and applies patches + and then goes on to build Microsoft Go. + +The patch files are ordinary Git patches and can also be applied manually +without any custom tooling. Git commands like [`git +am`](https://git-scm.com/docs/git-am) and [`git +apply`](https://git-scm.com/docs/git-apply) work directly. [`git +format-patch`](https://git-scm.com/docs/git-format-patch) produces the same +patch format as `git-go-patch`. + +Editing the patch files by hand is not recommended. Use `git-go-patch` or manual +`git` patching commands to let Git handle the formatting and fine details. + +[git-go-patch]: https://github.com/microsoft/go-infra/tree/main/cmd/git-go-patch diff --git a/patches/README.md b/patches/README.md new file mode 100644 index 00000000000..51e6703679a --- /dev/null +++ b/patches/README.md @@ -0,0 +1,8 @@ +# Microsoft Go patches + +The patches in this directory are applied to the `/go` submodule before building Microsoft Go. +This is done automatically by the build tools provided in `/eng`. + +We use [`git-go-patch`](https://github.com/microsoft/go-infra/tree/main/cmd/git-go-patch) to maintain these patch files. + +See [the `/eng` README](../eng/README.md) for more information. From f04dd24de68bfc1ada3c92b2b02053c3d68b2fad Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 24 Oct 2024 14:27:17 +0200 Subject: [PATCH 054/887] add Azure Linux 3 to CI pipelines --- eng/pipeline/pr-outerloop-pipeline.yml | 2 ++ eng/pipeline/pr-pipeline.yml | 2 ++ eng/pipeline/rolling-innerloop-pipeline.yml | 2 ++ eng/pipeline/rolling-pipeline.yml | 2 ++ eng/pipeline/stages/go-builder-matrix-stages.yml | 1 + eng/pipeline/stages/run-stage.yml | 2 ++ 6 files changed, 11 insertions(+) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index ebba7ae920a..0d482700a31 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -24,6 +24,8 @@ resources: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + - container: azurelinux3 + image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index 8a511b43bfd..91337351ce0 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -21,6 +21,8 @@ resources: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + - container: azurelinux3 + image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index cc58fed09f0..ebc8ba2e3a0 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -44,6 +44,8 @@ extends: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + azurelinux3: + image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index fd7cb59ed16..cf9f23d24e1 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -37,6 +37,8 @@ extends: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + azurelinux3: + image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 0c4cc12d153..95759be0e2c 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -77,6 +77,7 @@ stages: - { os: linux, arch: amd64, config: devscript } - { os: linux, arch: amd64, config: test } - { os: linux, arch: amd64, config: test, distro: ubuntu } + - { os: linux, arch: amd64, config: test, distro: azurelinux3 } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index d7d7d5b9879..d8fcf5000a4 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -71,6 +71,8 @@ stages: ${{ if eq(parameters.builder.hostArch, 'amd64') }}: ${{ if eq(parameters.builder.distro, 'ubuntu') }}: container: ubuntu2204 + ${{ elseif eq(parameters.builder.distro, 'azurelinux3') }}: + container: azurelinux3 ${{ else }}: container: mariner1 ${{ elseif eq(parameters.builder.hostArch, 'arm64') }}: From 03a143266082c9bcb2b07d7047d3214deb5ec80f Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 24 Oct 2024 14:38:33 +0200 Subject: [PATCH 055/887] fix image name --- eng/pipeline/pr-outerloop-pipeline.yml | 2 +- eng/pipeline/pr-pipeline.yml | 2 +- eng/pipeline/rolling-innerloop-pipeline.yml | 2 +- eng/pipeline/rolling-pipeline.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index 0d482700a31..74d169e88d0 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -25,7 +25,7 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: azurelinux3 - image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index 91337351ce0..9a8271baeb3 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -22,7 +22,7 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: azurelinux3 - image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index ebc8ba2e3a0..33bbb4309a9 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -45,7 +45,7 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 azurelinux3: - image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index cf9f23d24e1..d86feb0d1a2 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -38,7 +38,7 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 azurelinux3: - image: golangpublicimages.azurecr.io/infra-images:azurelinux-3.0-amd64-default + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 stages: - template: stages/go-builder-matrix-stages.yml From 56c93bb7713797e5b9d5066506b33954255e1e78 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 24 Oct 2024 17:51:58 +0200 Subject: [PATCH 056/887] upgrade image --- eng/pipeline/pr-outerloop-pipeline.yml | 2 +- eng/pipeline/pr-pipeline.yml | 2 +- eng/pipeline/rolling-innerloop-pipeline.yml | 2 +- eng/pipeline/rolling-pipeline.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index 74d169e88d0..45fc8743775 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -25,7 +25,7 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: azurelinux3 - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index 9a8271baeb3..ce50b025817 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -22,7 +22,7 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: azurelinux3 - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index 33bbb4309a9..85ba25c14b2 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -45,7 +45,7 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 azurelinux3: - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index d86feb0d1a2..e360909614b 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -38,7 +38,7 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 azurelinux3: - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024101937-2ca0565 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml From 1cd325c2eb07230ed3cc9f563f2051c092d65898 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 24 Oct 2024 18:01:35 +0200 Subject: [PATCH 057/887] add openssl test for az3 --- eng/pipeline/stages/go-builder-matrix-stages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 95759be0e2c..8b5ea8b95ca 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -81,6 +81,7 @@ stages: - { experiment: opensslcrypto, os: linux, arch: amd64, config: test } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3 } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { os: windows, arch: amd64, config: devscript } From c75ccae64f6c4f10c17af1376ad275a3951a49d5 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 08:05:41 +0200 Subject: [PATCH 058/887] don't fail pipeline if AZL3 tests fail --- eng/pipeline/stages/builders-to-stages.yml | 2 +- eng/pipeline/stages/go-builder-matrix-stages.yml | 2 +- eng/pipeline/stages/run-stage.yml | 4 +++- eng/pipeline/stages/shorthand-builders-to-builders.yml | 4 ++-- eng/pipeline/stages/sign-stage.yml | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/eng/pipeline/stages/builders-to-stages.yml b/eng/pipeline/stages/builders-to-stages.yml index f3e14134e6e..4b9a4d98eed 100644 --- a/eng/pipeline/stages/builders-to-stages.yml +++ b/eng/pipeline/stages/builders-to-stages.yml @@ -5,7 +5,7 @@ # This template expands a list of builders into a list of jobs. parameters: - # [] of { id, os, arch, hostarch, config, distro?, experiment? } + # [] of { id, os, arch, hostarch, config, distro?, experiment?, flaky? } builders: [] # If true, include a signing stage+job that depends on all 'buildandpack' builder jobs finishing. sign: false diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 8b5ea8b95ca..45fcb5118f4 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -81,7 +81,7 @@ stages: - { experiment: opensslcrypto, os: linux, arch: amd64, config: test } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3 } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, flaky: true } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { os: windows, arch: amd64, config: devscript } diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index d8fcf5000a4..f4ec4b3f01d 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -5,7 +5,7 @@ # This job runs a builder for any OS. parameters: - # { id, os, arch, hostArch, config, distro?, experiment?, fips? } + # { id, os, arch, hostArch, config, distro?, experiment?, fips?, flaky? } - name: builder type: object @@ -280,6 +280,8 @@ stages: condition: and(ne(variables['TEST_BUILDER_SUCCESSFUL'], 'true'), succeeded()) ${{ if ne(attempt, 'FINAL') }}: ignoreLASTEXITCODE: true + ${{ if eq(parameters.builder.flaky, true) }}: + continueOnError: true # - ${{ if eq(parameters.builder.config, 'buildandpack' ) }}: # - ${{ if ne(parameters.releaseVersion, 'nil') }}: diff --git a/eng/pipeline/stages/shorthand-builders-to-builders.yml b/eng/pipeline/stages/shorthand-builders-to-builders.yml index 815ea652fb8..3becb76166b 100644 --- a/eng/pipeline/stages/shorthand-builders-to-builders.yml +++ b/eng/pipeline/stages/shorthand-builders-to-builders.yml @@ -11,13 +11,13 @@ # to be used by template expressions, as of writing. parameters: - # [] of { os, arch, hostArch, config, distro?, experiment? } + # [] of { os, arch, hostArch, config, distro?, experiment?, flaky? } # If hostArch is not defined, defaults to the arch value. # The job ID is generated based on these values. shorthandBuilders: [] # The inner jobs template to pass the filed-out builders into. # - # It should accept parameter "builders", [] of { id, os, arch, hostArch, config, distro?, fips? } + # It should accept parameter "builders", [] of { id, os, arch, hostArch, config, distro?, fips?, flaky? } jobsTemplate: "" jobsParameters: {} diff --git a/eng/pipeline/stages/sign-stage.yml b/eng/pipeline/stages/sign-stage.yml index 1ae4e7cfbc9..f924544e67c 100644 --- a/eng/pipeline/stages/sign-stage.yml +++ b/eng/pipeline/stages/sign-stage.yml @@ -6,7 +6,7 @@ # publishes the signed files and signatures into a consolidated pipeline artifact. parameters: - # [] of { id, os, arch, config, distro?, experiment? } + # [] of { id, os, arch, config, distro?, experiment?, flaky? } builders: [] stages: From 5e12e9bca47aea97e4425362e2fbddfe5469c33a Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 08:43:20 +0200 Subject: [PATCH 059/887] rename flaky for broken --- eng/pipeline/stages/builders-to-stages.yml | 2 +- eng/pipeline/stages/go-builder-matrix-stages.yml | 2 +- eng/pipeline/stages/run-stage.yml | 4 ++-- eng/pipeline/stages/shorthand-builders-to-builders.yml | 4 ++-- eng/pipeline/stages/sign-stage.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/eng/pipeline/stages/builders-to-stages.yml b/eng/pipeline/stages/builders-to-stages.yml index 4b9a4d98eed..f5d29d3ede2 100644 --- a/eng/pipeline/stages/builders-to-stages.yml +++ b/eng/pipeline/stages/builders-to-stages.yml @@ -5,7 +5,7 @@ # This template expands a list of builders into a list of jobs. parameters: - # [] of { id, os, arch, hostarch, config, distro?, experiment?, flaky? } + # [] of { id, os, arch, hostarch, config, distro?, experiment?, broken? } builders: [] # If true, include a signing stage+job that depends on all 'buildandpack' builder jobs finishing. sign: false diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 45fcb5118f4..60e3b51638d 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -81,7 +81,7 @@ stages: - { experiment: opensslcrypto, os: linux, arch: amd64, config: test } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, flaky: true } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, broken: true } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { os: windows, arch: amd64, config: devscript } diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index f4ec4b3f01d..a0db3d50d09 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -5,7 +5,7 @@ # This job runs a builder for any OS. parameters: - # { id, os, arch, hostArch, config, distro?, experiment?, fips?, flaky? } + # { id, os, arch, hostArch, config, distro?, experiment?, fips?, broken? } - name: builder type: object @@ -280,7 +280,7 @@ stages: condition: and(ne(variables['TEST_BUILDER_SUCCESSFUL'], 'true'), succeeded()) ${{ if ne(attempt, 'FINAL') }}: ignoreLASTEXITCODE: true - ${{ if eq(parameters.builder.flaky, true) }}: + ${{ if eq(parameters.builder.broken, true) }}: continueOnError: true # - ${{ if eq(parameters.builder.config, 'buildandpack' ) }}: diff --git a/eng/pipeline/stages/shorthand-builders-to-builders.yml b/eng/pipeline/stages/shorthand-builders-to-builders.yml index 3becb76166b..123790bcad9 100644 --- a/eng/pipeline/stages/shorthand-builders-to-builders.yml +++ b/eng/pipeline/stages/shorthand-builders-to-builders.yml @@ -11,13 +11,13 @@ # to be used by template expressions, as of writing. parameters: - # [] of { os, arch, hostArch, config, distro?, experiment?, flaky? } + # [] of { os, arch, hostArch, config, distro?, experiment?, broken? } # If hostArch is not defined, defaults to the arch value. # The job ID is generated based on these values. shorthandBuilders: [] # The inner jobs template to pass the filed-out builders into. # - # It should accept parameter "builders", [] of { id, os, arch, hostArch, config, distro?, fips?, flaky? } + # It should accept parameter "builders", [] of { id, os, arch, hostArch, config, distro?, fips?, broken? } jobsTemplate: "" jobsParameters: {} diff --git a/eng/pipeline/stages/sign-stage.yml b/eng/pipeline/stages/sign-stage.yml index f924544e67c..73e1e046a58 100644 --- a/eng/pipeline/stages/sign-stage.yml +++ b/eng/pipeline/stages/sign-stage.yml @@ -6,7 +6,7 @@ # publishes the signed files and signatures into a consolidated pipeline artifact. parameters: - # [] of { id, os, arch, config, distro?, experiment?, flaky? } + # [] of { id, os, arch, config, distro?, experiment?, broken? } builders: [] stages: From 3bd1a03ea633ff6806e37998f1ea350514e5cb56 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 08:46:32 +0200 Subject: [PATCH 060/887] handle retries --- eng/pipeline/stages/run-stage.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index a0db3d50d09..011e94ce99b 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -280,7 +280,8 @@ stages: condition: and(ne(variables['TEST_BUILDER_SUCCESSFUL'], 'true'), succeeded()) ${{ if ne(attempt, 'FINAL') }}: ignoreLASTEXITCODE: true - ${{ if eq(parameters.builder.broken, true) }}: + ${{ elseif eq(parameters.builder.broken, true) }}: + # Don't fail the job if we are at the last retry and the builder is marked as broken. continueOnError: true # - ${{ if eq(parameters.builder.config, 'buildandpack' ) }}: From 3c51449ebd45869f9726420e66325a1b823f9357 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 12:45:52 +0200 Subject: [PATCH 061/887] fix conflicts --- .../0002-Add-crypto-backend-foundation.patch | 70 +++++++------------ patches/0005-Add-CNG-crypto-backend.patch | 40 +++++------ 2 files changed, 44 insertions(+), 66 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index ca80ce31c23..e1c890378a6 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -41,7 +41,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- src/crypto/sha1/sha1_test.go | 2 +- - src/crypto/sha256/sha256.go | 14 +- + src/crypto/sha256/sha256.go | 6 +- src/crypto/sha256/sha256_test.go | 2 +- src/crypto/sha512/sha512.go | 2 +- src/crypto/sha512/sha512_test.go | 2 +- @@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 52 files changed, 808 insertions(+), 108 deletions(-) + 52 files changed, 802 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -452,7 +452,7 @@ index 00000000000000..b0cdd44d81c753 + panic("boringcrypto: not available") +} diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go -index 46ec81b8c58bc9..1563eedf6f78d1 100644 +index b8c909cf015aa7..9f517e8e527363 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -22,7 +22,7 @@ timing side-channels: @@ -461,9 +461,9 @@ index 46ec81b8c58bc9..1563eedf6f78d1 100644 import ( - "crypto/internal/boring" + boring "crypto/internal/backend" + "crypto/internal/fips/hmac" "crypto/subtle" "hash" - ) diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go index 7accad763244a1..dd3211f2c37af3 100644 --- a/src/crypto/hmac/hmac_test.go @@ -538,7 +538,7 @@ index 00000000000000..85bd3ed083f5b2 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..f83ff4abacc1dc +index 00000000000000..bc595e91024f11 --- /dev/null +++ b/src/crypto/internal/backend/common.go @@ -0,0 +1,92 @@ @@ -1268,7 +1268,7 @@ index d03892c57d4e61..d44f70b92661b4 100644 "crypto/rand" "encoding" diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 7844f191e16b57..5c04e4bb83f2f2 100644 +index d87c689c9001ad..7584c380af0cec 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -8,7 +8,7 @@ package sha256 @@ -1277,10 +1277,10 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" - "errors" + "crypto/internal/fips/sha256" "hash" - "internal/byteorder" -@@ -159,7 +159,7 @@ func New() hash.Hash { + ) +@@ -43,7 +43,7 @@ func New() hash.Hash { // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal // state of the hash. func New224() hash.Hash { @@ -1288,30 +1288,8 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644 + if boring.Enabled && boring.SupportsHash(crypto.SHA224) { return boring.NewSHA224() } - d := new(digest) -@@ -178,7 +178,9 @@ func (d *digest) Size() int { - func (d *digest) BlockSize() int { return BlockSize } - - func (d *digest) Write(p []byte) (nn int, err error) { -- boring.Unreachable() -+ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) { -+ boring.Unreachable() -+ } - nn = len(p) - d.len += uint64(nn) - if d.nx > 0 { -@@ -202,7 +204,9 @@ func (d *digest) Write(p []byte) (nn int, err error) { - } - - func (d *digest) Sum(in []byte) []byte { -- boring.Unreachable() -+ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) { -+ boring.Unreachable() -+ } - // Make a copy of d so that caller can keep writing and summing. - d0 := *d - hash := d0.checkSum() -@@ -263,7 +267,7 @@ func Sum256(data []byte) [Size]byte { + return sha256.New224() +@@ -63,7 +63,7 @@ func Sum256(data []byte) [Size]byte { // Sum224 returns the SHA224 checksum of the data. func Sum224(data []byte) [Size224]byte { @@ -1319,9 +1297,9 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644 + if boring.Enabled && boring.SupportsHash(crypto.SHA224) { return boring.SHA224(data) } - var d digest + h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 3237c6a73e6a1e..5a8f4901451018 100644 +index 40be1480dd51d1..0426ce6aebd681 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1331,10 +1309,10 @@ index 3237c6a73e6a1e..5a8f4901451018 100644 - "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/cryptotest" - "crypto/rand" "encoding" + "fmt" diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go -index 0e2a34a1e347cf..132b9495e38644 100644 +index 0a12fde7bc060b..ca752598e4343a 100644 --- a/src/crypto/sha512/sha512.go +++ b/src/crypto/sha512/sha512.go @@ -12,7 +12,7 @@ package sha512 @@ -1343,11 +1321,11 @@ index 0e2a34a1e347cf..132b9495e38644 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" - "errors" + "crypto/internal/fips/sha512" "hash" - "internal/byteorder" + ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index cfe6b571975b27..de28aa927044a6 100644 +index 6e3d9bce1cf095..df96879c02d234 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 @@ -1357,8 +1335,8 @@ index cfe6b571975b27..de28aa927044a6 100644 - "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/cryptotest" - "crypto/rand" "encoding" + "encoding/hex" diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go index 56050421985927..dcbd33167e4499 100644 --- a/src/crypto/tls/boring_test.go @@ -1775,12 +1753,12 @@ index 319ac61f49c994..1b2454dbaab264 100644 t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 3adc26ae2b6e29..f05cec9d7c3253 100644 +index cc9d304bc62820..6509d58264aae0 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -447,7 +447,9 @@ var depsRules = ` - +@@ -463,7 +463,9 @@ var depsRules = ` # CRYPTO is core crypto algorithms - no cgo, fmt, net. + FIPS, crypto/internal/boring/sig, + crypto/internal/boring/fipstls, crypto/internal/boring/syso, @@ -1788,7 +1766,7 @@ index 3adc26ae2b6e29..f05cec9d7c3253 100644 golang.org/x/sys/cpu, hash, embed < crypto -@@ -458,6 +460,7 @@ var depsRules = ` +@@ -474,6 +476,7 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache < crypto/internal/boring @@ -1796,7 +1774,7 @@ index 3adc26ae2b6e29..f05cec9d7c3253 100644 < crypto/boring; crypto/internal/alias, math/rand/v2 -@@ -495,6 +498,7 @@ var depsRules = ` +@@ -511,6 +514,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index a6e5cac6b29..e6e535c73b3 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -473,7 +473,7 @@ index 00000000000000..3d3d13709de5ac + panic("cryptobackend: not available") +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index f83ff4abacc1dc..b05374a9d62a97 100644 +index bc595e91024f11..7766d674f5cfaf 100644 --- a/src/crypto/internal/backend/common.go +++ b/src/crypto/internal/backend/common.go @@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool { @@ -689,10 +689,10 @@ index d44f70b92661b4..76726556f80fbd 100644 h := New() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 5a8f4901451018..f9549bba2dee59 100644 +index 0426ce6aebd681..bdb55a70a4847c 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go -@@ -14,6 +14,7 @@ import ( +@@ -13,6 +13,7 @@ import ( "encoding" "fmt" "hash" @@ -700,17 +700,17 @@ index 5a8f4901451018..f9549bba2dee59 100644 "io" "testing" ) -@@ -140,6 +141,9 @@ func TestGolden(t *testing.T) { +@@ -141,6 +142,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { + if goexperiment.CNGCrypto { + t.Skip("CNGCrypto does not support hash marshalling") + } - tests := []struct { - name string - newHash func() hash.Hash -@@ -197,6 +201,9 @@ func TestGoldenMarshal(t *testing.T) { + cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal) + } + +@@ -202,6 +206,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalTypeMismatch(t *testing.T) { @@ -720,7 +720,7 @@ index 5a8f4901451018..f9549bba2dee59 100644 h1 := New() h2 := New224() -@@ -286,6 +293,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -276,6 +283,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -731,10 +731,10 @@ index 5a8f4901451018..f9549bba2dee59 100644 h := New() diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index de28aa927044a6..dedebd20e6a2ed 100644 +index df96879c02d234..99451e26a13d79 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go -@@ -15,6 +15,7 @@ import ( +@@ -14,6 +14,7 @@ import ( "encoding/hex" "fmt" "hash" @@ -742,17 +742,17 @@ index de28aa927044a6..dedebd20e6a2ed 100644 "io" "testing" ) -@@ -720,6 +721,9 @@ func TestGolden(t *testing.T) { +@@ -725,6 +726,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { + if goexperiment.CNGCrypto { + t.Skip("CNGCrypto does not support hash marshalling") + } - tests := []struct { - name string - newHash func() hash.Hash -@@ -779,6 +783,9 @@ func TestGoldenMarshal(t *testing.T) { + cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) { + testGoldenMarshal(t) + }) +@@ -790,6 +794,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalMismatch(t *testing.T) { @@ -762,7 +762,7 @@ index de28aa927044a6..dedebd20e6a2ed 100644 h := []func() hash.Hash{ New, New384, -@@ -885,6 +892,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -881,6 +888,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -929,10 +929,10 @@ index 8ec2c59f2c63e5..87b5f8e316f388 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 03005f247513cf..c77db5a856b7f6 100644 +index e7e967659de213..83dcaed4cb82ec 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -459,6 +459,10 @@ var depsRules = ` +@@ -475,6 +475,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -943,7 +943,7 @@ index 03005f247513cf..c77db5a856b7f6 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -499,6 +503,7 @@ var depsRules = ` +@@ -515,6 +519,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big From 9ec611ba35384787d726b5cdc87e6839dd95991b Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 14:54:17 +0200 Subject: [PATCH 062/887] Update remote --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 87a89fa4513..e5e552b8167 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 87a89fa45130d4406fa4d9f0882b9c5014240d03 +Subproject commit e5e552b816793f2b5729744c27995cce12baf52e From 49cbccb092580a18912f1b641c35f7f2650e4681 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 14:59:53 +0200 Subject: [PATCH 063/887] fix conflict --- patches/0005-Add-CNG-crypto-backend.patch | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index e6e535c73b3..fcf4cb2611d 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -689,7 +689,7 @@ index d44f70b92661b4..76726556f80fbd 100644 h := New() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 0426ce6aebd681..bdb55a70a4847c 100644 +index d2fa4369d068bf..027b705e96113f 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -13,6 +13,7 @@ import ( @@ -697,10 +697,10 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 "fmt" "hash" + "internal/goexperiment" + "internal/testenv" "io" "testing" - ) -@@ -141,6 +142,9 @@ func testGolden(t *testing.T) { +@@ -142,6 +143,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -710,7 +710,7 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal) } -@@ -202,6 +206,9 @@ func testGoldenMarshal(t *testing.T) { +@@ -203,6 +207,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalTypeMismatch(t *testing.T) { @@ -720,7 +720,7 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 h1 := New() h2 := New224() -@@ -276,6 +283,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -277,6 +284,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -731,7 +731,7 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 h := New() diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index df96879c02d234..99451e26a13d79 100644 +index 736504b8fc85a5..582ed2ae870e23 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -14,6 +14,7 @@ import ( @@ -739,10 +739,10 @@ index df96879c02d234..99451e26a13d79 100644 "fmt" "hash" + "internal/goexperiment" + "internal/testenv" "io" "testing" - ) -@@ -725,6 +726,9 @@ func testGolden(t *testing.T) { +@@ -726,6 +727,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -752,7 +752,7 @@ index df96879c02d234..99451e26a13d79 100644 cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) { testGoldenMarshal(t) }) -@@ -790,6 +794,9 @@ func testGoldenMarshal(t *testing.T) { +@@ -791,6 +795,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalMismatch(t *testing.T) { @@ -762,7 +762,7 @@ index df96879c02d234..99451e26a13d79 100644 h := []func() hash.Hash{ New, New384, -@@ -881,6 +888,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -882,6 +889,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { From b7ed91ecfe8492ef51e798d47b92452e607f5bbf Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Fri, 25 Oct 2024 16:08:36 +0000 Subject: [PATCH 064/887] Update submodule to latest master (bb07aa64): cmd/compile: add shift optimization test --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index e5e552b8167..bb07aa644be 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit e5e552b816793f2b5729744c27995cce12baf52e +Subproject commit bb07aa644be4805e799c076f054c0fc132bc4d27 From 9184845520078ccabfa4f0d3a2ce56f721e2f806 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Sat, 26 Oct 2024 03:36:07 -0700 Subject: [PATCH 065/887] Remove .github/workflows/auto-merge.yml: not working in org (#1374) --- .github/workflows/auto-merge.yml | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 .github/workflows/auto-merge.yml diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml deleted file mode 100644 index 1afdb677ec6..00000000000 --- a/.github/workflows/auto-merge.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Pull Request auto-merge -on: pull_request_target - -permissions: - contents: write - pull-requests: write - -jobs: - automerge: - # Only run for the microsoft-golang-bot - if: github.actor == 'microsoft-golang-bot' - runs-on: ubuntu-latest - - steps: - - name: Approve pull request - run: gh pr review --approve "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - - name: Enable auto-merge for pull request - run: gh pr merge --auto --squash "$PR_URL" - env: - PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} From 3b2a1264ee909063536edb4cadecea2792bbde0e Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 28 Oct 2024 11:18:44 +0100 Subject: [PATCH 066/887] use our own Ubuntu 22.04 image --- eng/pipeline/pr-outerloop-pipeline.yml | 2 +- eng/pipeline/pr-pipeline.yml | 2 +- eng/pipeline/rolling-innerloop-pipeline.yml | 2 +- eng/pipeline/rolling-pipeline.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index 45fc8743775..0a10c09066b 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -19,7 +19,7 @@ pr: resources: containers: - container: ubuntu2204 - image: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-22.04 + image: mcr.microsoft.com/microsoft-go/infra-images:ubuntu-22.04-amd64-default-20241026145220-02e8663 - container: mariner1 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 - container: mariner1arm64 diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index ce50b025817..1926636f18f 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -16,7 +16,7 @@ resources: # (container: ... image: ...) is not the same as the one 1ES PT uses, so updating these requires # separate changes. - container: ubuntu2204 - image: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-22.04 + image: mcr.microsoft.com/microsoft-go/infra-images:ubuntu-22.04-amd64-default-20241026145220-02e8663 - container: mariner1 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 - container: mariner1arm64 diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index 85ba25c14b2..60c8498dc91 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -39,7 +39,7 @@ extends: suppressionFile: $(Build.SourcesDirectory)/.config/guardian/.gdnsuppress containers: ubuntu2204: - image: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-22.04 + image: mcr.microsoft.com/microsoft-go/infra-images:ubuntu-22.04-amd64-default-20241026145220-02e8663 mariner1: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 mariner1arm64: diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index e360909614b..5aff0723cfa 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -32,7 +32,7 @@ extends: suppressionFile: $(Build.SourcesDirectory)/.config/guardian/.gdnsuppress containers: ubuntu2204: - image: mcr.microsoft.com/dotnet-buildtools/prereqs:ubuntu-22.04 + image: mcr.microsoft.com/microsoft-go/infra-images:ubuntu-22.04-amd64-default-20241026145220-02e8663 mariner1: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 mariner1arm64: From df037788f0c5da9ca816bfeac281d7dbf763d529 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 28 Oct 2024 11:25:41 +0100 Subject: [PATCH 067/887] add Mariner 2 to CI pipelines --- eng/pipeline/pr-outerloop-pipeline.yml | 4 ++++ eng/pipeline/pr-pipeline.yml | 4 ++++ eng/pipeline/rolling-innerloop-pipeline.yml | 4 ++++ eng/pipeline/rolling-pipeline.yml | 4 ++++ eng/pipeline/stages/go-builder-matrix-stages.yml | 2 ++ eng/pipeline/stages/run-stage.yml | 7 ++++++- 6 files changed, 24 insertions(+), 1 deletion(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index 45fc8743775..04aae04346e 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -24,6 +24,10 @@ resources: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + - container: mariner2 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + - container: mariner2arm64 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index ce50b025817..f1c92f94938 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -21,6 +21,10 @@ resources: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + - container: mariner2 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + - container: mariner2arm64 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index 85ba25c14b2..8c785329233 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -44,6 +44,10 @@ extends: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + mariner2: + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + mariner2arm64: + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index e360909614b..f3e3f1f61ab 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -37,6 +37,10 @@ extends: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-1.0.20211027-20211201-0cccc22 mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 + mariner2: + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + mariner2arm64: + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 60e3b51638d..a82c69f2f09 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -77,10 +77,12 @@ stages: - { os: linux, arch: amd64, config: devscript } - { os: linux, arch: amd64, config: test } - { os: linux, arch: amd64, config: test, distro: ubuntu } + - { os: linux, arch: amd64, config: test, distro: mariner2 } - { os: linux, arch: amd64, config: test, distro: azurelinux3 } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2 } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, broken: true } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index 011e94ce99b..34918364cbb 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -71,12 +71,17 @@ stages: ${{ if eq(parameters.builder.hostArch, 'amd64') }}: ${{ if eq(parameters.builder.distro, 'ubuntu') }}: container: ubuntu2204 + ${{ elseif eq(parameters.builder.distro, 'mariner2') }}: + container: mariner2 ${{ elseif eq(parameters.builder.distro, 'azurelinux3') }}: container: azurelinux3 ${{ else }}: container: mariner1 ${{ elseif eq(parameters.builder.hostArch, 'arm64') }}: - container: mariner1arm64 + ${{ if eq(parameters.builder.distro, 'mariner2') }}: + container: mariner2arm64 + ${{ else }}: + container: mariner1arm64 variables: - group: go-cmdscan-rules From c29680080af726c4c2ec7f49d484c8cb1c243509 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Mon, 28 Oct 2024 16:07:38 +0000 Subject: [PATCH 068/887] Update submodule to latest master (b33fc480): crypto/internal/hpke: use internal/byteorder instead of encoding/binary --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index bb07aa644be..b33fc480a25 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit bb07aa644be4805e799c076f054c0fc132bc4d27 +Subproject commit b33fc480a25c30d38104a9efaf73326c888e8557 From 5dd8137727e9e977c1b323c74d3ce214bf4a41f0 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 29 Oct 2024 11:50:01 +0100 Subject: [PATCH 069/887] fix conflicts --- .../0002-Add-crypto-backend-foundation.patch | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index e1c890378a6..4659b3e82f2 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -947,7 +947,7 @@ index 62be347e0c6822..d284b5cf7814a6 100644 } diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go -index 7c18d595c2eeaa..6750262c4241e5 100644 +index b3d0a7368f7fa0..c34b994a67a289 100644 --- a/src/crypto/rand/rand.go +++ b/src/crypto/rand/rand.go @@ -7,7 +7,7 @@ @@ -956,11 +956,11 @@ index 7c18d595c2eeaa..6750262c4241e5 100644 import ( - "crypto/internal/boring" + boring "crypto/internal/backend" - "internal/godebug" "io" "os" + "sync" diff --git a/src/crypto/rand/rand_test.go b/src/crypto/rand/rand_test.go -index 2372413279dafe..55e68ed21ca68e 100644 +index 63581b75fdbc7f..dd220c7c544f76 100644 --- a/src/crypto/rand/rand_test.go +++ b/src/crypto/rand/rand_test.go @@ -7,7 +7,7 @@ package rand @@ -1299,7 +1299,7 @@ index d87c689c9001ad..7584c380af0cec 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 40be1480dd51d1..0426ce6aebd681 100644 +index ffd16386515830..d2fa4369d068bf 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1325,7 +1325,7 @@ index 0a12fde7bc060b..ca752598e4343a 100644 "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index 6e3d9bce1cf095..df96879c02d234 100644 +index fdad37b1863ae8..736504b8fc85a5 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 @@ -1753,10 +1753,10 @@ index 319ac61f49c994..1b2454dbaab264 100644 t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index cc9d304bc62820..6509d58264aae0 100644 +index c6a2518f62ff3a..578b4d6f68504c 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -463,7 +463,9 @@ var depsRules = ` +@@ -464,7 +464,9 @@ var depsRules = ` # CRYPTO is core crypto algorithms - no cgo, fmt, net. FIPS, crypto/internal/boring/sig, @@ -1766,7 +1766,7 @@ index cc9d304bc62820..6509d58264aae0 100644 golang.org/x/sys/cpu, hash, embed < crypto -@@ -474,6 +476,7 @@ var depsRules = ` +@@ -475,6 +477,7 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache < crypto/internal/boring @@ -1774,7 +1774,7 @@ index cc9d304bc62820..6509d58264aae0 100644 < crypto/boring; crypto/internal/alias, math/rand/v2 -@@ -511,6 +514,7 @@ var depsRules = ` +@@ -512,6 +515,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig @@ -1783,10 +1783,10 @@ index cc9d304bc62820..6509d58264aae0 100644 < crypto/internal/mlkem768 < crypto/ed25519 diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go -index c91c99b1f53111..7d273ae17cb83f 100644 +index 389eda9ad54b99..110d60beb0e70c 100644 --- a/src/net/smtp/smtp_test.go +++ b/src/net/smtp/smtp_test.go -@@ -1105,40 +1105,60 @@ func sendMail(hostPort string) error { +@@ -1136,40 +1136,60 @@ func sendMail(hostPort string) error { // localhostCert is a PEM-encoded TLS cert generated from src/crypto/tls: // From eb3189398c0fc2038292d243d7a14a433e25ae6a Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 29 Oct 2024 12:47:38 +0100 Subject: [PATCH 070/887] upgrade mariner images --- eng/pipeline/pr-outerloop-pipeline.yml | 4 ++-- eng/pipeline/pr-pipeline.yml | 4 ++-- eng/pipeline/rolling-innerloop-pipeline.yml | 4 ++-- eng/pipeline/rolling-pipeline.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index 04aae04346e..d423c523a94 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -25,9 +25,9 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: mariner2 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 - container: mariner2arm64 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index f1c92f94938..5fc542255fe 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -22,9 +22,9 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: mariner2 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 - container: mariner2arm64 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index 8c785329233..34b10246d29 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -45,9 +45,9 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 mariner2: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 mariner2arm64: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index f3e3f1f61ab..7103ac1ec3e 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -38,9 +38,9 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 mariner2: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241026145219-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 mariner2arm64: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241026144913-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 From f086bae857dba18150df0ac06f9ca2e19c57dc7f Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 29 Oct 2024 13:06:46 +0100 Subject: [PATCH 071/887] upgrade mariner images --- eng/pipeline/pr-outerloop-pipeline.yml | 4 ++-- eng/pipeline/pr-pipeline.yml | 4 ++-- eng/pipeline/rolling-innerloop-pipeline.yml | 4 ++-- eng/pipeline/rolling-pipeline.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index d423c523a94..8bec865d8f7 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -25,9 +25,9 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: mariner2 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c - container: mariner2arm64 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index 5fc542255fe..6e90d6856e9 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -22,9 +22,9 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: mariner2 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c - container: mariner2arm64 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index 34b10246d29..860564f69ad 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -45,9 +45,9 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 mariner2: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c mariner2arm64: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index 7103ac1ec3e..62d3a0fbc18 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -38,9 +38,9 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 mariner2: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029101753-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c mariner2arm64: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029101207-51209c5 + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 From 41d0463a36dc21aa17a61eece661a662b1186ad6 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 29 Oct 2024 13:22:06 +0100 Subject: [PATCH 072/887] don't call init-pwsh-task.yml --- eng/pipeline/stages/run-stage.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index 34918364cbb..bae188c189a 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -128,7 +128,6 @@ stages: displayName: Cleanup - template: ../steps/checkout-unix-task.yml - - template: ../steps/init-pwsh-task.yml - pwsh: | New-Item eng/artifacts/bin -ItemType Directory -ErrorAction Ignore From 89199c75191c9dfb7c4ee6b01dc5bddf420fa84c Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 29 Oct 2024 13:23:21 +0100 Subject: [PATCH 073/887] re-add init-pwsh-task --- eng/pipeline/stages/run-stage.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index bae188c189a..34918364cbb 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -128,6 +128,7 @@ stages: displayName: Cleanup - template: ../steps/checkout-unix-task.yml + - template: ../steps/init-pwsh-task.yml - pwsh: | New-Item eng/artifacts/bin -ItemType Directory -ErrorAction Ignore From 1c41c5e37154f1f5d7c1ef780ec6a1d71122a1bc Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 29 Oct 2024 16:38:36 +0100 Subject: [PATCH 074/887] upgrade mariner images --- eng/pipeline/pr-outerloop-pipeline.yml | 4 ++-- eng/pipeline/pr-pipeline.yml | 4 ++-- eng/pipeline/rolling-innerloop-pipeline.yml | 4 ++-- eng/pipeline/rolling-pipeline.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index 8bec865d8f7..dfa4726119b 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -25,9 +25,9 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: mariner2 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029143752-6049f85 - container: mariner2arm64 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index 6e90d6856e9..f0c2aa80139 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -22,9 +22,9 @@ resources: - container: mariner1arm64 image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 - container: mariner2 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029143752-6049f85 - container: mariner2arm64 - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 - container: azurelinux3 image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index 860564f69ad..e8b1a67dbb0 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -45,9 +45,9 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 mariner2: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029143752-6049f85 mariner2arm64: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index 62d3a0fbc18..bc0cb5360bf 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -38,9 +38,9 @@ extends: mariner1arm64: image: golangpublicimages.azurecr.io/go-infra-images/prereqs:cbl-mariner-arm64-1.0-20220314-a003148 mariner2: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029111009-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-amd64-default-20241029143752-6049f85 mariner2arm64: - image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029110416-5ed5c8c + image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 azurelinux3: image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 From 09f20cebead7c8f6c86e8b940a785ba010b1498e Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 30 Oct 2024 09:31:38 +0100 Subject: [PATCH 075/887] test mariner2 an azl3 in FIPS mode --- eng/pipeline/stages/go-builder-matrix-stages.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index a82c69f2f09..fe7a4cc23e8 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -83,7 +83,9 @@ stages: - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2 } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, broken: true } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, fips:true, broken: true } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { os: windows, arch: amd64, config: devscript } From a774afa7be776d833a6b2b68b115c7d0bae775ba Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 30 Oct 2024 09:46:10 +0100 Subject: [PATCH 076/887] add missing space --- eng/pipeline/stages/go-builder-matrix-stages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index fe7a4cc23e8..c202248f02f 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -85,7 +85,7 @@ stages: - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2 } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2, fips: true } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, broken: true } - - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, fips:true, broken: true } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, fips: true, broken: true } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { os: windows, arch: amd64, config: devscript } From 53266039418ec93121a68f6c966f27766ef7c372 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 30 Oct 2024 02:21:32 -0700 Subject: [PATCH 077/887] initial changes to build macOS (#1379) Co-authored-by: George Adams --- eng/utilities.ps1 | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/eng/utilities.ps1 b/eng/utilities.ps1 index e95e586668b..784074727e7 100644 --- a/eng/utilities.ps1 +++ b/eng/utilities.ps1 @@ -51,6 +51,18 @@ function Get-Stage0GoRoot() { } Default { throw "Unable to match Linux '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } } + } elseif ($IsMacOS) { + switch ($proc_arch) { + 'x64' { + $stage0_go_sha256 = '9c3c0124b01b5365f73a1489649f78f971ecf84844ad9ca58fde133096ddb61b' + $stage0_go_suffix = 'darwin-amd64.tar.gz' + } + 'arm64' { + $stage0_go_sha256 = 'ebac39fd44fc22feed1bb519af431c84c55776e39b30f4fd62930da9c0cfd1e3' + $stage0_go_suffix = 'darwin-arm64.tar.gz' + } + Default { throw "Unable to match macOS '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } + } } else { throw "Current OS/Platform is not supported by the Microsoft scripts to build Go." } From 0b200a29e64acb4b18a21dfd65d453cac6c7c116 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 30 Oct 2024 16:35:19 +0100 Subject: [PATCH 078/887] upgrade golang-fips/openssl to 1a537f4 --- patches/0004-Add-OpenSSL-crypto-backend.patch | 36 +- patches/0005-Add-CNG-crypto-backend.patch | 16 +- patches/0006-Vendor-crypto-backends.patch | 1562 ++++++++++++----- 3 files changed, 1111 insertions(+), 503 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 123a8f92fa4..44dfb26b4c2 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -58,7 +58,7 @@ index f0e3575637c62a..0e9aceeb832d3b 100644 package main diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 0ffcabe4164af6..056f3ea5ae9beb 100644 +index 0facfb579cb196..223472e20d24a5 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go @@ -1225,12 +1225,11 @@ func (t *tester) registerCgoTests(heading string) { @@ -108,10 +108,10 @@ index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index d66027387b97f8..8e4dfab49f6b6b 100644 +index 0c37a1dc1f8c15..faf8a1874d5f28 100644 --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go -@@ -1162,6 +1162,7 @@ var hostobj []Hostobj +@@ -1163,6 +1163,7 @@ var hostobj []Hostobj // These packages can use internal linking mode. // Others trigger external mode. var internalpkg = []string{ @@ -611,7 +611,7 @@ index c44ae92f2528f3..698efc6751e12c 100644 package tls diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index d879139773d1d7..50330a2cd77cf7 100644 +index dcbd33167e4499..1f577fd1d4d9ec 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -2,7 +2,7 @@ @@ -688,7 +688,7 @@ index 095b58c31590d4..9aec21dbcd3bff 100644 package x509 diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index ffc3eeca9dbf95..b3227dc2560ff8 100644 +index 1b2454dbaab264..8cfc61049d0a08 100644 --- a/src/crypto/x509/boring_test.go +++ b/src/crypto/x509/boring_test.go @@ -2,7 +2,7 @@ @@ -714,32 +714,32 @@ index c83a7272c9f01f..a0548a7f9179c5 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index d7a4ef150410e3..7a6455fefb4bed 100644 +index df27f25e789f05..3e9514234e7125 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std go 1.24 require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 8ff5ecd640f084..c502448cd5ec1b 100644 +index b4efd6d3c50c11..d159c7d47bac3b 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 h1:Ne+sjU9k7dbdQg1Ix5c2JxT4mshYceU4VWOmClV79Pg= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index ca6a512bf95c7e..e69c1f8901fe74 100644 +index 578b4d6f68504c..80a14d54739524 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -460,6 +460,8 @@ var depsRules = ` +@@ -476,6 +476,8 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -748,7 +748,7 @@ index ca6a512bf95c7e..e69c1f8901fe74 100644 < crypto/internal/boring < crypto/internal/backend < crypto/boring; -@@ -498,6 +500,7 @@ var depsRules = ` +@@ -514,6 +516,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -756,7 +756,7 @@ index ca6a512bf95c7e..e69c1f8901fe74 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -797,7 +800,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -812,7 +815,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -765,7 +765,7 @@ index ca6a512bf95c7e..e69c1f8901fe74 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -807,7 +810,7 @@ func findImports(pkg string) ([]string, error) { +@@ -822,7 +825,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} @@ -817,7 +817,7 @@ index 00000000000000..a7f2712e9e1464 +const OpenSSLCrypto = true +const OpenSSLCryptoInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index 777337d92d3c72..ef00871d619651 100644 +index d7cf7655f3cea3..9c8b16735cd4f1 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go @@ -59,6 +59,7 @@ type Flags struct { @@ -829,7 +829,7 @@ index 777337d92d3c72..ef00871d619651 100644 // SystemCrypto enables the OpenSSL or CNG crypto experiment depending on // which one is appropriate on the target GOOS. diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go -index a0bb89e203ddf1..2b4a2680dcdd7e 100644 +index 8c623871932f7d..2fa55073f5c19c 100644 --- a/src/os/exec/exec_test.go +++ b/src/os/exec/exec_test.go @@ -14,6 +14,7 @@ import ( @@ -840,7 +840,7 @@ index a0bb89e203ddf1..2b4a2680dcdd7e 100644 "internal/poll" "internal/testenv" "io" -@@ -737,6 +738,14 @@ func TestExtraFiles(t *testing.T) { +@@ -689,6 +690,14 @@ func TestExtraFiles(t *testing.T) { t.Skipf("skipping test on %q", runtime.GOOS) } diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index fcf4cb2611d..6d96c714532 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -905,34 +905,34 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index e3bab6c545819d..76f44dcd249e4b 100644 +index 3e9514234e7125..611e053ec8c2a0 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 + github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 + github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 8ec2c59f2c63e5..87b5f8e316f388 100644 +index d159c7d47bac3b..e2ae52f398320a 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 h1:MiLLfnjVDjuOST8SQ7XgeBpWMWPpVb8VKDhL5Uvco7Q= - github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 h1:Ne+sjU9k7dbdQg1Ix5c2JxT4mshYceU4VWOmClV79Pg= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= +github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e7e967659de213..83dcaed4cb82ec 100644 +index 80a14d54739524..74e0606b0ac903 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -475,6 +475,10 @@ var depsRules = ` +@@ -476,6 +476,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -943,7 +943,7 @@ index e7e967659de213..83dcaed4cb82ec 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -515,6 +519,7 @@ var depsRules = ` +@@ -516,6 +520,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index e33acea7273..dd456435cad 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -5,41 +5,45 @@ Subject: [PATCH] Vendor crypto backends To reproduce, run 'go mod vendor' in 'go/src'. --- + .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + .../golang-fips/openssl/v2/README.md | 66 ++ - .../github.com/golang-fips/openssl/v2/aes.go | 100 ++ + .../github.com/golang-fips/openssl/v2/aes.go | 147 +++ .../golang-fips/openssl/v2/bbig/big.go | 37 + .../github.com/golang-fips/openssl/v2/big.go | 11 + + .../golang-fips/openssl/v2/cgo_go124.go | 18 + .../golang-fips/openssl/v2/cipher.go | 569 +++++++++ .../github.com/golang-fips/openssl/v2/des.go | 114 ++ - .../github.com/golang-fips/openssl/v2/dsa.go | 348 ++++++ - .../github.com/golang-fips/openssl/v2/ec.go | 59 + - .../github.com/golang-fips/openssl/v2/ecdh.go | 321 +++++ - .../golang-fips/openssl/v2/ecdsa.go | 215 ++++ - .../golang-fips/openssl/v2/ed25519.go | 218 ++++ - .../github.com/golang-fips/openssl/v2/evp.go | 471 ++++++++ - .../golang-fips/openssl/v2/goopenssl.c | 218 ++++ + .../github.com/golang-fips/openssl/v2/dsa.go | 324 +++++ + .../github.com/golang-fips/openssl/v2/ec.go | 51 + + .../github.com/golang-fips/openssl/v2/ecdh.go | 313 +++++ + .../golang-fips/openssl/v2/ecdsa.go | 211 ++++ + .../golang-fips/openssl/v2/ed25519.go | 221 ++++ + .../github.com/golang-fips/openssl/v2/evp.go | 519 ++++++++ + .../golang-fips/openssl/v2/goopenssl.c | 240 ++++ .../golang-fips/openssl/v2/goopenssl.h | 259 ++++ .../github.com/golang-fips/openssl/v2/hash.go | 1041 +++++++++++++++++ - .../github.com/golang-fips/openssl/v2/hkdf.go | 190 +++ - .../github.com/golang-fips/openssl/v2/hmac.go | 276 +++++ + .../github.com/golang-fips/openssl/v2/hkdf.go | 285 +++++ + .../github.com/golang-fips/openssl/v2/hmac.go | 274 +++++ .../github.com/golang-fips/openssl/v2/init.go | 64 + .../golang-fips/openssl/v2/init_unix.go | 31 + .../golang-fips/openssl/v2/init_windows.go | 36 + - .../golang-fips/openssl/v2/openssl.go | 434 +++++++ - .../golang-fips/openssl/v2/pbkdf2.go | 28 + + .../golang-fips/openssl/v2/openssl.go | 462 ++++++++ + .../golang-fips/openssl/v2/params.go | 210 ++++ + .../golang-fips/openssl/v2/pbkdf2.go | 62 + .../golang-fips/openssl/v2/port_dsa.c | 85 ++ .../openssl/v2/port_evp_md5_sha1.c | 126 ++ .../github.com/golang-fips/openssl/v2/rand.go | 20 + .../github.com/golang-fips/openssl/v2/rc4.go | 66 ++ - .../github.com/golang-fips/openssl/v2/rsa.go | 443 +++++++ - .../github.com/golang-fips/openssl/v2/shims.h | 392 +++++++ + .../github.com/golang-fips/openssl/v2/rsa.go | 408 +++++++ + .../github.com/golang-fips/openssl/v2/shims.h | 401 +++++++ .../golang-fips/openssl/v2/thread_setup.go | 14 + .../golang-fips/openssl/v2/thread_setup.h | 4 + .../openssl/v2/thread_setup_unix.c | 64 + .../openssl/v2/thread_setup_windows.c | 64 + - .../golang-fips/openssl/v2/tls1prf.go | 104 ++ + .../golang-fips/openssl/v2/tls1prf.go | 160 +++ + .../github.com/golang-fips/openssl/v2/zaes.go | 86 ++ .../microsoft/go-crypto-winnative/LICENSE | 21 + .../microsoft/go-crypto-winnative/cng/aes.go | 393 +++++++ .../go-crypto-winnative/cng/bbig/big.go | 31 + @@ -64,13 +68,15 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 59 files changed, 10388 insertions(+) + 63 files changed, 10964 insertions(+) + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/README.md create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/aes.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/big.go + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/cgo_go124.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/cipher.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/des.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/dsa.go @@ -88,6 +94,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/init_unix.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/init_windows.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/openssl.go + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/params.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/port_dsa.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c @@ -100,6 +107,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/thread_setup_unix.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/thread_setup_windows.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go + create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/zaes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/bbig/big.go @@ -124,6 +132,13 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/subtle/aliasing.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore +new file mode 100644 +index 00000000000000..79b5594df7fa29 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore +@@ -0,0 +1 @@ ++**/.DS_Store diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml b/src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml new file mode 100644 index 00000000000000..aed2e22df2d555 @@ -240,10 +255,10 @@ index 00000000000000..1bfbaf60f4dd58 +This project adopts the Go code of conduct: https://go.dev/conduct. diff --git a/src/vendor/github.com/golang-fips/openssl/v2/aes.go b/src/vendor/github.com/golang-fips/openssl/v2/aes.go new file mode 100644 -index 00000000000000..231b75e2adbc39 +index 00000000000000..18bb070a2e5bda --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/aes.go -@@ -0,0 +1,100 @@ +@@ -0,0 +1,147 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -255,19 +270,19 @@ index 00000000000000..231b75e2adbc39 + "errors" +) + -+type extraModes interface { -+ // Copied out of crypto/aes/modes.go. -+ NewCBCEncrypter(iv []byte) cipher.BlockMode -+ NewCBCDecrypter(iv []byte) cipher.BlockMode -+ NewCTR(iv []byte) cipher.Stream -+ NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) -+ -+ // Invented for BoringCrypto. -+ NewGCMTLS() (cipher.AEAD, error) -+} ++//go:generate go run github.com/golang-fips/openssl/v2/cmd/genaesmodes -in aes.go -modes CBC,CTR,GCM -out zaes.go ++//go:generate go run github.com/golang-fips/openssl/v2/cmd/gentestvectors -out vectors_test.go + -+var _ extraModes = (*aesCipher)(nil) ++// Steps to support a new AES mode, e.g. `FOO`: ++// 1. Add `FOO` to the list of modes in the `genaesmodes` command. ++// 2. Run `go generate` to update the generated code. ++// 3. Implement the necessary interfaces for the new struct, which will be named `cipherWithFOO`. + ++// NewAESCipher creates and returns a new AES cipher.Block. ++// The key argument should be the AES key, either 16, 24, or 32 bytes to select ++// AES-128, AES-192, or AES-256. ++// The returned cipher.Block implements the CBC, CTR, and/or GCM modes if ++// the underlying OpenSSL library supports them. +func NewAESCipher(key []byte) (cipher.Block, error) { + var kind cipherKind + switch len(key) * 8 { @@ -284,66 +299,113 @@ index 00000000000000..231b75e2adbc39 + if err != nil { + return nil, err + } -+ return &aesCipher{c}, nil ++ return newAESBlock(c, kind), nil +} + +// NewGCMTLS returns a GCM cipher specific to TLS +// and should not be used for non-TLS purposes. +func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { -+ return c.(*aesCipher).NewGCMTLS() ++ if c, ok := c.(interface { ++ NewGCMTLS() (cipher.AEAD, error) ++ }); ok { ++ return c.NewGCMTLS() ++ } ++ return nil, errors.New("GCM not supported") +} + +// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used +// for non-TLS purposes. +func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { -+ return c.(*aesCipher).NewGCMTLS13() ++ if c, ok := c.(interface { ++ NewGCMTLS13() (cipher.AEAD, error) ++ }); ok { ++ return c.NewGCMTLS13() ++ } ++ return nil, errors.New("GCM not supported") +} + ++// aesCipher implements the cipher.Block interface. +type aesCipher struct { -+ *evpCipher ++ cipher *evpCipher +} + -+func (c *aesCipher) BlockSize() int { -+ return c.blockSize ++func (c aesCipher) BlockSize() int { ++ return c.cipher.blockSize +} + -+func (c *aesCipher) Encrypt(dst, src []byte) { -+ if err := c.encrypt(dst, src); err != nil { ++func (c aesCipher) Encrypt(dst, src []byte) { ++ if err := c.cipher.encrypt(dst, src); err != nil { + // crypto/aes expects that the panic message starts with "crypto/aes: ". + panic("crypto/aes: " + err.Error()) + } +} + -+func (c *aesCipher) Decrypt(dst, src []byte) { -+ if err := c.decrypt(dst, src); err != nil { ++func (c aesCipher) Decrypt(dst, src []byte) { ++ if err := c.cipher.decrypt(dst, src); err != nil { + // crypto/aes expects that the panic message starts with "crypto/aes: ". + panic("crypto/aes: " + err.Error()) + } +} + -+func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { -+ return c.newCBC(iv, cipherOpEncrypt) ++// Implement optional interfaces for AES modes. ++ ++func (c cipherWithCBC) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpEncrypt) +} + -+func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { -+ return c.newCBC(iv, cipherOpDecrypt) ++func (c cipherWithCBC) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return c.cipher.newCBC(iv, cipherOpDecrypt) +} + -+func (c *aesCipher) NewCTR(iv []byte) cipher.Stream { -+ return c.newCTR(iv) ++func (c cipherWithCTR) NewCTR(iv []byte) cipher.Stream { ++ return c.cipher.newCTR(iv) +} + -+func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { -+ return c.newGCMChecked(nonceSize, tagSize) ++func (c cipherWithGCM) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { ++ return c.cipher.newGCMChecked(nonceSize, tagSize) +} + -+func (c *aesCipher) NewGCMTLS() (cipher.AEAD, error) { -+ return c.newGCM(cipherGCMTLS12) ++func (c cipherWithGCM) NewGCMTLS() (cipher.AEAD, error) { ++ return c.cipher.newGCM(cipherGCMTLS12) +} + -+func (c *aesCipher) NewGCMTLS13() (cipher.AEAD, error) { -+ return c.newGCM(cipherGCMTLS13) ++func (c cipherWithGCM) NewGCMTLS13() (cipher.AEAD, error) { ++ return c.cipher.newGCM(cipherGCMTLS13) ++} ++ ++// The following interfaces have been copied out of crypto/aes/modes.go. ++ ++type gcmAble interface { ++ NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) ++} ++ ++type cbcEncAble interface { ++ NewCBCEncrypter(iv []byte) cipher.BlockMode ++} ++ ++type cbcDecAble interface { ++ NewCBCDecrypter(iv []byte) cipher.BlockMode +} ++ ++type ctrAble interface { ++ NewCTR(iv []byte) cipher.Stream ++} ++ ++// Test that the interfaces are implemented. ++ ++var ( ++ _ cipher.Block = (*aesCipher)(nil) ++ ++ _ cipher.Block = (*cipherWithCBC)(nil) ++ _ cbcEncAble = (*cipherWithCBC)(nil) ++ _ cbcDecAble = (*cipherWithCBC)(nil) ++ ++ _ cipher.Block = (*cipherWithCTR)(nil) ++ _ ctrAble = (*cipherWithCTR)(nil) ++ ++ _ cipher.Block = (*cipherWithGCM)(nil) ++ _ gcmAble = (*cipherWithGCM)(nil) ++) diff --git a/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go b/src/vendor/github.com/golang-fips/openssl/v2/bbig/big.go new file mode 100644 index 00000000000000..a81cbdbef93148 @@ -404,6 +466,30 @@ index 00000000000000..6461f241f863fc +// This definition allows us to avoid importing math/big. +// Conversion between BigInt and *big.Int is in openssl/bbig. +type BigInt []uint +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cgo_go124.go b/src/vendor/github.com/golang-fips/openssl/v2/cgo_go124.go +new file mode 100644 +index 00000000000000..933a751873dd05 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/cgo_go124.go +@@ -0,0 +1,18 @@ ++//go:build go1.24 && !cmd_go_bootstrap ++ ++package openssl ++ ++// The following noescape and nocallback directives are used to prevent the Go ++// compiler from allocating function parameters on the heap. See ++// https://github.com/golang/go/blob/0733682e5ff4cd294f5eccb31cbe87a543147bc6/src/cmd/cgo/doc.go#L439-L461 ++// ++// If possible, write a C wrapper function to optimize a call rather than using ++// this feature so the optimization will work for all supported Go versions. ++// ++// This is just a performance optimization. Only add functions that have been ++// observed to benefit from these directives, not every function that is merely ++// expected to meet the noescape/nocallback criteria. ++ ++// #cgo noescape go_openssl_RAND_bytes ++// #cgo nocallback go_openssl_RAND_bytes ++import "C" diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cipher.go b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go new file mode 100644 index 00000000000000..72f7aebfc130e7 @@ -981,7 +1067,7 @@ index 00000000000000..72f7aebfc130e7 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/des.go b/src/vendor/github.com/golang-fips/openssl/v2/des.go new file mode 100644 -index 00000000000000..c98a276ec33fb0 +index 00000000000000..cd006544b5111b --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/des.go @@ -0,0 +1,114 @@ @@ -1003,7 +1089,7 @@ index 00000000000000..c98a276ec33fb0 +func SupportsDESCipher() bool { + // True for stock OpenSSL 1 w/o FIPS. + // False for stock OpenSSL 3 unless the legacy provider is available. -+ return (versionAtOrAbove(1, 1, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil ++ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherDES, cipherModeECB) != nil +} + +// SupportsTripleDESCipher returns true if NewTripleDESCipher is supported, @@ -1101,10 +1187,10 @@ index 00000000000000..c98a276ec33fb0 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/dsa.go b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go new file mode 100644 -index 00000000000000..875533a50fbac5 +index 00000000000000..c56071f577f4f2 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go -@@ -0,0 +1,348 @@ +@@ -0,0 +1,324 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1116,14 +1202,6 @@ index 00000000000000..875533a50fbac5 + "unsafe" +) + -+var ( -+ OSSL_PKEY_PARAM_FFC_PBITS = C.CString("pbits") -+ OSSL_PKEY_PARAM_FFC_QBITS = C.CString("qbits") -+ OSSL_PKEY_PARAM_FFC_P = C.CString("p") -+ OSSL_PKEY_PARAM_FFC_Q = C.CString("q") -+ OSSL_PKEY_PARAM_FFC_G = C.CString("g") -+) -+ +// SupportsDSA returns true if the OpenSSL library supports DSA. +func SupportsDSA() bool { + ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_DSA, nil) @@ -1217,9 +1295,9 @@ index 00000000000000..875533a50fbac5 + C.go_openssl_BN_free(q) + C.go_openssl_BN_free(g) + }() -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_P, &p) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_Q, &q) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_FFC_G, &g) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_P, &p) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_Q, &q) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_FFC_G, &g) != 1 { + return DSAParameters{}, newOpenSSLError("EVP_PKEY_get_bn_param") + } + default: @@ -1281,8 +1359,8 @@ index 00000000000000..875533a50fbac5 + C.go_openssl_BN_clear_free(x) + C.go_openssl_BN_free(y) + }() -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PUB_KEY, &y) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &x) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY, &y) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &x) != 1 { + return nil, newOpenSSLError("EVP_PKEY_get_bn_param") + } + default: @@ -1371,44 +1449,28 @@ index 00000000000000..875533a50fbac5 +func newDSA3(params DSAParameters, x, y BigInt) (C.GO_EVP_PKEY_PTR, error) { + checkMajorVersion(3) + -+ bld := C.go_openssl_OSSL_PARAM_BLD_new() -+ if bld == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_new") ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err + } -+ defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ p, q, g := bigToBN(params.P), bigToBN(params.Q), bigToBN(params.G) -+ defer func() { -+ C.go_openssl_BN_free(p) -+ C.go_openssl_BN_free(q) -+ C.go_openssl_BN_free(g) -+ }() -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) != 1 || -+ C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) != 1 || -+ C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) != 1 { ++ defer bld.finalize() + -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") -+ } ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_P, params.P, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_Q, params.Q, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_FFC_G, params.G, false) + selection := C.int(C.GO_EVP_PKEY_KEYPAIR) + if y != nil { -+ pub := bigToBN(y) -+ defer C.go_openssl_BN_free(pub) -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub) != 1 { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") -+ } ++ bld.addBigInt(_OSSL_PKEY_PARAM_PUB_KEY, y, false) + if x == nil { + selection = C.int(C.GO_EVP_PKEY_PUBLIC_KEY) + } + } + if x != nil { -+ priv := bigToBN(x) -+ defer C.go_openssl_BN_clear_free(priv) -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1 { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") -+ } ++ bld.addBigInt(_OSSL_PKEY_PARAM_PRIV_KEY, x, true) + } -+ bldparams := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) -+ if bldparams == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_to_param") ++ bldparams, err := bld.build() ++ if err != nil { ++ return nil, err + } + defer C.go_openssl_OSSL_PARAM_free(bldparams) + pkey, err := newEvpFromParams(C.GO_EVP_PKEY_DSA, selection, bldparams) @@ -1455,10 +1517,10 @@ index 00000000000000..875533a50fbac5 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ec.go b/src/vendor/github.com/golang-fips/openssl/v2/ec.go new file mode 100644 -index 00000000000000..5c253f7eec5358 +index 00000000000000..03c51e5a74cf1a --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -@@ -0,0 +1,59 @@ +@@ -0,0 +1,51 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1466,14 +1528,6 @@ index 00000000000000..5c253f7eec5358 +// #include "goopenssl.h" +import "C" + -+var ( -+ OSSL_PKEY_PARAM_PUB_KEY = C.CString("pub") -+ OSSL_PKEY_PARAM_PRIV_KEY = C.CString("priv") -+ OSSL_PKEY_PARAM_GROUP_NAME = C.CString("group") -+ OSSL_PKEY_PARAM_EC_PUB_X = C.CString("qx") -+ OSSL_PKEY_PARAM_EC_PUB_Y = C.CString("qy") -+) -+ +func curveNID(curve string) (C.int, error) { + switch curve { + case "P-224": @@ -1520,10 +1574,10 @@ index 00000000000000..5c253f7eec5358 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go new file mode 100644 -index 00000000000000..de5f712f22158f +index 00000000000000..5b146749350bf5 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -@@ -0,0 +1,321 @@ +@@ -0,0 +1,313 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1693,32 +1747,24 @@ index 00000000000000..de5f712f22158f +func newECDHPkey3(nid C.int, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, error) { + checkMajorVersion(3) + -+ bld := C.go_openssl_OSSL_PARAM_BLD_new() -+ if bld == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_new") ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err + } -+ defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) + var selection C.int + if isPrivate { -+ priv := C.go_openssl_BN_bin2bn(base(bytes), C.int(len(bytes)), nil) -+ if priv == nil { -+ return nil, newOpenSSLError("BN_bin2bn") -+ } -+ defer C.go_openssl_BN_clear_free(priv) -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv) != 1 { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") -+ } ++ bld.addBin(_OSSL_PKEY_PARAM_PRIV_KEY, bytes, true) + selection = C.GO_EVP_PKEY_KEYPAIR + } else { -+ cbytes := C.CBytes(bytes) -+ defer C.free(cbytes) -+ C.go_openssl_OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, cbytes, C.size_t(len(bytes))) ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, bytes) + selection = C.GO_EVP_PKEY_PUBLIC_KEY + } -+ params := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) -+ if params == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_to_param") ++ ++ params, err := bld.build() ++ if err != nil { ++ return nil, err + } + defer C.go_openssl_OSSL_PARAM_free(params) + return newEvpFromParams(C.GO_EVP_PKEY_EC, selection, params) @@ -1759,7 +1805,7 @@ index 00000000000000..de5f712f22158f + } + case 3: + var priv C.GO_BIGNUM_PTR -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { + return newOpenSSLError("EVP_PKEY_get_bn_param") + } + defer C.go_openssl_BN_clear_free(priv) @@ -1824,7 +1870,7 @@ index 00000000000000..de5f712f22158f + return nil, nil, newOpenSSLError("EC_KEY_get0_private_key") + } + case 3: -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { + return nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") + } + defer C.go_openssl_BN_clear_free(priv) @@ -1847,10 +1893,10 @@ index 00000000000000..de5f712f22158f +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go new file mode 100644 -index 00000000000000..be7e9455f49d47 +index 00000000000000..f85782a6e92268 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -@@ -0,0 +1,215 @@ +@@ -0,0 +1,211 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1944,9 +1990,9 @@ index 00000000000000..be7e9455f49d47 + // Get Z. We don't need to free it, get0 does not increase the reference count. + bd = C.go_openssl_EC_KEY_get0_private_key(key) + case 3: -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &bx) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &by) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &bd) != 1 { ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_X, &bx) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_EC_PUB_Y, &by) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &bd) != 1 { + return nil, nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") + } + defer C.go_openssl_BN_clear_free(bd) @@ -2041,37 +2087,33 @@ index 00000000000000..be7e9455f49d47 + return nil, err + } + // Construct the parameters. -+ bld := C.go_openssl_OSSL_PARAM_BLD_new() -+ if bld == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_new") ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err + } -+ defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) -+ cbytes := C.CBytes(pubBytes) -+ defer C.free(cbytes) -+ C.go_openssl_OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, cbytes, C.size_t(len(pubBytes))) ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) + var selection C.int + if bd != nil { -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, bd) != 1 { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") -+ } ++ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, bd) + selection = C.GO_EVP_PKEY_KEYPAIR + } else { + selection = C.GO_EVP_PKEY_PUBLIC_KEY + } -+ params := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) -+ if params == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_to_param") ++ params, err := bld.build() ++ if err != nil { ++ return nil, err + } + defer C.go_openssl_OSSL_PARAM_free(params) + return newEvpFromParams(C.GO_EVP_PKEY_EC, selection, params) +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go new file mode 100644 -index 00000000000000..f74bd8f8d7a993 +index 00000000000000..77ccbf590d87b5 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,218 @@ +@@ -0,0 +1,221 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2100,29 +2142,32 @@ index 00000000000000..f74bd8f8d7a993 +// TODO: Add support for Ed25519ph and Ed25519ctx when OpenSSL supports them, +// which will probably be in 3.2.0 (https://github.com/openssl/openssl/issues/20418). + -+var ( -+ onceSupportsEd25519 sync.Once -+ supportsEd25519 bool -+) ++var supportsEd25519 = sync.OnceValue(func() bool { ++ switch vMajor { ++ case 1: ++ if versionAtOrAbove(1, 1, 1) { ++ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_ED25519, nil) ++ if ctx != nil { ++ C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ return true ++ } ++ } ++ case 3: ++ name := C.CString("ED25519") ++ defer C.free(unsafe.Pointer(name)) ++ sig := C.go_openssl_EVP_SIGNATURE_fetch(nil, name, nil) ++ if sig != nil { ++ C.go_openssl_EVP_SIGNATURE_free(sig) ++ return true ++ } ++ } ++ return false ++}) + +// SupportsEd25519 returns true if the current OpenSSL version supports +// GenerateKeyEd25519, NewKeyFromSeedEd25519, SignEd25519 and VerifyEd25519. +func SupportsEd25519() bool { -+ onceSupportsEd25519.Do(func() { -+ switch vMajor { -+ case 1: -+ supportsEd25519 = versionAtOrAbove(1, 1, 1) -+ case 3: -+ name := C.CString("ED25519") -+ defer C.free(unsafe.Pointer(name)) -+ sig := C.go_openssl_EVP_SIGNATURE_fetch(nil, name, nil) -+ if sig != nil { -+ C.go_openssl_EVP_SIGNATURE_free(sig) -+ supportsEd25519 = true -+ } -+ } -+ }) -+ return supportsEd25519 ++ return supportsEd25519() +} + +type PublicKeyEd25519 struct { @@ -2292,10 +2337,10 @@ index 00000000000000..f74bd8f8d7a993 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go new file mode 100644 -index 00000000000000..fa557d86be71c5 +index 00000000000000..91296a93f72d55 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -@@ -0,0 +1,471 @@ +@@ -0,0 +1,519 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2314,6 +2359,30 @@ index 00000000000000..fa557d86be71c5 +// cacheMD is a cache of crypto.Hash to GO_EVP_MD_PTR. +var cacheMD sync.Map + ++// hashFuncHash calls fn() and returns its result. ++// If fn() panics, the panic is recovered and returned as an error. ++// This is used to avoid aborting the program when calling ++// an unsupported hash function. It is the caller's responsibility ++// to check the returned value. ++func hashFuncHash(fn func() hash.Hash) (h hash.Hash, err error) { ++ defer func() { ++ r := recover() ++ if r == nil { ++ return ++ } ++ h = nil ++ switch e := r.(type) { ++ case error: ++ err = e ++ case string: ++ err = errors.New(e) ++ default: ++ err = errors.New("unsupported panic") ++ } ++ }() ++ return fn(), nil ++} ++ +// hashToMD converts a hash.Hash implementation from this package to a GO_EVP_MD_PTR. +func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR { + var ch crypto.Hash @@ -2343,18 +2412,46 @@ index 00000000000000..fa557d86be71c5 + return nil +} + ++// hashFuncToMD converts a hash.Hash function to a GO_EVP_MD_PTR. ++// See [hashFuncHash] for details on error handling. ++func hashFuncToMD(fn func() hash.Hash) (C.GO_EVP_MD_PTR, error) { ++ h, err := hashFuncHash(fn) ++ if err != nil { ++ return nil, err ++ } ++ md := hashToMD(h) ++ if md == nil { ++ return nil, errors.New("unsupported hash function") ++ } ++ return md, nil ++} ++ +// cryptoHashToMD converts a crypto.Hash to a GO_EVP_MD_PTR. +func cryptoHashToMD(ch crypto.Hash) (md C.GO_EVP_MD_PTR) { + if v, ok := cacheMD.Load(ch); ok { + return v.(C.GO_EVP_MD_PTR) + } + defer func() { -+ if md != nil && vMajor == 3 { -+ // On OpenSSL 3, directly operating on a EVP_MD object -+ // not created by EVP_MD_fetch has negative performance -+ // implications, as digest operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ md = C.go_openssl_EVP_MD_fetch(nil, C.go_openssl_EVP_MD_get0_name(md), nil) ++ if md != nil { ++ switch vMajor { ++ case 1: ++ // On OpenSSL 1 EVP_MD objects can be not-nil even ++ // when they are not supported. We need to pass the md ++ // to a EVP_MD_CTX to really know if they can be used. ++ ctx := C.go_openssl_EVP_MD_CTX_new() ++ if C.go_openssl_EVP_DigestInit_ex(ctx, md, nil) != 1 { ++ md = nil ++ } ++ C.go_openssl_EVP_MD_CTX_free(ctx) ++ case 3: ++ // On OpenSSL 3, directly operating on a EVP_MD object ++ // not created by EVP_MD_fetch has negative performance ++ // implications, as digest operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ md = C.go_openssl_EVP_MD_fetch(nil, C.go_openssl_EVP_MD_get0_name(md), nil) ++ default: ++ panic(errUnsupportedVersion()) ++ } + } + cacheMD.Store(ch, md) + }() @@ -2370,13 +2467,9 @@ index 00000000000000..fa557d86be71c5 + } + switch ch { + case crypto.MD4: -+ if versionAtOrAbove(1, 1, 0) || !FIPS() { -+ return C.go_openssl_EVP_md4() -+ } ++ return C.go_openssl_EVP_md4() + case crypto.MD5: -+ if versionAtOrAbove(1, 1, 0) || !FIPS() { -+ return C.go_openssl_EVP_md5() -+ } ++ return C.go_openssl_EVP_md5() + case crypto.SHA1: + return C.go_openssl_EVP_sha1() + case crypto.SHA224: @@ -2769,10 +2862,10 @@ index 00000000000000..fa557d86be71c5 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.c b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.c new file mode 100644 -index 00000000000000..1e428d5269f997 +index 00000000000000..c3385b9d0186c6 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.c -@@ -0,0 +1,218 @@ +@@ -0,0 +1,240 @@ +//go:build unix || windows + +#include "goopenssl.h" @@ -2810,6 +2903,19 @@ index 00000000000000..1e428d5269f997 +#undef DEFINEFUNC_RENAMED_1_1 +#undef DEFINEFUNC_RENAMED_3_0 + ++// go_openssl_fips_enabled returns 1 if FIPS mode is enabled, 0 otherwise. ++// As a special case, it returns -1 if it cannot determine if FIPS mode is enabled. ++// See openssl.FIPS for details about its implementation. ++// ++// This function is reimplemented here because openssl.FIPS assumes that ++// all the OpenSSL bindings are loaded, that is, go_openssl_load_functions has ++// already been called. On the other hand, go_openssl_fips_enabled is called from ++// openssl.CheckVersion, which is used to check if a given OpenSSL shared library ++// exists and is FIPS compliant. That shared library might not be the one that ++// was passed to go_openssl_load_functions, or it might not even have been called at all. ++// ++// It is written in C because it is not possible to directly call C function pointers ++// retrieved using dlsym from Go. +int +go_openssl_fips_enabled(void* handle) +{ @@ -2820,15 +2926,24 @@ index 00000000000000..1e428d5269f997 + return FIPS_mode(); + + // For OpenSSL 3.x. -+ int (*EVP_default_properties_is_fips_enabled)(void*); -+ int (*OSSL_PROVIDER_available)(void*, const char*); -+ EVP_default_properties_is_fips_enabled = (int (*)(void*))dlsym(handle, "EVP_default_properties_is_fips_enabled"); -+ OSSL_PROVIDER_available = (int (*)(void*, const char*))dlsym(handle, "OSSL_PROVIDER_available"); -+ if (EVP_default_properties_is_fips_enabled != NULL && OSSL_PROVIDER_available != NULL && -+ EVP_default_properties_is_fips_enabled(NULL) == 1 && OSSL_PROVIDER_available(NULL, "fips") == 1) -+ return 1; ++ int (*EVP_default_properties_is_fips_enabled)(void*) = (int (*)(void*))dlsym(handle, "EVP_default_properties_is_fips_enabled"); ++ void *(*EVP_MD_fetch)(void*, const char*, const char*) = (void* (*)(void*, const char*, const char*))dlsym(handle, "EVP_MD_fetch"); ++ void (*EVP_MD_free)(void*) = (void (*)(void*))dlsym(handle, "EVP_MD_free"); + -+ return 0; ++ if (EVP_default_properties_is_fips_enabled == NULL || EVP_MD_fetch == NULL || EVP_MD_free == NULL) { ++ // Shouldn't happen, but if it does, we can't determine if FIPS mode is enabled. ++ return -1; ++ } ++ ++ if (EVP_default_properties_is_fips_enabled(NULL) != 1) ++ return 0; ++ ++ void *md = EVP_MD_fetch(NULL, "SHA2-256", NULL); ++ if (md == NULL) ++ return 0; ++ ++ EVP_MD_free(md); ++ return 1; +} + +// Load all the functions stored in FOR_ALL_OPENSSL_FUNCTIONS @@ -4306,10 +4421,10 @@ index 00000000000000..6fd3a518906004 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go new file mode 100644 -index 00000000000000..2e4323cc247a78 +index 00000000000000..f2ff598de65b2d --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,190 @@ +@@ -0,0 +1,285 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -4321,6 +4436,7 @@ index 00000000000000..2e4323cc247a78 + "hash" + "io" + "runtime" ++ "sync" + "unsafe" +) + @@ -4330,85 +4446,72 @@ index 00000000000000..2e4323cc247a78 + case 1: + return versionAtOrAbove(1, 1, 1) + case 3: -+ // Some OpenSSL 3 providers don't support HKDF or don't support it via -+ // the EVP_PKEY API, which is the one we use. -+ // See https://github.com/golang-fips/openssl/issues/189. -+ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_HKDF, nil) -+ if ctx == nil { -+ return false -+ } -+ C.go_openssl_EVP_PKEY_CTX_free(ctx) -+ return true ++ _, err := fetchHKDF3() ++ return err == nil + default: + panic(errUnsupportedVersion()) + } +} + -+func newHKDF(h func() hash.Hash, mode C.int) (*hkdf, error) { -+ if !SupportsHKDF() { -+ return nil, errUnsupportedVersion() -+ } -+ -+ ch := h() -+ md := hashToMD(ch) -+ if md == nil { -+ return nil, errors.New("unsupported hash function") -+ } ++func newHKDFCtx1(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, info []byte) (ctx C.GO_EVP_PKEY_CTX_PTR, err error) { ++ checkMajorVersion(1) + -+ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_HKDF, nil) ++ ctx = C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_HKDF, nil) + if ctx == nil { + return nil, newOpenSSLError("EVP_PKEY_CTX_new_id") + } + defer func() { -+ C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ if err != nil { ++ C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ } + }() + + if C.go_openssl_EVP_PKEY_derive_init(ctx) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_derive_init") ++ return ctx, newOpenSSLError("EVP_PKEY_derive_init") + } -+ switch vMajor { -+ case 3: -+ if C.go_openssl_EVP_PKEY_CTX_set_hkdf_mode(ctx, mode) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_mode") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_set_hkdf_md(ctx, md) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_md") -+ } -+ case 1: -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_HKDF_MODE, -+ C.int(mode), nil) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_mode") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_HKDF_MD, -+ 0, unsafe.Pointer(md)) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_md") ++ ++ ctrlSlice := func(ctrl int, data []byte) C.int { ++ if len(data) == 0 { ++ return 1 // No data to set. + } ++ return C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, C.int(ctrl), C.int(len(data)), unsafe.Pointer(base(data))) + } + -+ c := &hkdf{ctx: ctx, hashLen: ch.Size()} -+ ctx = nil -+ -+ runtime.SetFinalizer(c, (*hkdf).finalize) -+ -+ return c, nil ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, C.GO_EVP_PKEY_CTRL_HKDF_MODE, mode, nil) != 1 { ++ return ctx, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_mode") ++ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, C.GO_EVP_PKEY_CTRL_HKDF_MD, 0, unsafe.Pointer(md)) != 1 { ++ return ctx, newOpenSSLError("EVP_PKEY_CTX_set_hkdf_md") ++ } ++ if ctrlSlice(C.GO_EVP_PKEY_CTRL_HKDF_KEY, secret) != 1 { ++ return ctx, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_key") ++ } ++ if ctrlSlice(C.GO_EVP_PKEY_CTRL_HKDF_SALT, salt) != 1 { ++ return ctx, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_salt") ++ } ++ if ctrlSlice(C.GO_EVP_PKEY_CTRL_HKDF_KEY, pseudorandomKey) != 1 { ++ return ctx, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_key") ++ } ++ if ctrlSlice(C.GO_EVP_PKEY_CTRL_HKDF_INFO, info) != 1 { ++ return ctx, newOpenSSLError("EVP_PKEY_CTX_add1_hkdf_info") ++ } ++ return ctx, nil +} + -+type hkdf struct { ++type hkdf1 struct { + ctx C.GO_EVP_PKEY_CTX_PTR + + hashLen int + buf []byte +} + -+func (c *hkdf) finalize() { ++func (c *hkdf1) finalize() { + if c.ctx != nil { + C.go_openssl_EVP_PKEY_CTX_free(c.ctx) + } +} + -+func (c *hkdf) Read(p []byte) (int, error) { ++func (c *hkdf1) Read(p []byte) (int, error) { + defer runtime.KeepAlive(c) + + // EVP_PKEY_derive doesn't support incremental output, each call @@ -4434,102 +4537,207 @@ index 00000000000000..2e4323cc247a78 +} + +func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ c, err := newHKDF(h, C.GO_EVP_KDF_HKDF_MODE_EXTRACT_ONLY) ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } ++ ++ md, err := hashFuncToMD(h) + if err != nil { + return nil, err + } ++ + switch vMajor { -+ case 3: -+ if C.go_openssl_EVP_PKEY_CTX_set1_hkdf_key(c.ctx, -+ base(secret), C.int(len(secret))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_key") ++ case 1: ++ ctx, err := newHKDFCtx1(md, C.GO_EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) ++ if err != nil { ++ return nil, err + } -+ if C.go_openssl_EVP_PKEY_CTX_set1_hkdf_salt(c.ctx, -+ base(salt), C.int(len(salt))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_salt") ++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ r := C.go_openssl_EVP_PKEY_derive_wrapper(ctx, nil, 0) ++ if r.result != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_derive_init") + } -+ case 1: -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(c.ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_HKDF_KEY, -+ C.int(len(secret)), unsafe.Pointer(base(secret))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_key") ++ out := make([]byte, r.keylen) ++ if C.go_openssl_EVP_PKEY_derive_wrapper(ctx, base(out), r.keylen).result != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_derive") + } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(c.ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_HKDF_SALT, -+ C.int(len(salt)), unsafe.Pointer(base(salt))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_salt") ++ return out[:r.keylen], nil ++ case 3: ++ ctx, err := newHKDFCtx3(md, C.GO_EVP_KDF_HKDF_MODE_EXTRACT_ONLY, secret, salt, nil, nil) ++ if err != nil { ++ return nil, err + } ++ defer C.go_openssl_EVP_KDF_CTX_free(ctx) ++ out := make([]byte, C.go_openssl_EVP_KDF_CTX_get_kdf_size(ctx)) ++ if C.go_openssl_EVP_KDF_derive(ctx, base(out), C.size_t(len(out)), nil) != 1 { ++ return nil, newOpenSSLError("EVP_KDF_derive") ++ } ++ return out, nil ++ default: ++ panic(errUnsupportedVersion()) + } -+ r := C.go_openssl_EVP_PKEY_derive_wrapper(c.ctx, nil, 0) -+ if r.result != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_derive_init") -+ } -+ out := make([]byte, r.keylen) -+ if C.go_openssl_EVP_PKEY_derive_wrapper(c.ctx, base(out), r.keylen).result != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_derive") -+ } -+ return out[:r.keylen], nil +} + +func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -+ c, err := newHKDF(h, C.GO_EVP_KDF_HKDF_MODE_EXPAND_ONLY) ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } ++ ++ md, err := hashFuncToMD(h) + if err != nil { + return nil, err + } ++ + switch vMajor { -+ case 3: -+ if C.go_openssl_EVP_PKEY_CTX_set1_hkdf_key(c.ctx, -+ base(pseudorandomKey), C.int(len(pseudorandomKey))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_key") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_add1_hkdf_info(c.ctx, -+ base(info), C.int(len(info))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_add1_hkdf_info") -+ } + case 1: -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(c.ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_HKDF_KEY, -+ C.int(len(pseudorandomKey)), unsafe.Pointer(base(pseudorandomKey))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_set1_hkdf_key") ++ ctx, err := newHKDFCtx1(md, C.GO_EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err + } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(c.ctx, -1, C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_HKDF_INFO, -+ C.int(len(info)), unsafe.Pointer(base(info))) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_add1_hkdf_info") ++ c := &hkdf1{ctx: ctx, hashLen: int(C.go_openssl_EVP_MD_get_size(md))} ++ runtime.SetFinalizer(c, (*hkdf1).finalize) ++ return c, nil ++ case 3: ++ ctx, err := newHKDFCtx3(md, C.GO_EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err + } ++ c := &hkdf3{ctx: ctx, hashLen: int(C.go_openssl_EVP_MD_get_size(md))} ++ runtime.SetFinalizer(c, (*hkdf3).finalize) ++ return c, nil ++ default: ++ panic(errUnsupportedVersion()) + } -+ return c, nil +} -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hmac.go b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -new file mode 100644 -index 00000000000000..02d0d3732b9b61 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go -@@ -0,0 +1,276 @@ -+//go:build !cmd_go_bootstrap -+ -+package openssl + -+// #include "goopenssl.h" -+import "C" -+import ( -+ "hash" -+ "runtime" -+ "sync" -+ "unsafe" -+) ++type hkdf3 struct { ++ ctx C.GO_EVP_KDF_CTX_PTR + -+var OSSL_MAC_PARAM_DIGEST = C.CString("digest") ++ hashLen int ++ buf []byte ++} + -+// NewHMAC returns a new HMAC using OpenSSL. -+// The function h must return a hash implemented by -+// OpenSSL (for example, h could be openssl.NewSHA256). -+// If h is not recognized, NewHMAC returns nil. -+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { -+ ch := h() -+ md := hashToMD(ch) -+ if md == nil { -+ return nil ++func (c *hkdf3) finalize() { ++ if c.ctx != nil { ++ C.go_openssl_EVP_KDF_CTX_free(c.ctx) ++ } ++} ++ ++// fetchHKDF3 fetches the HKDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchHKDF3 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { ++ checkMajorVersion(3) ++ ++ name := C.CString("HKDF") ++ kdf := C.go_openssl_EVP_KDF_fetch(nil, name, nil) ++ C.free(unsafe.Pointer(name)) ++ if kdf == nil { ++ return nil, newOpenSSLError("EVP_KDF_fetch") ++ } ++ return kdf, nil ++}) ++ ++// newHKDFCtx3 implements HKDF for OpenSSL 3 using the EVP_KDF API. ++func newHKDFCtx3(md C.GO_EVP_MD_PTR, mode C.int, secret, salt, pseudorandomKey, info []byte) (_ C.GO_EVP_KDF_CTX_PTR, err error) { ++ checkMajorVersion(3) ++ ++ kdf, err := fetchHKDF3() ++ if err != nil { ++ return nil, err ++ } ++ ctx := C.go_openssl_EVP_KDF_CTX_new(kdf) ++ if ctx == nil { ++ return nil, newOpenSSLError("EVP_KDF_CTX_new") ++ } ++ defer func() { ++ if err != nil { ++ C.go_openssl_EVP_KDF_CTX_free(ctx) ++ } ++ }() ++ ++ bld, err := newParamBuilder() ++ if err != nil { ++ return ctx, err ++ } ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, C.go_openssl_EVP_MD_get0_name(md), 0) ++ bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) ++ if len(secret) > 0 { ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) ++ } ++ if len(salt) > 0 { ++ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) ++ } ++ if len(pseudorandomKey) > 0 { ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) ++ } ++ if len(info) > 0 { ++ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) ++ } ++ params, err := bld.build() ++ if err != nil { ++ return ctx, err ++ } ++ defer C.go_openssl_OSSL_PARAM_free(params) ++ ++ if C.go_openssl_EVP_KDF_CTX_set_params(ctx, params) != 1 { ++ return ctx, newOpenSSLError("EVP_KDF_CTX_set_params") ++ } ++ return ctx, nil ++} ++ ++func (c *hkdf3) Read(p []byte) (int, error) { ++ defer runtime.KeepAlive(c) ++ ++ // EVP_KDF_derive doesn't support incremental output, each call ++ // derives the key from scratch and returns the requested bytes. ++ // To implement io.Reader, we need to ask for len(c.buf) + len(p) ++ // bytes and copy the last derived len(p) bytes to p. ++ // We use c.buf to know how many bytes we've already derived and ++ // to avoid allocating the whole output buffer on each call. ++ prevLen := len(c.buf) ++ needLen := len(p) ++ remains := 255*c.hashLen - prevLen ++ // Check whether enough data can be generated. ++ if remains < needLen { ++ return 0, errors.New("hkdf: entropy limit reached") ++ } ++ c.buf = append(c.buf, make([]byte, needLen)...) ++ outLen := C.size_t(prevLen + needLen) ++ if C.go_openssl_EVP_KDF_derive(c.ctx, base(c.buf), outLen, nil) != 1 { ++ return 0, newOpenSSLError("EVP_KDF_derive") ++ } ++ n := copy(p, c.buf[prevLen:outLen]) ++ return n, nil ++} +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hmac.go b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go +new file mode 100644 +index 00000000000000..b519ba3111dcc3 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/hmac.go +@@ -0,0 +1,274 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++// #include "goopenssl.h" ++import "C" ++import ( ++ "hash" ++ "runtime" ++ "sync" ++ "unsafe" ++) ++ ++// NewHMAC returns a new HMAC using OpenSSL. ++// The function h must return a hash implemented by ++// OpenSSL (for example, h could be openssl.NewSHA256). ++// If h is not recognized, NewHMAC returns nil. ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ h, _ := hashFuncHash(fh) ++ md := hashToMD(h) ++ if md == nil { ++ return nil + } + + if len(key) == 0 { @@ -4542,8 +4750,8 @@ index 00000000000000..02d0d3732b9b61 + } + + hmac := &opensslHMAC{ -+ size: ch.Size(), -+ blockSize: ch.BlockSize(), ++ size: h.Size(), ++ blockSize: h.BlockSize(), + } + + switch vMajor { @@ -4607,14 +4815,14 @@ index 00000000000000..02d0d3732b9b61 + return mac +}) + -+func buildHMAC3Params(digest *C.char) C.GO_OSSL_PARAM_PTR { -+ bld := C.go_openssl_OSSL_PARAM_BLD_new() -+ if bld == nil { -+ panic(newOpenSSLError("OSSL_PARAM_BLD_new")) ++func buildHMAC3Params(digest *C.char) (C.GO_OSSL_PARAM_PTR, error) { ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err + } -+ defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_MAC_PARAM_DIGEST, digest, 0) -+ return C.go_openssl_OSSL_PARAM_BLD_to_param(bld) ++ defer bld.finalize() ++ bld.addUTF8String(_OSSL_MAC_PARAM_DIGEST, digest, 0) ++ return bld.build() +} + +func isHMAC3DigestSupported(digest string) bool { @@ -4629,9 +4837,9 @@ index 00000000000000..02d0d3732b9b61 + + cdigest := C.CString(digest) + defer C.free(unsafe.Pointer(cdigest)) -+ params := buildHMAC3Params(cdigest) -+ if params == nil { -+ panic(newOpenSSLError("OSSL_PARAM_BLD_to_param")) ++ params, err := buildHMAC3Params(cdigest) ++ if err != nil { ++ panic(err) + } + defer C.go_openssl_OSSL_PARAM_free(params) + @@ -4649,9 +4857,9 @@ index 00000000000000..02d0d3732b9b61 + // See https://github.com/golang-fips/openssl/issues/153. + return hmacCtx3{} + } -+ params := buildHMAC3Params(digest) -+ if params == nil { -+ panic(newOpenSSLError("OSSL_PARAM_BLD_to_param")) ++ params, err := buildHMAC3Params(digest) ++ if err != nil { ++ panic(err) + } + defer C.go_openssl_OSSL_PARAM_free(params) + @@ -4933,10 +5141,10 @@ index 00000000000000..3778e21227abb9 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go new file mode 100644 -index 00000000000000..1562cee2685bc8 +index 00000000000000..f8b3f6ee140ace --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,434 @@ +@@ -0,0 +1,462 @@ +//go:build !cmd_go_bootstrap + +// Package openssl provides access to OpenSSL cryptographic functions. @@ -4977,8 +5185,14 @@ index 00000000000000..1562cee2685bc8 + return false, false + } + defer dlclose(handle) -+ fips = C.go_openssl_fips_enabled(handle) == 1 -+ return true, fips ++ enabled := C.go_openssl_fips_enabled(handle) ++ fips = enabled == 1 ++ // If go_openssl_fips_enabled returns -1, it means that all or some of the necessary ++ // functions are not available. This can be due to the version of OpenSSL being too old, ++ // too incompatible, or the shared library not being an OpenSSL library. In any case, ++ // we shouldn't consider this library to be valid for our purposes. ++ exists = enabled != -1 ++ return +} + +// Init loads and initializes OpenSSL from the shared library at path. @@ -5035,23 +5249,37 @@ index 00000000000000..1562cee2685bc8 +var ( + providerNameFips = C.CString("fips") + providerNameDefault = C.CString("default") ++ propFIPS = C.CString("fips=yes") ++ ++ algorithmSHA256 = C.CString("SHA2-256") +) + -+// FIPS returns true if OpenSSL is running in FIPS mode, else returns false. ++// FIPS returns true if OpenSSL is running in FIPS mode and there is ++// a provider available that supports FIPS. It returns false otherwise. +func FIPS() bool { + switch vMajor { + case 1: + return C.go_openssl_FIPS_mode() == 1 + case 3: -+ // If FIPS is not enabled via default properties, then we are sure FIPS is not used. -+ if C.go_openssl_EVP_default_properties_is_fips_enabled(nil) == 0 { ++ // Check if the default properties contain `fips=1`. ++ if C.go_openssl_EVP_default_properties_is_fips_enabled(nil) != 1 { ++ // Note that it is still possible that the provider used by default is FIPS-compliant, ++ // but that wouldn't be a system or user requirement. ++ return false ++ } ++ // Check if the SHA-256 algorithm is available. If it is, then we can be sure that there is a provider available that matches ++ // the `fips=1` query. Most notably, this works for the common case of using the built-in FIPS provider. ++ // ++ // Note that this approach has a small chance of false negative if the FIPS provider doesn't provide the SHA-256 algorithm, ++ // but that is highly unlikely because SHA-256 is one of the most common algorithms and fundamental to many cryptographic operations. ++ // It also has a small chance of false positive if the FIPS provider implements the SHA-256 algorithm but not the other algorithms ++ // used by the caller application, but that is also unlikely because the FIPS provider should provide all common algorithms. ++ md := C.go_openssl_EVP_MD_fetch(nil, algorithmSHA256, nil) ++ if md == nil { + return false + } -+ // EVP_default_properties_is_fips_enabled can return true even if the FIPS provider isn't loaded, -+ // it is only based on the default properties. -+ // We can be sure that the FIPS provider is available if we can fetch an algorithm, e.g., SHA2-256, -+ // explicitly setting `fips=yes`. -+ return C.go_openssl_OSSL_PROVIDER_available(nil, providerNameFips) == 1 ++ C.go_openssl_EVP_MD_free(md) ++ return true + default: + panic(errUnsupportedVersion()) + } @@ -5089,19 +5317,27 @@ index 00000000000000..1562cee2685bc8 + } else { + provName = providerNameDefault + } -+ // Check if there is any provider that matches props. -+ if C.go_openssl_OSSL_PROVIDER_available(nil, provName) != 1 { -+ // If not, fallback to provName provider. -+ if C.go_openssl_OSSL_PROVIDER_load(nil, provName) == nil { -+ return newOpenSSLError("OSSL_PROVIDER_try_load") -+ } -+ // Make sure we now have a provider available. -+ if C.go_openssl_OSSL_PROVIDER_available(nil, provName) != 1 { -+ return fail("SetFIPS(" + strconv.FormatBool(enabled) + ") not supported") -+ } ++ // Try to load the provider, but don't fail if it's not loaded. ++ // The built-in provider might not be present in the system. ++ // We don't need the built-in provider if third-party providers are being used: they are already loaded. ++ // If the system is not well-configured and has no FIPS capability, this will be detected by the next steps. ++ C.go_openssl_OSSL_PROVIDER_try_load(nil, provName, 1) ++ C.go_openssl_ERR_clear_error() ++ ++ // See FIPS() for the rationale behind this check. ++ md := C.go_openssl_EVP_MD_fetch(nil, algorithmSHA256, propFIPS) ++ if md == nil { ++ // Don't enable FIPS mode if there is no provider that supports it. ++ // This makes it easier for callers to call SetFIPS(true) to do a ++ // best-effort attempt to enable FIPS mode, but not fail if it's not possible. ++ C.go_openssl_ERR_clear_error() ++ return errors.New("openssl: FIPS mode not supported by any provider") + } ++ C.go_openssl_EVP_MD_free(md) ++ ++ // Enable FIPS mode in the default properties. + if C.go_openssl_EVP_default_properties_enable_fips(nil, mode) != 1 { -+ return newOpenSSLError("openssl: EVP_default_properties_enable_fips") ++ return newOpenSSLError("EVP_default_properties_enable_fips") + } + return nil + default: @@ -5371,12 +5607,228 @@ index 00000000000000..1562cee2685bc8 +func versionAtOrAbove(major, minor, patch uint) bool { + return vMajor > major || (vMajor == major && vMinor > minor) || (vMajor == major && vMinor == minor && vPatch >= patch) +} +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/params.go b/src/vendor/github.com/golang-fips/openssl/v2/params.go +new file mode 100644 +index 00000000000000..fa24a8cd673ed0 +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/params.go +@@ -0,0 +1,210 @@ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++// #include "goopenssl.h" ++import "C" ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++var ( ++ // KDF parameters ++ _OSSL_KDF_PARAM_DIGEST = C.CString("digest") ++ _OSSL_KDF_PARAM_SECRET = C.CString("secret") ++ _OSSL_KDF_PARAM_SEED = C.CString("seed") ++ _OSSL_KDF_PARAM_KEY = C.CString("key") ++ _OSSL_KDF_PARAM_INFO = C.CString("info") ++ _OSSL_KDF_PARAM_SALT = C.CString("salt") ++ _OSSL_KDF_PARAM_MODE = C.CString("mode") ++ ++ // PKEY parameters ++ _OSSL_PKEY_PARAM_PUB_KEY = C.CString("pub") ++ _OSSL_PKEY_PARAM_PRIV_KEY = C.CString("priv") ++ _OSSL_PKEY_PARAM_GROUP_NAME = C.CString("group") ++ _OSSL_PKEY_PARAM_EC_PUB_X = C.CString("qx") ++ _OSSL_PKEY_PARAM_EC_PUB_Y = C.CString("qy") ++ _OSSL_PKEY_PARAM_FFC_PBITS = C.CString("pbits") ++ _OSSL_PKEY_PARAM_FFC_QBITS = C.CString("qbits") ++ _OSSL_PKEY_PARAM_RSA_N = C.CString("n") ++ _OSSL_PKEY_PARAM_RSA_E = C.CString("e") ++ _OSSL_PKEY_PARAM_RSA_D = C.CString("d") ++ _OSSL_PKEY_PARAM_FFC_P = C.CString("p") ++ _OSSL_PKEY_PARAM_FFC_Q = C.CString("q") ++ _OSSL_PKEY_PARAM_FFC_G = C.CString("g") ++ _OSSL_PKEY_PARAM_RSA_FACTOR1 = C.CString("rsa-factor1") ++ _OSSL_PKEY_PARAM_RSA_FACTOR2 = C.CString("rsa-factor2") ++ _OSSL_PKEY_PARAM_RSA_EXPONENT1 = C.CString("rsa-exponent1") ++ _OSSL_PKEY_PARAM_RSA_EXPONENT2 = C.CString("rsa-exponent2") ++ _OSSL_PKEY_PARAM_RSA_COEFFICIENT1 = C.CString("rsa-coefficient1") ++ ++ // MAC parameters ++ _OSSL_MAC_PARAM_DIGEST = C.CString("digest") ++) ++ ++type bnParam struct { ++ value C.GO_BIGNUM_PTR ++ private bool ++} ++ ++// paramBuilder is a helper for building OSSL_PARAMs. ++// If an error occurs when adding a new parameter, ++// subsequent calls to add parameters are ignored ++// and build() will return the error. ++type paramBuilder struct { ++ bld C.GO_OSSL_PARAM_BLD_PTR ++ pinner runtime.Pinner ++ bnToFree []bnParam ++ ++ err error ++} ++ ++// newParamBuilder creates a new paramBuilder. ++func newParamBuilder() (*paramBuilder, error) { ++ bld := C.go_openssl_OSSL_PARAM_BLD_new() ++ if bld == nil { ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_new") ++ } ++ pb := ¶mBuilder{ ++ bld: bld, ++ bnToFree: make([]bnParam, 0, 8), // the maximum known number of BIGNUMs to free are 8 for RSA ++ } ++ runtime.SetFinalizer(pb, (*paramBuilder).finalize) ++ return pb, nil ++} ++ ++// finalize frees the builder. ++func (b *paramBuilder) finalize() { ++ if b.bld != nil { ++ b.pinner.Unpin() ++ for _, bn := range b.bnToFree { ++ if bn.private { ++ C.go_openssl_BN_clear_free(bn.value) ++ } else { ++ C.go_openssl_BN_free(bn.value) ++ } ++ } ++ C.go_openssl_OSSL_PARAM_BLD_free(b.bld) ++ b.bld = nil ++ } ++} ++ ++// check is used internally to enforce invariants and should not be called by users of paramBuilder. ++// Returns true if it's ok to add parameters to the builder or build it. ++// Returns false if there has been an error while adding a parameter. ++// Panics if the paramBuilder has been freed, e.g. if it has already been built. ++func (b *paramBuilder) check() bool { ++ if b.err != nil { ++ return false ++ } ++ if b.bld == nil { ++ panic("openssl: paramBuilder has been freed") ++ } ++ return true ++} ++ ++// build creates an OSSL_PARAM from the builder. ++// The returned OSSL_PARAM must be freed with OSSL_PARAM_free. ++// If an error occurred while adding parameters, the error is returned ++// and the OSSL_PARAM is nil. Once build() is called, the builder is finalized ++// and cannot be reused. ++func (b *paramBuilder) build() (C.GO_OSSL_PARAM_PTR, error) { ++ defer b.finalize() ++ if !b.check() { ++ return nil, b.err ++ } ++ param := C.go_openssl_OSSL_PARAM_BLD_to_param(b.bld) ++ if param == nil { ++ return nil, newOpenSSLError("OSSL_PARAM_BLD_build") ++ } ++ return param, nil ++} ++ ++// addUTF8String adds a NUL-terminated UTF-8 string to the builder. ++// size should not include the terminating NUL byte. If size is zero, then it will be calculated. ++func (b *paramBuilder) addUTF8String(name *C.char, value *C.char, size C.size_t) { ++ if !b.check() { ++ return ++ } ++ // OSSL_PARAM_BLD_push_utf8_string calculates the size if it is zero. ++ if C.go_openssl_OSSL_PARAM_BLD_push_utf8_string(b.bld, name, value, size) != 1 { ++ b.err = newOpenSSLError("OSSL_PARAM_BLD_push_utf8_string(" + C.GoString(name) + ")") ++ } ++} ++ ++// addOctetString adds an octet string to the builder. ++// The value is pinned and will be unpinned when the builder is freed. ++func (b *paramBuilder) addOctetString(name *C.char, value []byte) { ++ if !b.check() { ++ return ++ } ++ if len(value) != 0 { ++ b.pinner.Pin(&value[0]) ++ } ++ if C.go_openssl_OSSL_PARAM_BLD_push_octet_string(b.bld, name, unsafe.Pointer(sbase(value)), C.size_t(len(value))) != 1 { ++ b.err = newOpenSSLError("OSSL_PARAM_BLD_push_octet_string(" + C.GoString(name) + ")") ++ } ++} ++ ++// addInt32 adds an int32 to the builder. ++func (b *paramBuilder) addInt32(name *C.char, value int32) { ++ if !b.check() { ++ return ++ } ++ if C.go_openssl_OSSL_PARAM_BLD_push_int32(b.bld, name, C.int32_t(value)) != 1 { ++ b.err = newOpenSSLError("OSSL_PARAM_BLD_push_int32(" + C.GoString(name) + ")") ++ } ++} ++ ++// addBN adds a GO_BIGNUM_PTR to the builder. ++func (b *paramBuilder) addBN(name *C.char, value C.GO_BIGNUM_PTR) { ++ if !b.check() { ++ return ++ } ++ if C.go_openssl_OSSL_PARAM_BLD_push_BN(b.bld, name, value) != 1 { ++ b.err = newOpenSSLError("OSSL_PARAM_BLD_push_BN(" + C.GoString(name) + ")") ++ } ++} ++ ++// addBin adds a byte slice to the builder. ++// The slice is converted to a BIGNUM using BN_bin2bn and freed when the builder is finalized. ++// If private is true, the BIGNUM will be cleared with BN_clear_free, ++// otherwise it will be freed with BN_free. ++func (b *paramBuilder) addBin(name *C.char, value []byte, private bool) { ++ if !b.check() { ++ return ++ } ++ if len(value) == 0 { ++ // Nothing to do. ++ return ++ } ++ bn := C.go_openssl_BN_bin2bn(base(value), C.int(len(value)), nil) ++ if bn == nil { ++ b.err = newOpenSSLError("BN_bin2bn") ++ return ++ } ++ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) ++ b.addBN(name, bn) ++} ++ ++// addBigInt adds a BigInt to the builder. ++// The BigInt is converted using bigToBN to a BIGNUM that is freed when the builder is finalized. ++// If private is true, the BIGNUM will be cleared with BN_clear_free, ++// otherwise it will be freed with BN_free. ++func (b *paramBuilder) addBigInt(name *C.char, value BigInt, private bool) { ++ if !b.check() { ++ return ++ } ++ if len(value) == 0 { ++ // Nothing to do. ++ return ++ } ++ bn := bigToBN(value) ++ if bn == nil { ++ b.err = newOpenSSLError("bigToBN") ++ return ++ } ++ b.bnToFree = append(b.bnToFree, bnParam{bn, private}) ++ b.addBN(name, bn) ++} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go new file mode 100644 -index 00000000000000..a895eab2d54767 +index 00000000000000..92276c6aadf423 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go -@@ -0,0 +1,28 @@ +@@ -0,0 +1,62 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -5386,10 +5838,44 @@ index 00000000000000..a895eab2d54767 +import ( + "errors" + "hash" ++ "sync" ++ "unsafe" +) + -+func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { -+ md := hashToMD(h()) ++// SupportsPBKDF2 reports whether the current OpenSSL version supports PBKDF2. ++func SupportsPBKDF2() bool { ++ switch vMajor { ++ case 1: ++ return true ++ case 3: ++ _, err := fetchPBKDF2() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } ++} ++ ++// fetchPBKDF2 fetches the PBKDF2 algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchPBKDF2 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { ++ checkMajorVersion(3) ++ ++ name := C.CString("PBKDF2") ++ kdf := C.go_openssl_EVP_KDF_fetch(nil, name, nil) ++ C.free(unsafe.Pointer(name)) ++ if kdf == nil { ++ return nil, newOpenSSLError("EVP_KDF_fetch") ++ } ++ return kdf, nil ++}) ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ h, err := hashFuncHash(fh) ++ if err != nil { ++ return nil, err ++ } ++ md := hashToMD(h) + if md == nil { + return nil, errors.New("unsupported hash function") + } @@ -5657,7 +6143,7 @@ index 00000000000000..9fd709635c3b40 +const RandReader = randReader(0) diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rc4.go b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go new file mode 100644 -index 00000000000000..f88150591eceb6 +index 00000000000000..f1cd3647fb9753 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/rc4.go @@ -0,0 +1,66 @@ @@ -5673,7 +6159,7 @@ index 00000000000000..f88150591eceb6 +func SupportsRC4() bool { + // True for stock OpenSSL 1 w/o FIPS. + // False for stock OpenSSL 3 unless the legacy provider is available. -+ return (versionAtOrAbove(1, 1, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil ++ return (versionAtOrAbove(3, 0, 0) || !FIPS()) && loadCipher(cipherRC4, cipherModeNone) != nil +} + +// A RC4Cipher is an instance of RC4 using a particular key. @@ -5729,10 +6215,10 @@ index 00000000000000..f88150591eceb6 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rsa.go b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go new file mode 100644 -index 00000000000000..4e45b02d88afc0 +index 00000000000000..cd5b3b8e2a9a85 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go -@@ -0,0 +1,443 @@ +@@ -0,0 +1,408 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -5748,17 +6234,6 @@ index 00000000000000..4e45b02d88afc0 + "unsafe" +) + -+var ( -+ OSSL_PKEY_PARAM_RSA_N = C.CString("n") -+ OSSL_PKEY_PARAM_RSA_E = C.CString("e") -+ OSSL_PKEY_PARAM_RSA_D = C.CString("d") -+ OSSL_PKEY_PARAM_RSA_FACTOR1 = C.CString("rsa-factor1") -+ OSSL_PKEY_PARAM_RSA_FACTOR2 = C.CString("rsa-factor2") -+ OSSL_PKEY_PARAM_RSA_EXPONENT1 = C.CString("rsa-exponent1") -+ OSSL_PKEY_PARAM_RSA_EXPONENT2 = C.CString("rsa-exponent2") -+ OSSL_PKEY_PARAM_RSA_COEFFICIENT1 = C.CString("rsa-coefficient1") -+) -+ +func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { + bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { + return nil, nil, nil, nil, nil, nil, nil, nil, e @@ -5808,14 +6283,14 @@ index 00000000000000..4e45b02d88afc0 + C.go_openssl_BN_clear(tmp) + return true + } -+ if !(setBigInt(&N, OSSL_PKEY_PARAM_RSA_N) && -+ setBigInt(&E, OSSL_PKEY_PARAM_RSA_E) && -+ setBigInt(&D, OSSL_PKEY_PARAM_RSA_D) && -+ setBigInt(&P, OSSL_PKEY_PARAM_RSA_FACTOR1) && -+ setBigInt(&Q, OSSL_PKEY_PARAM_RSA_FACTOR2) && -+ setBigInt(&Dp, OSSL_PKEY_PARAM_RSA_EXPONENT1) && -+ setBigInt(&Dq, OSSL_PKEY_PARAM_RSA_EXPONENT2) && -+ setBigInt(&Qinv, OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { ++ if !(setBigInt(&N, _OSSL_PKEY_PARAM_RSA_N) && ++ setBigInt(&E, _OSSL_PKEY_PARAM_RSA_E) && ++ setBigInt(&D, _OSSL_PKEY_PARAM_RSA_D) && ++ setBigInt(&P, _OSSL_PKEY_PARAM_RSA_FACTOR1) && ++ setBigInt(&Q, _OSSL_PKEY_PARAM_RSA_FACTOR2) && ++ setBigInt(&Dp, _OSSL_PKEY_PARAM_RSA_EXPONENT1) && ++ setBigInt(&Dq, _OSSL_PKEY_PARAM_RSA_EXPONENT2) && ++ setBigInt(&Qinv, _OSSL_PKEY_PARAM_RSA_COEFFICIENT1)) { + return bad(err) + } + default: @@ -6112,24 +6587,15 @@ index 00000000000000..4e45b02d88afc0 + return C.go_openssl_RSA_set0_crt_params(key, bigToBN(dmp1), bigToBN(dmq1), bigToBN(iqmp)) == 1 +} +func newRSAKey3(isPriv bool, n, e, d, p, q, dp, dq, qinv BigInt) (C.GO_EVP_PKEY_PTR, error) { -+ // Construct the parameters. -+ bld := C.go_openssl_OSSL_PARAM_BLD_new() -+ if bld == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_new") -+ } -+ defer C.go_openssl_OSSL_PARAM_BLD_free(bld) -+ -+ type bigIntParam struct { -+ name *C.char -+ num BigInt ++ bld, err := newParamBuilder() ++ if err != nil { ++ return nil, err + } ++ defer bld.finalize() + -+ comps := make([]bigIntParam, 0, 8) -+ -+ required := [...]bigIntParam{ -+ {OSSL_PKEY_PARAM_RSA_N, n}, {OSSL_PKEY_PARAM_RSA_E, e}, {OSSL_PKEY_PARAM_RSA_D, d}, -+ } -+ comps = append(comps, required[:]...) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_N, n, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_E, e, false) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_D, d, false) + + if p != nil && q != nil { + allPrecomputedExists := dp != nil && dq != nil && qinv != nil @@ -6140,34 +6606,19 @@ index 00000000000000..4e45b02d88afc0 + // In OpenSSL 3.0 and 3.1, we must also omit P and Q if any precomputed + // value is missing. See https://github.com/openssl/openssl/pull/22334 + if vMinor >= 2 || allPrecomputedExists { -+ comps = append(comps, bigIntParam{OSSL_PKEY_PARAM_RSA_FACTOR1, p}, bigIntParam{OSSL_PKEY_PARAM_RSA_FACTOR2, q}) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR1, p, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_FACTOR2, q, true) + } + if allPrecomputedExists { -+ comps = append(comps, -+ bigIntParam{OSSL_PKEY_PARAM_RSA_EXPONENT1, dp}, -+ bigIntParam{OSSL_PKEY_PARAM_RSA_EXPONENT2, dq}, -+ bigIntParam{OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv}, -+ ) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT1, dp, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_EXPONENT2, dq, true) ++ bld.addBigInt(_OSSL_PKEY_PARAM_RSA_COEFFICIENT1, qinv, true) + } + } + -+ for _, comp := range comps { -+ if comp.num == nil { -+ continue -+ } -+ b := bigToBN(comp.num) -+ if b == nil { -+ return nil, newOpenSSLError("BN_lebin2bn failed") -+ } -+ // b must remain valid until OSSL_PARAM_BLD_to_param has been called. -+ defer C.go_openssl_BN_clear_free(b) -+ if C.go_openssl_OSSL_PARAM_BLD_push_BN(bld, comp.name, b) != 1 { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_push_BN") -+ } -+ } -+ params := C.go_openssl_OSSL_PARAM_BLD_to_param(bld) -+ if params == nil { -+ return nil, newOpenSSLError("OSSL_PARAM_BLD_to_param") ++ params, err := bld.build() ++ if err != nil { ++ return nil, err + } + defer C.go_openssl_OSSL_PARAM_free(params) + selection := C.GO_EVP_PKEY_PUBLIC_KEY @@ -6178,10 +6629,10 @@ index 00000000000000..4e45b02d88afc0 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/shims.h new file mode 100644 -index 00000000000000..2370b6cc128f5e +index 00000000000000..156d8e8ada678c --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/shims.h -@@ -0,0 +1,392 @@ +@@ -0,0 +1,401 @@ +#include // size_t +#include // uint64_t + @@ -6290,6 +6741,8 @@ index 00000000000000..2370b6cc128f5e +typedef void* GO_CRYPTO_THREADID_PTR; +typedef void* GO_EVP_SIGNATURE_PTR; +typedef void* GO_DSA_PTR; ++typedef void* GO_EVP_KDF_PTR; ++typedef void* GO_EVP_KDF_CTX_PTR; + +// #include +typedef void* GO_MD5_CTX_PTR; @@ -6356,6 +6809,7 @@ index 00000000000000..2370b6cc128f5e +// #endif +#define FOR_ALL_OPENSSL_FUNCTIONS \ +DEFINEFUNC(void, ERR_error_string_n, (unsigned long e, char *buf, size_t len), (e, buf, len)) \ ++DEFINEFUNC(void, ERR_clear_error, (void), ()) \ +DEFINEFUNC_LEGACY_1(unsigned long, ERR_get_error_line, (const char **file, int *line), (file, line)) \ +DEFINEFUNC_3_0(unsigned long, ERR_get_error_all, (const char **file, int *line, const char **func, const char **data, int *flags), (file, line, func, data, flags)) \ +DEFINEFUNC_RENAMED_1_1(const char *, OpenSSL_version, SSLeay_version, (int type), (type)) \ @@ -6378,12 +6832,13 @@ index 00000000000000..2370b6cc128f5e +DEFINEFUNC_3_0(int, EVP_default_properties_is_fips_enabled, (GO_OSSL_LIB_CTX_PTR libctx), (libctx)) \ +DEFINEFUNC_3_0(int, EVP_default_properties_enable_fips, (GO_OSSL_LIB_CTX_PTR libctx, int enable), (libctx, enable)) \ +DEFINEFUNC_3_0(int, OSSL_PROVIDER_available, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \ -+DEFINEFUNC_3_0(GO_OSSL_PROVIDER_PTR, OSSL_PROVIDER_load, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \ ++DEFINEFUNC_3_0(GO_OSSL_PROVIDER_PTR, OSSL_PROVIDER_try_load, (GO_OSSL_LIB_CTX_PTR libctx, const char *name, int retain_fallbacks), (libctx, name, retain_fallbacks)) \ +DEFINEFUNC_3_0(const char *, OSSL_PROVIDER_get0_name, (const GO_OSSL_PROVIDER_PTR prov), (prov)) \ +DEFINEFUNC_3_0(GO_EVP_MD_PTR, EVP_MD_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ +DEFINEFUNC_3_0(void, EVP_MD_free, (GO_EVP_MD_PTR md), (md)) \ +DEFINEFUNC_3_0(const char *, EVP_MD_get0_name, (const GO_EVP_MD_PTR md), (md)) \ +DEFINEFUNC_3_0(const GO_OSSL_PROVIDER_PTR, EVP_MD_get0_provider, (const GO_EVP_MD_PTR md), (md)) \ ++DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_size, EVP_MD_size, (const GO_EVP_MD_PTR md), (md)) \ +DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_block_size, EVP_MD_block_size, (const GO_EVP_MD_PTR md), (md)) \ +DEFINEFUNC(int, RAND_bytes, (unsigned char *arg0, int arg1), (arg0, arg1)) \ +DEFINEFUNC_RENAMED_1_1(GO_EVP_MD_CTX_PTR, EVP_MD_CTX_new, EVP_MD_CTX_create, (void), ()) \ @@ -6550,6 +7005,7 @@ index 00000000000000..2370b6cc128f5e +DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_utf8_string, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, const char *buf, size_t bsize), (bld, key, buf, bsize)) \ +DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_octet_string, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, const void *buf, size_t bsize), (bld, key, buf, bsize)) \ +DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_BN, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, const GO_BIGNUM_PTR bn), (bld, key, bn)) \ ++DEFINEFUNC_3_0(int, OSSL_PARAM_BLD_push_int32, (GO_OSSL_PARAM_BLD_PTR bld, const char *key, int32_t num), (bld, key, num)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set_hkdf_mode, (GO_EVP_PKEY_CTX_PTR arg0, int arg1), (arg0, arg1)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set_hkdf_md, (GO_EVP_PKEY_CTX_PTR arg0, const GO_EVP_MD_PTR arg1), (arg0, arg1)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set1_hkdf_salt, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \ @@ -6559,9 +7015,6 @@ index 00000000000000..2370b6cc128f5e +DEFINEFUNC_LEGACY_1(int, EVP_PKEY_set1_EC_KEY, (GO_EVP_PKEY_PTR pkey, GO_EC_KEY_PTR key), (pkey, key)) \ +DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set0_rsa_oaep_label, (GO_EVP_PKEY_CTX_PTR ctx, void *label, int len), (ctx, label, len)) \ +DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, const GO_EVP_MD_PTR digest, int keylen, unsigned char *out), (pass, passlen, salt, saltlen, iter, digest, keylen, out)) \ -+DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set_tls1_prf_md, (GO_EVP_PKEY_CTX_PTR arg0, const GO_EVP_MD_PTR arg1), (arg0, arg1)) \ -+DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set1_tls1_prf_secret, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \ -+DEFINEFUNC_3_0(int, EVP_PKEY_CTX_add1_tls1_prf_seed, (GO_EVP_PKEY_CTX_PTR arg0, const unsigned char *arg1, int arg2), (arg0, arg1, arg2)) \ +DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_public_key, (const GO_EVP_PKEY_PTR pkey, unsigned char *pub, size_t *len), (pkey, pub, len)) \ +DEFINEFUNC_1_1_1(int, EVP_PKEY_get_raw_private_key, (const GO_EVP_PKEY_PTR pkey, unsigned char *priv, size_t *len), (pkey, priv, len)) \ +DEFINEFUNC_3_0(GO_EVP_SIGNATURE_PTR, EVP_SIGNATURE_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \ @@ -6573,6 +7026,13 @@ index 00000000000000..2370b6cc128f5e +DEFINEFUNC_LEGACY_1_1(int, DSA_set0_pqg, (GO_DSA_PTR d, GO_BIGNUM_PTR p, GO_BIGNUM_PTR q, GO_BIGNUM_PTR g), (d, p, q, g)) \ +DEFINEFUNC_LEGACY_1_1(void, DSA_get0_key, (const GO_DSA_PTR d, const GO_BIGNUM_PTR *pub_key, const GO_BIGNUM_PTR *priv_key), (d, pub_key, priv_key)) \ +DEFINEFUNC_LEGACY_1_1(int, DSA_set0_key, (GO_DSA_PTR d, GO_BIGNUM_PTR pub_key, GO_BIGNUM_PTR priv_key), (d, pub_key, priv_key)) \ ++DEFINEFUNC_3_0(GO_EVP_KDF_PTR, EVP_KDF_fetch, (GO_OSSL_LIB_CTX_PTR libctx, const char *algorithm, const char *properties), (libctx, algorithm, properties)) \ ++DEFINEFUNC_3_0(void, EVP_KDF_free, (GO_EVP_KDF_PTR kdf), (kdf)) \ ++DEFINEFUNC_3_0(GO_EVP_KDF_CTX_PTR, EVP_KDF_CTX_new, (GO_EVP_KDF_PTR kdf), (kdf)) \ ++DEFINEFUNC_3_0(int, EVP_KDF_CTX_set_params, (GO_EVP_KDF_CTX_PTR ctx, const GO_OSSL_PARAM_PTR params), (ctx, params)) \ ++DEFINEFUNC_3_0(void, EVP_KDF_CTX_free, (GO_EVP_KDF_CTX_PTR ctx), (ctx)) \ ++DEFINEFUNC_3_0(size_t, EVP_KDF_CTX_get_kdf_size, (GO_EVP_KDF_CTX_PTR ctx), (ctx)) \ ++DEFINEFUNC_3_0(int, EVP_KDF_derive, (GO_EVP_KDF_CTX_PTR ctx, unsigned char *key, size_t keylen, const GO_OSSL_PARAM_PTR params), (ctx, key, keylen, params)) \ + diff --git a/src/vendor/github.com/golang-fips/openssl/v2/thread_setup.go b/src/vendor/github.com/golang-fips/openssl/v2/thread_setup.go new file mode 100644 @@ -6746,10 +7206,10 @@ index 00000000000000..93281d6cffc352 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go new file mode 100644 -index 00000000000000..5de62f95a7a4ec +index 00000000000000..f342f221ea0c92 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go -@@ -0,0 +1,104 @@ +@@ -0,0 +1,160 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -6760,20 +7220,28 @@ index 00000000000000..5de62f95a7a4ec + "crypto" + "errors" + "hash" ++ "sync" + "unsafe" +) + +func SupportsTLS1PRF() bool { -+ return vMajor > 1 || -+ (vMajor >= 1 && vMinor >= 1) ++ switch vMajor { ++ case 1: ++ return vMinor >= 1 ++ case 3: ++ _, err := fetchTLS1PRF3() ++ return err == nil ++ default: ++ panic(errUnsupportedVersion()) ++ } +} + +// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil, +// else it implements the TLS 1.2 pseudo-random function. +// The pseudo-random number will be written to result and will be of length len(result). -+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++func TLS1PRF(result, secret, label, seed []byte, fh func() hash.Hash) error { + var md C.GO_EVP_MD_PTR -+ if h == nil { ++ if fh == nil { + // TLS 1.0/1.1 PRF doesn't allow to specify the hash function, + // it always uses MD5SHA1. If h is nil, then assume + // that the caller wants to use TLS 1.0/1.1 PRF. @@ -6781,12 +7249,30 @@ index 00000000000000..5de62f95a7a4ec + // function is MD5SHA1. + md = cryptoHashToMD(crypto.MD5SHA1) + } else { -+ md = hashToMD(h()) ++ h, err := hashFuncHash(fh) ++ if err != nil { ++ return err ++ } ++ md = hashToMD(h) + } + if md == nil { + return errors.New("unsupported hash function") + } + ++ switch vMajor { ++ case 1: ++ return tls1PRF1(result, secret, label, seed, md) ++ case 3: ++ return tls1PRF3(result, secret, label, seed, md) ++ default: ++ return errUnsupportedVersion() ++ } ++} ++ ++// tls1PRF1 implements TLS1PRF for OpenSSL 1 using the EVP_PKEY API. ++func tls1PRF1(result, secret, label, seed []byte, md C.GO_EVP_MD_PTR) error { ++ checkMajorVersion(1) ++ + ctx := C.go_openssl_EVP_PKEY_CTX_new_id(C.GO_EVP_PKEY_TLS1_PRF, nil) + if ctx == nil { + return newOpenSSLError("EVP_PKEY_CTX_new_id") @@ -6798,48 +7284,29 @@ index 00000000000000..5de62f95a7a4ec + if C.go_openssl_EVP_PKEY_derive_init(ctx) != 1 { + return newOpenSSLError("EVP_PKEY_derive_init") + } -+ switch vMajor { -+ case 3: -+ if C.go_openssl_EVP_PKEY_CTX_set_tls1_prf_md(ctx, md) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_set_tls1_prf_md") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_set1_tls1_prf_secret(ctx, -+ base(secret), C.int(len(secret))) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_set1_tls1_prf_secret") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_add1_tls1_prf_seed(ctx, -+ base(label), C.int(len(label))) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_add1_tls1_prf_seed(ctx, -+ base(seed), C.int(len(seed))) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") -+ } -+ case 1: -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -+ C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_TLS_MD, -+ 0, unsafe.Pointer(md)) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_set_tls1_prf_md") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -+ C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_TLS_SECRET, -+ C.int(len(secret)), unsafe.Pointer(base(secret))) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_set1_tls1_prf_secret") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -+ C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_TLS_SEED, -+ C.int(len(label)), unsafe.Pointer(base(label))) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") -+ } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -+ C.GO1_EVP_PKEY_OP_DERIVE, -+ C.GO_EVP_PKEY_CTRL_TLS_SEED, -+ C.int(len(seed)), unsafe.Pointer(base(seed))) != 1 { -+ return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") -+ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, ++ C.GO1_EVP_PKEY_OP_DERIVE, ++ C.GO_EVP_PKEY_CTRL_TLS_MD, ++ 0, unsafe.Pointer(md)) != 1 { ++ return newOpenSSLError("EVP_PKEY_CTX_set_tls1_prf_md") ++ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, ++ C.GO1_EVP_PKEY_OP_DERIVE, ++ C.GO_EVP_PKEY_CTRL_TLS_SECRET, ++ C.int(len(secret)), unsafe.Pointer(base(secret))) != 1 { ++ return newOpenSSLError("EVP_PKEY_CTX_set1_tls1_prf_secret") ++ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, ++ C.GO1_EVP_PKEY_OP_DERIVE, ++ C.GO_EVP_PKEY_CTRL_TLS_SEED, ++ C.int(len(label)), unsafe.Pointer(base(label))) != 1 { ++ return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") ++ } ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, ++ C.GO1_EVP_PKEY_OP_DERIVE, ++ C.GO_EVP_PKEY_CTRL_TLS_SEED, ++ C.int(len(seed)), unsafe.Pointer(base(seed))) != 1 { ++ return newOpenSSLError("EVP_PKEY_CTX_add1_tls1_prf_seed") + } + outLen := C.size_t(len(result)) + if C.go_openssl_EVP_PKEY_derive_wrapper(ctx, base(result), outLen).result != 1 { @@ -6854,6 +7321,147 @@ index 00000000000000..5de62f95a7a4ec + } + return nil +} ++ ++// fetchTLS1PRF3 fetches the TLS1-PRF KDF algorithm. ++// It is safe to call this function concurrently. ++// The returned EVP_KDF_PTR shouldn't be freed. ++var fetchTLS1PRF3 = sync.OnceValues(func() (C.GO_EVP_KDF_PTR, error) { ++ checkMajorVersion(3) ++ ++ name := C.CString("TLS1-PRF") ++ kdf := C.go_openssl_EVP_KDF_fetch(nil, name, nil) ++ C.free(unsafe.Pointer(name)) ++ if kdf == nil { ++ return nil, newOpenSSLError("EVP_KDF_fetch") ++ } ++ return kdf, nil ++}) ++ ++// tls1PRF3 implements TLS1PRF for OpenSSL 3 using the EVP_KDF API. ++func tls1PRF3(result, secret, label, seed []byte, md C.GO_EVP_MD_PTR) error { ++ checkMajorVersion(3) ++ ++ kdf, err := fetchTLS1PRF3() ++ if err != nil { ++ return err ++ } ++ ctx := C.go_openssl_EVP_KDF_CTX_new(kdf) ++ if ctx == nil { ++ return newOpenSSLError("EVP_KDF_CTX_new") ++ } ++ defer C.go_openssl_EVP_KDF_CTX_free(ctx) ++ ++ bld, err := newParamBuilder() ++ if err != nil { ++ return err ++ } ++ bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, C.go_openssl_EVP_MD_get0_name(md), 0) ++ bld.addOctetString(_OSSL_KDF_PARAM_SECRET, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SEED, label) ++ bld.addOctetString(_OSSL_KDF_PARAM_SEED, seed) ++ params, err := bld.build() ++ if err != nil { ++ return err ++ } ++ defer C.go_openssl_OSSL_PARAM_free(params) ++ ++ if C.go_openssl_EVP_KDF_derive(ctx, base(result), C.size_t(len(result)), params) != 1 { ++ return newOpenSSLError("EVP_KDF_derive") ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/golang-fips/openssl/v2/zaes.go b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go +new file mode 100644 +index 00000000000000..4d945290e3bdff +--- /dev/null ++++ b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go +@@ -0,0 +1,86 @@ ++// Code generated by cmd/genaesmodes. DO NOT EDIT. ++ ++//go:build !cmd_go_bootstrap ++ ++package openssl ++ ++import "crypto/cipher" ++ ++type cipherWithCBC struct { ++ aesCipher ++} ++ ++type cipherWithCTR struct { ++ aesCipher ++} ++ ++type cipherWithCBC_CTR struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithCTR ++} ++ ++type cipherWithGCM struct { ++ aesCipher ++} ++ ++type cipherWithCBC_GCM struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithGCM ++} ++ ++type cipherWithCTR_GCM struct { ++ aesCipher ++ cipherWithCTR ++ cipherWithGCM ++} ++ ++type cipherWithCBC_CTR_GCM struct { ++ aesCipher ++ cipherWithCBC ++ cipherWithCTR ++ cipherWithGCM ++} ++ ++func newAESBlock(c *evpCipher, kind cipherKind) cipher.Block { ++ aes := aesCipher{c} ++ var block cipher.Block ++ supportsCBC := loadCipher(kind, cipherModeCBC) != nil ++ supportsCTR := loadCipher(kind, cipherModeCTR) != nil ++ supportsGCM := loadCipher(kind, cipherModeGCM) != nil ++ switch { ++ case !supportsCBC && !supportsCTR && !supportsGCM: ++ block = aes ++ case supportsCBC && !supportsCTR && !supportsGCM: ++ block = cipherWithCBC{aes} ++ case !supportsCBC && supportsCTR && !supportsGCM: ++ block = cipherWithCTR{aes} ++ case supportsCBC && supportsCTR && !supportsGCM: ++ block = cipherWithCBC_CTR{aes, ++ cipherWithCBC{aes}, ++ cipherWithCTR{aes}, ++ } ++ case !supportsCBC && !supportsCTR && supportsGCM: ++ block = cipherWithGCM{aes} ++ case supportsCBC && !supportsCTR && supportsGCM: ++ block = cipherWithCBC_GCM{aes, ++ cipherWithCBC{aes}, ++ cipherWithGCM{aes}, ++ } ++ case !supportsCBC && supportsCTR && supportsGCM: ++ block = cipherWithCTR_GCM{aes, ++ cipherWithCTR{aes}, ++ cipherWithGCM{aes}, ++ } ++ case supportsCBC && supportsCTR && supportsGCM: ++ block = cipherWithCBC_CTR_GCM{aes, ++ cipherWithCBC{aes}, ++ cipherWithCTR{aes}, ++ cipherWithGCM{aes}, ++ } ++ default: ++ panic("unreachable") ++ } ++ return block ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE b/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE new file mode 100644 index 00000000000000..9e841e7a26e4eb @@ -10853,11 +11461,11 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index cf5c0b83c9eeef..499d0cde63f7c9 100644 +index cf5c0b83c9eeef..9f0d68a33cfaf1 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20240917142644-14fd57070072 ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig From 0068ec339c9671f3c44bc047c5800302c24cd450 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 30 Oct 2024 17:29:08 +0100 Subject: [PATCH 079/887] REMOVE: set -e --- eng/_util/cmd/run-builder/run-builder.go | 1 + 1 file changed, 1 insertion(+) diff --git a/eng/_util/cmd/run-builder/run-builder.go b/eng/_util/cmd/run-builder/run-builder.go index a256693ae5d..a28cab4c5d9 100644 --- a/eng/_util/cmd/run-builder/run-builder.go +++ b/eng/_util/cmd/run-builder/run-builder.go @@ -94,6 +94,7 @@ func main() { case "staticlockranking": buildutil.AppendExperimentEnv("staticlockranking") } + env("GO_GCFLAGS", "-e") // Some Windows builders are slower than others and require more time for the runtime dist tests // in "GOMAXPROCS=2 runtime -cpu=1,2,4 -quick" mode. https://github.com/microsoft/go/issues/700 From a342edc4ed7e303a99b5903f2c9c8be2ca0121a4 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 09:12:44 +0100 Subject: [PATCH 080/887] upgrade openssl to c51a090851d3 --- patches/0004-Add-OpenSSL-crypto-backend.patch | 6 +++--- patches/0005-Add-CNG-crypto-backend.patch | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 44dfb26b4c2..1f3d5cd6328 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -721,7 +721,7 @@ index df27f25e789f05..3e9514234e7125 100644 go 1.24 require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) @@ -730,8 +730,8 @@ index b4efd6d3c50c11..d159c7d47bac3b 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 h1:Ne+sjU9k7dbdQg1Ix5c2JxT4mshYceU4VWOmClV79Pg= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 6d96c714532..0a42f43dfcd 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -911,7 +911,7 @@ index 3e9514234e7125..611e053ec8c2a0 100644 @@ -4,6 +4,7 @@ go 1.24 require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 + github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd @@ -921,8 +921,8 @@ index d159c7d47bac3b..e2ae52f398320a 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 h1:Ne+sjU9k7dbdQg1Ix5c2JxT4mshYceU4VWOmClV79Pg= - github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= +github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= From 218e03d12a75aff9b72e80230900f0c7a1908fa2 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 09:38:35 +0100 Subject: [PATCH 081/887] update vendor folder --- patches/0006-Vendor-crypto-backends.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index dd456435cad..836f665e30a 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -7372,13 +7372,13 @@ index 00000000000000..f342f221ea0c92 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/zaes.go b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go new file mode 100644 -index 00000000000000..4d945290e3bdff +index 00000000000000..e60a5dde390be6 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/zaes.go @@ -0,0 +1,86 @@ +// Code generated by cmd/genaesmodes. DO NOT EDIT. + -+//go:build !cmd_go_bootstrap ++//go:build cgo && !cmd_go_bootstrap + +package openssl + @@ -11461,11 +11461,11 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index cf5c0b83c9eeef..9f0d68a33cfaf1 100644 +index cf5c0b83c9eeef..be1319fc942882 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20241030093648-1a537f4bd487 ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig From f0584d418308f063f195e87d56421d5e32170b39 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 10:12:28 +0100 Subject: [PATCH 082/887] remove -e flag --- eng/_util/cmd/run-builder/run-builder.go | 1 - 1 file changed, 1 deletion(-) diff --git a/eng/_util/cmd/run-builder/run-builder.go b/eng/_util/cmd/run-builder/run-builder.go index a28cab4c5d9..a256693ae5d 100644 --- a/eng/_util/cmd/run-builder/run-builder.go +++ b/eng/_util/cmd/run-builder/run-builder.go @@ -94,7 +94,6 @@ func main() { case "staticlockranking": buildutil.AppendExperimentEnv("staticlockranking") } - env("GO_GCFLAGS", "-e") // Some Windows builders are slower than others and require more time for the runtime dist tests // in "GOMAXPROCS=2 runtime -cpu=1,2,4 -quick" mode. https://github.com/microsoft/go/issues/700 From 812f1136d80e58abe30c76fa7c5dab586eab125a Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 11:31:01 +0100 Subject: [PATCH 083/887] skip SHA test that require marshaling --- .../0002-Add-crypto-backend-foundation.patch | 146 ++++++++++++++-- patches/0005-Add-CNG-crypto-backend.patch | 158 +----------------- 2 files changed, 139 insertions(+), 165 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 4659b3e82f2..0213685ee7b 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -27,7 +27,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/internal/backend/norequirefips.go | 9 + src/crypto/internal/backend/stub.s | 10 + src/crypto/md5/md5.go | 7 + - src/crypto/md5/md5_test.go | 4 + + src/crypto/md5/md5_test.go | 14 ++ src/crypto/purego_test.go | 2 +- src/crypto/rand/rand.go | 2 +- src/crypto/rand/rand_test.go | 2 +- @@ -40,11 +40,11 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/rsa.go | 21 +- src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- - src/crypto/sha1/sha1_test.go | 2 +- + src/crypto/sha1/sha1_test.go | 12 +- src/crypto/sha256/sha256.go | 6 +- - src/crypto/sha256/sha256_test.go | 2 +- + src/crypto/sha256/sha256_test.go | 20 +- src/crypto/sha512/sha512.go | 2 +- - src/crypto/sha512/sha512_test.go | 2 +- + src/crypto/sha512/sha512_test.go | 20 +- src/crypto/tls/boring_test.go | 5 + src/crypto/tls/cipher_suites.go | 2 +- src/crypto/tls/handshake_client.go | 25 ++- @@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 52 files changed, 802 insertions(+), 106 deletions(-) + 52 files changed, 858 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -912,7 +912,7 @@ index c984c3f4968598..229dd457f8d53c 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 6a8258a67e860c..3a973eebd284a4 100644 +index 6a8258a67e860c..63dfe196da7a58 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -6,6 +6,7 @@ package md5 @@ -923,7 +923,19 @@ index 6a8258a67e860c..3a973eebd284a4 100644 "crypto/internal/cryptotest" "crypto/rand" "encoding" -@@ -157,6 +158,9 @@ func TestLarge(t *testing.T) { +@@ -88,6 +89,11 @@ func TestGolden(t *testing.T) { + } + + func TestGoldenMarshal(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for _, g := range golden { + h := New() + h2 := New() +@@ -157,6 +163,9 @@ func TestLarge(t *testing.T) { // Tests that blockGeneric (pure Go) and block (in assembly for amd64, 386, arm) match. func TestBlockGeneric(t *testing.T) { @@ -933,6 +945,18 @@ index 6a8258a67e860c..3a973eebd284a4 100644 gen, asm := New().(*digest), New().(*digest) buf := make([]byte, BlockSize*20) // arbitrary factor rand.Read(buf) +@@ -204,6 +213,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() diff --git a/src/crypto/purego_test.go b/src/crypto/purego_test.go index 62be347e0c6822..d284b5cf7814a6 100644 --- a/src/crypto/purego_test.go @@ -1255,7 +1279,7 @@ index 8189d1946d8ea5..8f5f7f27f26fea 100644 "hash" "internal/byteorder" diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index d03892c57d4e61..d44f70b92661b4 100644 +index d03892c57d4e61..f848659c6e4aa3 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go @@ -8,7 +8,7 @@ package sha1 @@ -1267,6 +1291,30 @@ index d03892c57d4e61..d44f70b92661b4 100644 "crypto/internal/cryptotest" "crypto/rand" "encoding" +@@ -97,6 +97,11 @@ func TestGolden(t *testing.T) { + } + + func TestGoldenMarshal(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + h := New() + h2 := New() + for _, g := range golden { +@@ -210,6 +215,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go index d87c689c9001ad..7584c380af0cec 100644 --- a/src/crypto/sha256/sha256.go @@ -1299,7 +1347,7 @@ index d87c689c9001ad..7584c380af0cec 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index ffd16386515830..d2fa4369d068bf 100644 +index ffd16386515830..09f7046548bf8f 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1311,6 +1359,45 @@ index ffd16386515830..d2fa4369d068bf 100644 "crypto/internal/cryptotest" "encoding" "fmt" +@@ -157,6 +157,11 @@ func testGoldenMarshal(t *testing.T) { + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for _, g := range tt.gold { + h := tt.newHash() + h2 := tt.newHash() +@@ -206,6 +211,14 @@ func TestMarshalTypeMismatch(t *testing.T) { + h1 := New() + h2 := New224() + ++ if boring.Enabled { ++ _, ok1 := h1.(encoding.BinaryMarshaler) ++ _, ok2 := h2.(encoding.BinaryUnmarshaler) ++ if !ok1 || !ok2 { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } ++ + state1, err := h1.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { + t.Errorf("could not marshal: %v", err) +@@ -277,6 +290,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + return h.Sum(nil), nil + } + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go index 0a12fde7bc060b..ca752598e4343a 100644 --- a/src/crypto/sha512/sha512.go @@ -1325,7 +1412,7 @@ index 0a12fde7bc060b..ca752598e4343a 100644 "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index fdad37b1863ae8..736504b8fc85a5 100644 +index fdad37b1863ae8..78fa1f60a542b5 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 @@ -1337,6 +1424,45 @@ index fdad37b1863ae8..736504b8fc85a5 100644 "crypto/internal/cryptotest" "encoding" "encoding/hex" +@@ -746,6 +746,11 @@ func testGoldenMarshal(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + for _, test := range tt.golden { ++ if boring.Enabled { ++ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + h := tt.newHash() + h2 := tt.newHash() + +@@ -807,6 +812,14 @@ func TestMarshalMismatch(t *testing.T) { + h1 := fn1() + h2 := fn2() + ++ if boring.Enabled { ++ _, ok1 := h1.(encoding.BinaryMarshaler) ++ _, ok2 := h2.(encoding.BinaryUnmarshaler) ++ if !ok1 || !ok2 { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } ++ + state, err := h1.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { + t.Errorf("i=%d: could not marshal: %v", i, err) +@@ -882,6 +895,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go index 56050421985927..dcbd33167e4499 100644 --- a/src/crypto/tls/boring_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 0a42f43dfcd..54a29efb913 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -17,16 +17,12 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- - src/crypto/md5/md5_test.go | 7 + src/crypto/rsa/boring.go | 2 +- src/crypto/rsa/boring_test.go | 2 +- src/crypto/rsa/notboring.go | 2 +- src/crypto/rsa/pss.go | 2 +- src/crypto/rsa/pss_test.go | 2 +- src/crypto/rsa/rsa_test.go | 8 +- - src/crypto/sha1/sha1_test.go | 7 + - src/crypto/sha256/sha256_test.go | 10 + - src/crypto/sha512/sha512_test.go | 10 + src/crypto/tls/boring.go | 2 +- src/crypto/tls/boring_test.go | 2 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- @@ -45,7 +41,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 41 files changed, 428 insertions(+), 26 deletions(-) + 37 files changed, 394 insertions(+), 26 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -526,38 +522,6 @@ index f5b4827c688f3b..12df96069f6b83 100644 // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent -diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 3a973eebd284a4..5e24e07e2787e2 100644 ---- a/src/crypto/md5/md5_test.go -+++ b/src/crypto/md5/md5_test.go -@@ -12,6 +12,7 @@ import ( - "encoding" - "fmt" - "hash" -+ "internal/goexperiment" - "io" - "testing" - "unsafe" -@@ -89,6 +90,9 @@ func TestGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - for _, g := range golden { - h := New() - h2 := New() -@@ -208,6 +212,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - for i, test := range largeUnmarshalTests { - - h := New() diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go index 220f8c05c3d94b..dd20b4af2e0472 100644 --- a/src/crypto/rsa/boring.go @@ -656,122 +620,6 @@ index dbcc1bec58bd46..b1e9d8e94c2c9e 100644 msg := []byte("test") enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) if err == ErrMessageTooLong { -diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index d44f70b92661b4..76726556f80fbd 100644 ---- a/src/crypto/sha1/sha1_test.go -+++ b/src/crypto/sha1/sha1_test.go -@@ -14,6 +14,7 @@ import ( - "encoding" - "fmt" - "hash" -+ "internal/goexperiment" - "io" - "testing" - ) -@@ -97,6 +98,9 @@ func TestGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - h := New() - h2 := New() - for _, g := range golden { -@@ -210,6 +214,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - for i, test := range largeUnmarshalTests { - - h := New() -diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index d2fa4369d068bf..027b705e96113f 100644 ---- a/src/crypto/sha256/sha256_test.go -+++ b/src/crypto/sha256/sha256_test.go -@@ -13,6 +13,7 @@ import ( - "encoding" - "fmt" - "hash" -+ "internal/goexperiment" - "internal/testenv" - "io" - "testing" -@@ -142,6 +143,9 @@ func testGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal) - } - -@@ -203,6 +207,9 @@ func testGoldenMarshal(t *testing.T) { - } - - func TestMarshalTypeMismatch(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - h1 := New() - h2 := New224() - -@@ -277,6 +284,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - return h.Sum(nil), nil - } - func TestLargeHashes(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - for i, test := range largeUnmarshalTests { - - h := New() -diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index 736504b8fc85a5..582ed2ae870e23 100644 ---- a/src/crypto/sha512/sha512_test.go -+++ b/src/crypto/sha512/sha512_test.go -@@ -14,6 +14,7 @@ import ( - "encoding/hex" - "fmt" - "hash" -+ "internal/goexperiment" - "internal/testenv" - "io" - "testing" -@@ -726,6 +727,9 @@ func testGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) { - testGoldenMarshal(t) - }) -@@ -791,6 +795,9 @@ func testGoldenMarshal(t *testing.T) { - } - - func TestMarshalMismatch(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshaling") -+ } - h := []func() hash.Hash{ - New, - New384, -@@ -882,6 +889,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not support hash marshalling") -+ } - for i, test := range largeUnmarshalTests { - - h := New() diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go index 698efc6751e12c..575d51b02298c8 100644 --- a/src/crypto/tls/boring.go @@ -905,7 +753,7 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 3e9514234e7125..611e053ec8c2a0 100644 +index 12d8c8f4f97321..39d84e4165d654 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 @@ -917,7 +765,7 @@ index 3e9514234e7125..611e053ec8c2a0 100644 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index d159c7d47bac3b..e2ae52f398320a 100644 +index 4c3ca847c21cd2..116a769b257e34 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ From 657ae358190fe3908b17a93b25987cfdf4798215 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 11:37:17 +0100 Subject: [PATCH 084/887] fix skip text --- patches/0002-Add-crypto-backend-foundation.patch | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 0213685ee7b..e02dd1457db 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -951,7 +951,7 @@ index 6a8258a67e860c..63dfe196da7a58 100644 func TestLargeHashes(t *testing.T) { + if boring.Enabled { + if _, ok := New().(encoding.BinaryUnmarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") ++ t.Skip("BinaryUnmarshaler not implemented") + } + } for i, test := range largeUnmarshalTests { @@ -1392,7 +1392,7 @@ index ffd16386515830..09f7046548bf8f 100644 func TestLargeHashes(t *testing.T) { + if boring.Enabled { + if _, ok := New().(encoding.BinaryUnmarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") ++ t.Skip("BinaryUnmarshaler not implemented") + } + } for i, test := range largeUnmarshalTests { @@ -1457,7 +1457,7 @@ index fdad37b1863ae8..78fa1f60a542b5 100644 func TestLargeHashes(t *testing.T) { + if boring.Enabled { + if _, ok := New().(encoding.BinaryUnmarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") ++ t.Skip("BinaryUnmarshaler not implemented") + } + } for i, test := range largeUnmarshalTests { From eea7ffdb150e19d17f225af5b333c7f73bc848c1 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 11:50:53 +0100 Subject: [PATCH 085/887] fix testKeyBasics and testEverything --- .../0002-Add-crypto-backend-foundation.patch | 36 +++++++++++++++---- patches/0005-Add-CNG-crypto-backend.patch | 36 +------------------ 2 files changed, 31 insertions(+), 41 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index e02dd1457db..0cb4e304092 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -38,7 +38,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/pkcs1v15_test.go | 5 + src/crypto/rsa/pss.go | 8 +- src/crypto/rsa/rsa.go | 21 +- - src/crypto/rsa/rsa_test.go | 2 +- + src/crypto/rsa/rsa_test.go | 12 +- src/crypto/sha1/sha1.go | 2 +- src/crypto/sha1/sha1_test.go | 12 +- src/crypto/sha256/sha256.go | 6 +- @@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 52 files changed, 858 insertions(+), 106 deletions(-) + 52 files changed, 868 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -912,7 +912,7 @@ index c984c3f4968598..229dd457f8d53c 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 6a8258a67e860c..63dfe196da7a58 100644 +index 6a8258a67e860c..61ea6b5153f617 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -6,6 +6,7 @@ package md5 @@ -1253,7 +1253,7 @@ index 4d78d1eaaa6be0..a016c4f8362cf5 100644 if err != nil { return nil, err diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 2afa045a3a0bd2..86466e67e87eeb 100644 +index 2afa045a3a0bd2..c6294694521c69 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -8,7 +8,7 @@ import ( @@ -1265,6 +1265,30 @@ index 2afa045a3a0bd2..86466e67e87eeb 100644 "crypto/rand" . "crypto/rsa" "crypto/sha1" +@@ -113,6 +113,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { + if priv.D.Cmp(priv.N) > 0 { + t.Errorf("private exponent too large") + } ++ if boring.Enabled && priv.N.BitLen() < 512 { ++ // Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes ++ // lower than 512 and intentionally fail rather than fall back to Go crypto. ++ t.Skip("skipping allocations test with BoringCrypto") ++ } + + msg := []byte("hi!") + enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) +@@ -187,6 +192,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { + if err := priv.Validate(); err != nil { + t.Errorf("Validate() failed: %s", err) + } ++ if boring.Enabled && priv.N.BitLen() < 512 { ++ // Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes ++ // lower than 512 and intentionally fail rather than fall back to Go crypto. ++ t.Skip("skipping allocations test with BoringCrypto") ++ } + + msg := []byte("test") + enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go index 8189d1946d8ea5..8f5f7f27f26fea 100644 --- a/src/crypto/sha1/sha1.go @@ -1347,7 +1371,7 @@ index d87c689c9001ad..7584c380af0cec 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index ffd16386515830..09f7046548bf8f 100644 +index ffd16386515830..58632c01dc6a7f 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1412,7 +1436,7 @@ index 0a12fde7bc060b..ca752598e4343a 100644 "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index fdad37b1863ae8..78fa1f60a542b5 100644 +index fdad37b1863ae8..cf6e4c395cd4fb 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 54a29efb913..86418a34e22 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -22,7 +22,6 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/rsa/notboring.go | 2 +- src/crypto/rsa/pss.go | 2 +- src/crypto/rsa/pss_test.go | 2 +- - src/crypto/rsa/rsa_test.go | 8 +- src/crypto/tls/boring.go | 2 +- src/crypto/tls/boring_test.go | 2 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- @@ -41,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 37 files changed, 394 insertions(+), 26 deletions(-) + 36 files changed, 387 insertions(+), 25 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -587,39 +586,6 @@ index 637d07e18cff2e..21435b86b52dad 100644 if err != nil { t.Fatal(err) } -diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index dbcc1bec58bd46..b1e9d8e94c2c9e 100644 ---- a/src/crypto/rsa/rsa_test.go -+++ b/src/crypto/rsa/rsa_test.go -@@ -17,6 +17,7 @@ import ( - "encoding/pem" - "flag" - "fmt" -+ "internal/goexperiment" - "internal/testenv" - "math/big" - "strings" -@@ -113,6 +114,9 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { - if priv.D.Cmp(priv.N) > 0 { - t.Errorf("private exponent too large") - } -+ if goexperiment.CNGCrypto && priv.N.BitLen() < 512 { -+ t.Skip("CNGCrypto does not support key sizes lower than 512 and intentionally fails rather than fall back to Go crypto") -+ } - - msg := []byte("hi!") - enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) -@@ -187,7 +191,9 @@ func testEverything(t *testing.T, priv *PrivateKey) { - if err := priv.Validate(); err != nil { - t.Errorf("Validate() failed: %s", err) - } -- -+ if goexperiment.CNGCrypto && priv.N.BitLen() < 512 { -+ t.Skip("CNGCrypto does not support key sizes lower than 512 and intentionally fails rather than fall back to Go crypto") -+ } - msg := []byte("test") - enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) - if err == ErrMessageTooLong { diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go index 698efc6751e12c..575d51b02298c8 100644 --- a/src/crypto/tls/boring.go From 1bdd67d757188f2e7012e374476bee8edd507ba8 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 12:08:32 +0100 Subject: [PATCH 086/887] support SymCrypt in TLS 1.3 handshakes --- .../0002-Add-crypto-backend-foundation.patch | 31 ++++++++++++++++++- patches/0005-Add-CNG-crypto-backend.patch | 31 +------------------ 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 0cb4e304092..ecd2899e9ea 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -49,6 +49,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/cipher_suites.go | 2 +- src/crypto/tls/handshake_client.go | 25 ++- src/crypto/tls/handshake_server.go | 25 ++- + src/crypto/tls/handshake_server_tls13.go | 10 + src/crypto/tls/key_schedule.go | 18 +- src/crypto/tls/prf.go | 77 +++++--- src/crypto/tls/prf_test.go | 12 +- @@ -56,7 +57,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 52 files changed, 868 insertions(+), 106 deletions(-) + 53 files changed, 878 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -1640,6 +1641,34 @@ index bc4e51ba364cf1..8b4fc36e49fdf8 100644 if _, err := hs.c.writeHandshakeRecord(finished, &hs.finishedHash); err != nil { return err } +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index b8cf4c3fa50b24..bc5d32a29c50c4 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -9,6 +9,7 @@ import ( + "context" + "crypto" + "crypto/hmac" ++ boring "crypto/internal/backend" + "crypto/internal/mlkem768" + "crypto/rsa" + "errors" +@@ -441,6 +442,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { + } + marshaler, ok := in.(binaryMarshaler) + if !ok { ++ if boring.Enabled { ++ // CNG and OpenSSL with SymCrypt hash functions do not implement the ++ // encoding.BinaryMarshaler interface, but they do implement the Clone method. ++ if cloner, ok := in.(interface{ Clone() (hash.Hash, error) }); ok { ++ if out, err := cloner.Clone(); err == nil { ++ return out ++ } ++ } ++ } + return nil + } + state, err := marshaler.MarshalBinary() diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go index 1636baf79e7288..c9a5877d3d504f 100644 --- a/src/crypto/tls/key_schedule.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 86418a34e22..094ba62acd5 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -26,7 +26,6 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/tls/boring_test.go | 2 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- - src/crypto/tls/handshake_server_tls13.go | 10 + src/crypto/tls/notboring.go | 2 +- src/crypto/x509/boring.go | 2 +- src/crypto/x509/boring_test.go | 2 +- @@ -40,7 +39,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 387 insertions(+), 25 deletions(-) + 35 files changed, 377 insertions(+), 25 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -638,34 +637,6 @@ index 9c1d3d279c472f..0ca7a863b73690 100644 package fipsonly -diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index b8cf4c3fa50b24..dd2c36ab1bef0b 100644 ---- a/src/crypto/tls/handshake_server_tls13.go -+++ b/src/crypto/tls/handshake_server_tls13.go -@@ -14,6 +14,7 @@ import ( - "errors" - "hash" - "internal/byteorder" -+ "internal/goexperiment" - "io" - "slices" - "time" -@@ -441,6 +442,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { - } - marshaler, ok := in.(binaryMarshaler) - if !ok { -+ if goexperiment.CNGCrypto { -+ // CNGCrypto hashes do not implement the binaryMarshaler interface, -+ // but do implement the Clone method. -+ if cloner, ok := in.(interface{ Clone() (hash.Hash, error) }); ok { -+ if out, err := cloner.Clone(); err == nil { -+ return out -+ } -+ } -+ } - return nil - } - state, err := marshaler.MarshalBinary() diff --git a/src/crypto/tls/notboring.go b/src/crypto/tls/notboring.go index 36b4ceab0046c6..c87df4ad695f1b 100644 --- a/src/crypto/tls/notboring.go From 57e1ab63454977e08adccc106756cfa691d9d839 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 31 Oct 2024 14:48:53 +0100 Subject: [PATCH 087/887] fix TestMarshalHash --- .../0002-Add-crypto-backend-foundation.patch | 23 ++++++++++++++--- patches/0005-Add-CNG-crypto-backend.patch | 25 +------------------ 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index e02dd1457db..6ba293fd76e 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -54,9 +54,10 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/prf_test.go | 12 +- src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + + src/hash/marshal_test.go | 3 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 52 files changed, 858 insertions(+), 106 deletions(-) + 53 files changed, 861 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -912,7 +913,7 @@ index c984c3f4968598..229dd457f8d53c 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 6a8258a67e860c..63dfe196da7a58 100644 +index 6a8258a67e860c..61ea6b5153f617 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -6,6 +6,7 @@ package md5 @@ -1347,7 +1348,7 @@ index d87c689c9001ad..7584c380af0cec 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index ffd16386515830..09f7046548bf8f 100644 +index ffd16386515830..58632c01dc6a7f 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1412,7 +1413,7 @@ index 0a12fde7bc060b..ca752598e4343a 100644 "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index fdad37b1863ae8..78fa1f60a542b5 100644 +index fdad37b1863ae8..cf6e4c395cd4fb 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 @@ -1908,6 +1909,20 @@ index c6a2518f62ff3a..578b4d6f68504c 100644 < crypto/rand < crypto/internal/mlkem768 < crypto/ed25519 +diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go +index 3091f7a67acede..b066f8281c5265 100644 +--- a/src/hash/marshal_test.go ++++ b/src/hash/marshal_test.go +@@ -65,6 +65,9 @@ func TestMarshalHash(t *testing.T) { + } + + h := tt.new() ++ if _, ok := h.(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } + h.Write(buf[:256]) + sum := h.Sum(nil) + diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go index 389eda9ad54b99..110d60beb0e70c 100644 --- a/src/net/smtp/smtp_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 54a29efb913..fab2306d046 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -37,11 +37,10 @@ Subject: [PATCH] Add CNG crypto backend src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + src/hash/example_test.go | 2 + - src/hash/marshal_test.go | 4 + .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 37 files changed, 394 insertions(+), 26 deletions(-) + 36 files changed, 390 insertions(+), 26 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -824,28 +823,6 @@ index f07b9aaa2c4898..2ff6c4827391c0 100644 package hash_test import ( -diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go -index 3091f7a67acede..824be4a90fd4db 100644 ---- a/src/hash/marshal_test.go -+++ b/src/hash/marshal_test.go -@@ -21,6 +21,7 @@ import ( - "hash/crc32" - "hash/crc64" - "hash/fnv" -+ "internal/goexperiment" - "testing" - ) - -@@ -76,6 +77,9 @@ func TestMarshalHash(t *testing.T) { - } - h2m, ok := h2.(encoding.BinaryMarshaler) - if !ok { -+ if goexperiment.CNGCrypto { -+ t.Skip("CNGCrypto does not hash marshaling") -+ } - t.Fatalf("Hash does not implement MarshalBinary") - } - enc, err := h2m.MarshalBinary() diff --git a/src/internal/goexperiment/exp_cngcrypto_off.go b/src/internal/goexperiment/exp_cngcrypto_off.go new file mode 100644 index 00000000000000..831460053281e2 From bd9da3b55a9451bced809cf47a027d6cc7ba4787 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 4 Nov 2024 10:21:30 +0100 Subject: [PATCH 088/887] only conditionally skip TestMarshalHash in boring mode --- .../0002-Add-crypto-backend-foundation.patch | 40 ++++++++++++++++--- 1 file changed, 34 insertions(+), 6 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 6ba293fd76e..87de796c19b 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -54,10 +54,12 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/prf_test.go | 12 +- src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + - src/hash/marshal_test.go | 3 + + src/hash/boring_test.go | 5 + + src/hash/marshal_test.go | 5 + + src/hash/notboring_test.go | 5 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 53 files changed, 861 insertions(+), 106 deletions(-) + 55 files changed, 873 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -67,6 +69,8 @@ Subject: [PATCH] Add crypto backend foundation create mode 100644 src/crypto/internal/backend/nobackend.go create mode 100644 src/crypto/internal/backend/norequirefips.go create mode 100644 src/crypto/internal/backend/stub.s + create mode 100644 src/hash/boring_test.go + create mode 100644 src/hash/notboring_test.go diff --git a/src/crypto/aes/cipher.go b/src/crypto/aes/cipher.go index cde2e45d2ca559..cf47a4fc57d8e2 100644 @@ -1909,20 +1913,44 @@ index c6a2518f62ff3a..578b4d6f68504c 100644 < crypto/rand < crypto/internal/mlkem768 < crypto/ed25519 +diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go +new file mode 100644 +index 00000000000000..cd07ee1c00d379 +--- /dev/null ++++ b/src/hash/boring_test.go +@@ -0,0 +1,5 @@ ++//go:build systemcrypto ++ ++package hash_test ++ ++const boringEnabled = true diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go -index 3091f7a67acede..b066f8281c5265 100644 +index 3091f7a67acede..fead8cc4bec73a 100644 --- a/src/hash/marshal_test.go +++ b/src/hash/marshal_test.go -@@ -65,6 +65,9 @@ func TestMarshalHash(t *testing.T) { +@@ -65,6 +65,11 @@ func TestMarshalHash(t *testing.T) { } h := tt.new() -+ if _, ok := h.(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") ++ if boringEnabled { ++ if _, ok := h.(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } + } h.Write(buf[:256]) sum := h.Sum(nil) +diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go +new file mode 100644 +index 00000000000000..e1874086d3f315 +--- /dev/null ++++ b/src/hash/notboring_test.go +@@ -0,0 +1,5 @@ ++//go:build !systemcrypto ++ ++package hash_test ++ ++const boringEnabled = false diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go index 389eda9ad54b99..110d60beb0e70c 100644 --- a/src/net/smtp/smtp_test.go From b3aa2e82b3dac0db8660dde73e1751542531c739 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 4 Nov 2024 11:42:52 +0100 Subject: [PATCH 089/887] fix TestMarshalHash --- .../0002-Add-crypto-backend-foundation.patch | 8 +++--- patches/0004-Add-OpenSSL-crypto-backend.patch | 28 +++++++++++++++++-- patches/0005-Add-CNG-crypto-backend.patch | 24 +++++++++++++++- 3 files changed, 52 insertions(+), 8 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 87de796c19b..93536512b24 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -1915,11 +1915,11 @@ index c6a2518f62ff3a..578b4d6f68504c 100644 < crypto/ed25519 diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go new file mode 100644 -index 00000000000000..cd07ee1c00d379 +index 00000000000000..c90899062a9665 --- /dev/null +++ b/src/hash/boring_test.go @@ -0,0 +1,5 @@ -+//go:build systemcrypto ++//go:build goexperiment.boringcrypto + +package hash_test + @@ -1942,11 +1942,11 @@ index 3091f7a67acede..fead8cc4bec73a 100644 diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go new file mode 100644 -index 00000000000000..e1874086d3f315 +index 00000000000000..79f8c22f2b7416 --- /dev/null +++ b/src/hash/notboring_test.go @@ -0,0 +1,5 @@ -+//go:build !systemcrypto ++//go:build !goexperiment.boringcrypto + +package hash_test + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 1f3d5cd6328..938e6927e2d 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -34,11 +34,13 @@ Subject: [PATCH] Add OpenSSL crypto backend src/go.sum | 2 + src/go/build/deps_test.go | 7 +- src/go/build/vendor_test.go | 1 + + src/hash/boring_test.go | 2 +- + src/hash/notboring_test.go | 2 +- .../goexperiment/exp_opensslcrypto_off.go | 9 + .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 34 files changed, 406 insertions(+), 23 deletions(-) + 36 files changed, 408 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -714,7 +716,7 @@ index c83a7272c9f01f..a0548a7f9179c5 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index df27f25e789f05..3e9514234e7125 100644 +index df27f25e789f05..12d8c8f4f97321 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std @@ -726,7 +728,7 @@ index df27f25e789f05..3e9514234e7125 100644 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index b4efd6d3c50c11..d159c7d47bac3b 100644 +index b4efd6d3c50c11..4c3ca847c21cd2 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ @@ -786,6 +788,26 @@ index 7f6237ffd59c11..7c821ae4bc5727 100644 } // Verify that the vendor directories contain only packages matching the list above. +diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go +index c90899062a9665..802c0f8b8987bf 100644 +--- a/src/hash/boring_test.go ++++ b/src/hash/boring_test.go +@@ -1,4 +1,4 @@ +-//go:build goexperiment.boringcrypto ++//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto + + package hash_test + +diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go +index 79f8c22f2b7416..f3e8ed3e1cbf20 100644 +--- a/src/hash/notboring_test.go ++++ b/src/hash/notboring_test.go +@@ -1,4 +1,4 @@ +-//go:build !goexperiment.boringcrypto ++//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto + + package hash_test + diff --git a/src/internal/goexperiment/exp_opensslcrypto_off.go b/src/internal/goexperiment/exp_opensslcrypto_off.go new file mode 100644 index 00000000000000..62033547c6143a diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index fab2306d046..aac1155e600 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -36,11 +36,13 @@ Subject: [PATCH] Add CNG crypto backend src/go.sum | 2 + src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + + src/hash/boring_test.go | 2 +- src/hash/example_test.go | 2 + + src/hash/notboring_test.go | 2 +- .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 390 insertions(+), 26 deletions(-) + 38 files changed, 392 insertions(+), 28 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -810,6 +812,16 @@ index 7c821ae4bc5727..1d0b9b20e9b1d4 100644 } // Verify that the vendor directories contain only packages matching the list above. +diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go +index 802c0f8b8987bf..99e1933f84b52c 100644 +--- a/src/hash/boring_test.go ++++ b/src/hash/boring_test.go +@@ -1,4 +1,4 @@ +-//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto ++//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto + + package hash_test + diff --git a/src/hash/example_test.go b/src/hash/example_test.go index f07b9aaa2c4898..2ff6c4827391c0 100644 --- a/src/hash/example_test.go @@ -823,6 +835,16 @@ index f07b9aaa2c4898..2ff6c4827391c0 100644 package hash_test import ( +diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go +index f3e8ed3e1cbf20..a85fc430cfa655 100644 +--- a/src/hash/notboring_test.go ++++ b/src/hash/notboring_test.go +@@ -1,4 +1,4 @@ +-//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto ++//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto + + package hash_test + diff --git a/src/internal/goexperiment/exp_cngcrypto_off.go b/src/internal/goexperiment/exp_cngcrypto_off.go new file mode 100644 index 00000000000000..831460053281e2 From 38d62e36b312e3ba024d29f4f4b887b6eec83992 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Thu, 7 Nov 2024 11:00:37 -0800 Subject: [PATCH 090/887] Add macOS buildandpack with signing (#1388) * Add macOS buildandpack with signing Add macOS builds. Rework signing to support macOS hardening and notarization. * Fail if archive contains non-local path * firstError -> cmp.Or * Lowercase filename check --- eng/_util/cmd/sign/README.md | 50 ++ eng/_util/cmd/sign/archive.go | 467 ++++++++++++++++++ eng/_util/cmd/sign/archiveutil.go | 134 +++++ eng/_util/cmd/sign/sign.go | 291 +++++++++++ .../cmd/write-checksum/write-checksum.go | 31 +- eng/_util/internal/checksum/checksum.go | 32 ++ eng/pipeline/rolling-internal-pipeline.yml | 6 + eng/pipeline/stages/builders-to-stages.yml | 34 +- .../stages/go-builder-matrix-stages.yml | 6 + eng/pipeline/stages/pool-1.yml | 4 +- eng/pipeline/stages/pool-2.yml | 5 + eng/pipeline/stages/sign-stage.yml | 95 ++-- eng/signing/.gitignore | 1 + eng/signing/NuGet.config | 2 +- eng/signing/README.md | 31 +- eng/signing/Sign.csproj | 28 ++ eng/signing/Sign.proj | 93 ---- 17 files changed, 1110 insertions(+), 200 deletions(-) create mode 100644 eng/_util/cmd/sign/README.md create mode 100644 eng/_util/cmd/sign/archive.go create mode 100644 eng/_util/cmd/sign/archiveutil.go create mode 100644 eng/_util/cmd/sign/sign.go create mode 100644 eng/_util/internal/checksum/checksum.go create mode 100644 eng/signing/Sign.csproj delete mode 100644 eng/signing/Sign.proj diff --git a/eng/_util/cmd/sign/README.md b/eng/_util/cmd/sign/README.md new file mode 100644 index 00000000000..a74a2beffdd --- /dev/null +++ b/eng/_util/cmd/sign/README.md @@ -0,0 +1,50 @@ +# `sign` and the Microsoft Go signing infrastructure + +Most of the logic for signing (extracting files, repackaging, creating checksums) is implemented by this `sign` command. + +The [`/eng/signing`](/eng/signing) directory contains the MSBuild project that `sign` invokes to run real signing. +The MSBuild project uses [MicroBuild Signing](https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing) (internal Microsoft wiki link). + +To see signing in action, go to [`/eng/pipeline/README.md`](/eng/pipeline/README.md) and follow the link for `microsoft-go`. + +## Dry run + +1. Create the directory `/eng/signing/tosign` and add the `.tar.gz` and `.zip` artifacts to sign. + * Download artifacts from the `microsoft-go` pipeline, for example. + * It's ok to skip downloading some artifacts. The signing process doesn't require all platforms to be present. + * If you specify `-files`, you can use your own directory. +1. From the root of the repository, run `pwsh eng/run.ps1 sign -n` + +The `-n` argument makes it a dry run: it extracts/repacks files in the same way it would if it were signing them, but no signing is done. +This doesn't involve .NET/MSBuild, so this is a good way for a developer to test changes to the signing logic. + +See `pwsh eng/run.ps1 sign -h` for more options. + +## Test signing + +> [!NOTE] +> Test signing has not been observed to work. +> It has been documented for completeness, in case someone wants to try. + +### Prerequisites + +* Windows +* .NET Core SDK 8.0 or later. + * [Download](https://dot.net/download) +* The signing plugin. + 1. Download the latest NuGet Package: https://devdiv.visualstudio.com/DevDiv/_artifacts/feed/MicroBuildToolset/NuGet/MicroBuild.Plugins.Signing + 1. Extract its contents (the file is a zip) to `%userprofile%\.nuget\packages\microbuild.plugins.signing\1.1.900`. + * Optionally make the versioned dir's name match the version of the package you downloaded. It will be discovered dynamically, as a plugin, whether or not the version matches. + +### Test signing run + +1. Set up `tosign` as described in the dry run section. +1. From the root of the repository, run `pwsh eng/run.ps1 sign` + +## Real signing + +This can't be done from a dev machine. +It occurs in the `microsoft-go` pipeline, on a Windows machine. +See [`/eng/pipeline/README.md`](/eng/pipeline/README.md). + +The invocation of `sign` can be found in [`/eng/pipeline/stages/sign-stage.yml`](/eng/pipeline/stages/sign-stage.yml). diff --git a/eng/_util/cmd/sign/archive.go b/eng/_util/cmd/sign/archive.go new file mode 100644 index 00000000000..701e83103eb --- /dev/null +++ b/eng/_util/cmd/sign/archive.go @@ -0,0 +1,467 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import ( + "archive/tar" + "archive/zip" + "cmp" + "context" + "fmt" + "io" + "log" + "os" + "path/filepath" + "strings" +) + +type archiveType int + +const ( + // zipArchive is a Windows zip archive. + zipArchive archiveType = iota + // tarGzArchive is a macOS or Linux tar.gz archive. + tarGzArchive +) + +type archive struct { + path string + name string + + archiveType archiveType + archiveMacOS bool + + // workDir is a work dir absolute path that is only used for processing this archive. + workDir string + + // repackedPath is a repackaged archive with signed content. Assigned upon completion. + // Windows and macOS archives get repacked. + repackedPath string + // notarizedPath is a repacked archive that has also had the notarization ticket attached. + // Assigned upon completion. + notarizedPath string +} + +func newArchive(p string) (*archive, error) { + name := filepath.Base(p) + a := archive{ + path: p, + name: name, + } + if matchOrPanic("go*.zip", name) { + a.archiveType = zipArchive + } else if matchOrPanic("go*.tar.gz", name) { + a.archiveType = tarGzArchive + } else { + return nil, fmt.Errorf("unknown archive type: %s", p) + } + + if matchOrPanic("go*darwin*.tar.gz", name) { + a.archiveMacOS = true + } + + if err := os.MkdirAll(*tempDir, 0o777); err != nil { + return nil, err + } + workDir, err := os.MkdirTemp(*tempDir, "sign-work-"+name) + if err != nil { + return nil, fmt.Errorf("failed to create work directory: %v", err) + } + workDir, err = filepath.Abs(workDir) + if err != nil { + return nil, err + } + a.workDir = workDir + + return &a, nil +} + +// latestPath returns the path of the file that has the most signing steps applied to it. This +// allows for some generalization across platforms in later steps. +func (a *archive) latestPath() string { + if a.notarizedPath != "" { + return a.notarizedPath + } + if a.repackedPath != "" { + return a.repackedPath + } + return a.path +} + +func (a *archive) sigPath() string { + return filepath.Join(a.workDir, a.name+".sig") +} + +func (a *archive) macHardenPackPath() string { + return filepath.Join(a.workDir, a.name+".ToSignBundle.zip") +} + +func (a *archive) macNotarizePackPath() string { + return filepath.Join(a.workDir, a.name+".ToNotarize.zip") +} + +// entrySignInfo returns signing details for a given file in the Go archive, or nil if the given +// file entry doesn't need to be signed. +func (a *archive) entrySignInfo(name string) *fileToSign { + if a.archiveType == zipArchive { + if strings.HasSuffix(name, ".exe") { + return &fileToSign{ + originalPath: a.path, + fullPath: filepath.Join(a.workDir, "extract", name), + authenticode: "Microsoft400", + } + } + } else if a.archiveMacOS { + if matchOrPanic("go/bin/*", name) || + matchOrPanic("go/pkg/tool/*/*", name) { + + return &fileToSign{ + originalPath: a.path, + zip: true, + } + } + } + return nil +} + +// prepareEntriesToSign extracts files from the archive that need to be signed and returns a list +// of their extracted locations and details about how they should be signed. +func (a *archive) prepareEntriesToSign(ctx context.Context) ([]*fileToSign, error) { + fail := func(err error) ([]*fileToSign, error) { + return nil, fmt.Errorf("failed to extract file from %q: %v", a.path, err) + } + + var results []*fileToSign + + if a.archiveType == zipArchive { + log.Printf("Extracting files to sign from %q", a.path) + zr, err := zip.OpenReader(a.path) + if err != nil { + return fail(err) + } + defer zr.Close() + + if err := eachZipEntry(zr, func(f *zip.File) error { + if err := ctx.Err(); err != nil { + return err + } + if f.FileInfo().IsDir() { + return nil + } + if info := a.entrySignInfo(f.Name); info != nil { + if err := withFileCreate(info.fullPath, func(fWriter *os.File) error { + fReader, err := f.Open() + if err != nil { + return err + } + _, err = io.Copy(fWriter, fReader) + return cmp.Or(err, fReader.Close()) + }); err != nil { + return err + } + results = append(results, info) + } + return nil + }); err != nil { + return fail(err) + } + } else if a.archiveMacOS { + // Store macOS files to sign in a zip. Zipping is needed for this platform specifically, + // and the "Zip=true" feature mentioned in the doc only works when signing on a macOS + // runtime, so we need to do it ourselves. + // https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/19841/Additional-Requirements-for-Signing-or-Notarizing-Mac-Files + fts := &fileToSign{ + originalPath: a.path, + fullPath: a.macHardenPackPath(), + authenticode: "MacDeveloperHarden", + } + log.Printf("Creating macOS file hardening bundle at %q", fts.fullPath) + if err := withZipCreate(fts.fullPath, func(zw *zip.Writer) error { + return a.extractMacOSEntriesToZip(ctx, zw) + }); err != nil { + return fail(err) + } + results = append(results, fts) + } + + return results, nil +} + +func (a *archive) extractMacOSEntriesToZip(ctx context.Context, zw *zip.Writer) error { + // Open tar.gz macOS archive to put files into the zip. + writtenNames := make(map[string]struct{}) + return withTarGzOpen(a.path, func(tr *tar.Reader) error { + return eachTarEntry(tr, func(header *tar.Header, r io.Reader) error { + if err := ctx.Err(); err != nil { + return err + } + if header.Typeflag != tar.TypeReg { + return nil + } + if info := a.entrySignInfo(header.Name); info != nil { + if !info.zip { + return fmt.Errorf("unexpected file to sign directly rather than include in the zip batch: %q", header.Name) + } + + base := filepath.Base(header.Name) + if _, ok := writtenNames[base]; ok { + return fmt.Errorf("duplicate file name in archive: %q", base) + } + writtenNames[base] = struct{}{} + + w, err := zw.CreateHeader(&zip.FileHeader{ + Name: base, + }) + if err != nil { + return err + } + _, err = io.Copy(w, r) + return err + } + return nil + }) + }) +} + +func (a *archive) repackSignedEntries(ctx context.Context) error { + targetPath := filepath.Join(a.workDir, a.name+".WithSignedContent") + if a.archiveType == zipArchive { + log.Printf("Repacking signed content to %q", targetPath) + if err := withZipOpen(a.path, func(zr *zip.ReadCloser) error { + return withZipCreate(targetPath, func(zw *zip.Writer) error { + return eachZipEntry(zr, func(f *zip.File) error { + if err := ctx.Err(); err != nil { + return err + } + return a.writeZipRepackEntry(f, zw) + }) + }) + }); err != nil { + return err + } + a.repackedPath = targetPath + } else if a.archiveMacOS { + log.Printf("Repacking hardened content to %q", targetPath) + // Open the original tar.gz for header info and to read unchanged files from. + if err := withTarGzOpen(a.path, func(originalTR *tar.Reader) error { + // Create the new tar.gz that we're assembling. + return withTarGzCreate(targetPath, func(outTW *tar.Writer) error { + // Open the zip payload we got back from the signing service. + return withZipOpen(a.macHardenPackPath(), func(zrc *zip.ReadCloser) error { + // Iterate through the original tar.gz file to populate the target. + return eachTarEntry(originalTR, func(hdr *tar.Header, originalR io.Reader) error { + if err := ctx.Err(); err != nil { + return err + } + return a.writeTarRepackEntry(hdr, originalR, &zrc.Reader, outTW) + }) + }) + }) + }); err != nil { + return err + } + a.repackedPath = targetPath + } + return nil +} + +// writeZipRepackEntry looks at one entry in the original zip and creates a corresponding entry in +// the output zip. Reads signed entry content from the signed file on disk. If the file hasn't been +// signed, the content is read from the original zip. +func (a *archive) writeZipRepackEntry(original *zip.File, out *zip.Writer) error { + w, err := out.CreateHeader(&zip.FileHeader{ + // Copy necessary original file metadata. + Name: original.Name, + Method: original.Method, + Comment: original.Comment, + Modified: original.Modified, + Extra: original.Extra, + }) + if err != nil { + return err + } + var r io.ReadCloser + // If we have a signed version of this file, read from that. + // Otherwise, read from the original. + if info := a.entrySignInfo(original.Name); info != nil { + log.Printf("Replacing with signed version: %q", original.Name) + r, err = os.Open(info.fullPath) + if err != nil { + return err + } + } else { + r, err = original.Open() + if err != nil { + return err + } + } + _, err = io.Copy(w, r) + return cmp.Or(err, r.Close()) +} + +// writeTarRepackEntry looks at one entry in the original tar.gz and creates a corresponding entry +// in the output tar.gz. Reads signed/hardened entry content from signedPack. Otherwise, the entry +// content is copied from the original. +func (a *archive) writeTarRepackEntry(hdr *tar.Header, original io.Reader, signedPack *zip.Reader, out *tar.Writer) error { + // Always start with header info from the original tar.gz even if we're going to replace the + // file content. This means we don't need to worry about lost metadata due to the zip + // round-trip. + newHeader := &tar.Header{ + // Follow tar.Header documented compat guidance by copying over our selection of fields. + Name: hdr.Name, + Linkname: hdr.Linkname, + + Size: hdr.Size, + Mode: hdr.Mode, + Uid: hdr.Uid, + Gid: hdr.Gid, + Uname: hdr.Uname, + Gname: hdr.Gname, + + ModTime: hdr.ModTime, + AccessTime: hdr.AccessTime, + ChangeTime: hdr.ChangeTime, + } + isFile := hdr.Typeflag == tar.TypeReg + if info := a.entrySignInfo(hdr.Name); info != nil && isFile { + log.Printf("Replacing with signed version: %q", hdr.Name) + replacementFile, err := signedPack.Open(filepath.Base(hdr.Name)) + if err != nil { + return err + } + defer replacementFile.Close() + // Get the file size to prepare to copy. + stat, err := replacementFile.Stat() + if err != nil { + return err + } + newHeader.Size = stat.Size() + original = replacementFile + } + if err := out.WriteHeader(newHeader); err != nil { + return fmt.Errorf( + "failed to write header for %q: %v", + newHeader.Name, err) + } + if isFile { + _, err := io.Copy(out, original) + if err != nil { + return fmt.Errorf("failed to write %q: %v", newHeader.Name, err) + } + } + // Call Flush to make sure our write was correct. We don't technically need to call Flush here + // because the next WriteHeader will confirm that we e.g. wrote the correct number of bytes. + // However, calling Flush ourselves lets us emit an error that mentions the bad filename + // (rather than the next, unrelated filename). + if err := out.Flush(); err != nil { + return fmt.Errorf("failed to flush %q: %v", newHeader.Name, err) + } + return nil +} + +func (a *archive) prepareNotarize(ctx context.Context) ([]*fileToSign, error) { + if err := ctx.Err(); err != nil { + return nil, err + } + + if !a.archiveMacOS { + return nil, nil + } + + log.Printf("Creating zip containing the macOS tar.gz to notarize at %q", a.macNotarizePackPath()) + if err := withZipCreate(a.macNotarizePackPath(), func(zw *zip.Writer) error { + w, err := zw.CreateHeader(&zip.FileHeader{ + Name: a.name, + }) + if err != nil { + return err + } + return withFileOpen(a.latestPath(), func(f *os.File) error { + _, err := io.Copy(w, f) + return err + }) + }); err != nil { + return nil, err + } + return []*fileToSign{ + { + originalPath: a.path, + fullPath: a.macNotarizePackPath(), + authenticode: "8020", // Can't specify MacNotarize or MacAppName is not detected. + macAppName: "MicrosoftGo", + }, + }, nil +} + +func (a *archive) unpackNotarize(ctx context.Context) error { + if err := ctx.Err(); err != nil { + return err + } + + if !a.archiveMacOS { + return nil + } + + a.notarizedPath = filepath.Join(a.workDir, a.name+".notarized") + log.Printf("Unpacking notarized content to %q", a.notarizedPath) + return withZipOpen(a.macNotarizePackPath(), func(zr *zip.ReadCloser) error { + return eachZipEntry(zr, func(f *zip.File) error { + if err := ctx.Err(); err != nil { + return err + } + if f.Name != a.name { + return fmt.Errorf("unexpected file in notarize zip: %q", f.Name) + } + return withFileCreate(a.notarizedPath, func(w *os.File) error { + r, err := f.Open() + if err != nil { + return err + } + _, err = io.Copy(w, r) + return cmp.Or(err, r.Close()) + }) + }) + }) +} + +func (a *archive) prepareArchiveSignatures(ctx context.Context) ([]*fileToSign, error) { + if err := ctx.Err(); err != nil { + return nil, err + } + // Copy the archive file to have .sig suffix, e.g. "tar.gz" to "tar.gz.sig". The signing + // process sends the "tar.gz.sig" file to get a signature, then replaces the "tar.gz.sig" + // file's content in-place with the result. We need to preemptively make a renamed copy of the + // file so we end up with both the original file and sig on the machine. + log.Printf("Copying file for signature generation: %q -> %q", a.latestPath(), a.sigPath()) + if err := copyFile(a.sigPath(), a.latestPath()); err != nil { + return nil, err + } + return []*fileToSign{ + { + originalPath: a.path, + fullPath: a.sigPath(), + authenticode: "LinuxSignManagedLanguageCompiler", + }, + }, nil +} + +func (a *archive) copyToDestination(ctx context.Context) error { + if err := ctx.Err(); err != nil { + return err + } + // Create destination if it doesn't exist. + if err := os.MkdirAll(*destinationDir, 0o777); err != nil { + return fmt.Errorf("failed to create destination directory: %v", err) + } + + log.Printf("Copying finished files to destination: %q", a.latestPath()) + if err := copyFile(filepath.Join(*destinationDir, a.name), a.latestPath()); err != nil { + return err + } + if err := copyFile(filepath.Join(*destinationDir, a.name+".sig"), a.sigPath()); err != nil { + return err + } + return nil +} diff --git a/eng/_util/cmd/sign/archiveutil.go b/eng/_util/cmd/sign/archiveutil.go new file mode 100644 index 00000000000..091053752c9 --- /dev/null +++ b/eng/_util/cmd/sign/archiveutil.go @@ -0,0 +1,134 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import ( + "archive/tar" + "archive/zip" + "cmp" + "compress/gzip" + "errors" + "fmt" + "io" + "os" + "path/filepath" +) + +func eachZipEntry(r *zip.ReadCloser, f func(*zip.File) error) error { + for _, file := range r.File { + // Disallow absolute path, "..", etc. + if !filepath.IsLocal(file.Name) { + return fmt.Errorf("zip contains non-local path: %s", file.Name) + } + if err := f(file); err != nil { + return err + } + } + return nil +} + +func eachTarEntry(r *tar.Reader, f func(*tar.Header, io.Reader) error) error { + for { + header, err := r.Next() + if err != nil { + if errors.Is(err, io.EOF) { + return nil + } + return err + } + // Disallow absolute path, "..", etc. + if !filepath.IsLocal(header.Name) { + return fmt.Errorf("tar contains non-local path: %s", header.Name) + } + if err := f(header, r); err != nil { + return err + } + } +} + +func withFileOpen(path string, f func(*os.File) error) error { + file, err := os.Open(path) + if err != nil { + return err + } + return cmp.Or(f(file), file.Close()) +} + +func withZipOpen(path string, f func(*zip.ReadCloser) error) error { + r, err := zip.OpenReader(path) + if err != nil { + return err + } + return cmp.Or(f(r), r.Close()) +} + +func withTarGzOpen(path string, f func(*tar.Reader) error) error { + return withFileOpen(path, func(file *os.File) error { + gz, err := gzip.NewReader(file) + if err != nil { + return err + } + r := tar.NewReader(gz) + return f(r) + }) +} + +func withFileCreate(path string, f func(*os.File) error) error { + if err := os.MkdirAll(filepath.Dir(path), 0o777); err != nil { + return err + } + file, err := os.Create(path) + if err != nil { + return err + } + return cmp.Or(f(file), file.Close()) +} + +func withZipCreate(path string, f func(*zip.Writer) error) error { + return withFileCreate(path, func(file *os.File) error { + w := zip.NewWriter(file) + return cmp.Or(f(w), w.Close()) + }) +} + +func withTarGzCreate(path string, f func(*tar.Writer) error) error { + return withFileCreate(path, func(file *os.File) error { + gzw, err := gzip.NewWriterLevel(file, gzip.BestCompression) + if err != nil { + return err + } + tw := tar.NewWriter(gzw) + return cmp.Or(f(tw), tw.Close(), gzw.Close()) + }) +} + +func copyFile(dst, src string) error { + f, err := os.Open(src) + if err != nil { + return err + } + return cmp.Or(copyToFile(dst, f), f.Close()) +} + +func copyToFile(path string, r io.Reader) error { + if err := os.MkdirAll(filepath.Dir(path), 0o777); err != nil { + return err + } + f, err := os.Create(path) + if err != nil { + return err + } + _, err = io.Copy(f, r) + return cmp.Or(err, f.Close()) +} + +// matchOrPanic returns whether name matches the pattern glob, or panics if pattern is invalid. +func matchOrPanic(pattern, name string) bool { + ok, err := filepath.Match(pattern, name) + if err != nil { + panic(err) + } + return ok +} diff --git a/eng/_util/cmd/sign/sign.go b/eng/_util/cmd/sign/sign.go new file mode 100644 index 00000000000..07c7a7bd31f --- /dev/null +++ b/eng/_util/cmd/sign/sign.go @@ -0,0 +1,291 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package main + +import ( + "context" + "flag" + "fmt" + "io" + "log" + "os" + "os/exec" + "path/filepath" + "strings" + "time" + + "github.com/microsoft/go/_util/internal/checksum" +) + +const description = ` +This command signs build artifacts using MicroBuild. It is used in the Microsoft Go build pipeline. +Use '-n' to test the command locally. + +Signs in multiple passes. Some steps only apply to certain types of archives: + +1. Archive entries. Extracts specific entries from inside each archive, signs, and repacks. +2. Notarize. macOS archives get a notarization ticket attached to the tar.gz. +3. Signatures. Creates sig files for each archive. +4. Locally creates a .sha256 file for each archive. + +See /eng/_util/cmd/sign/README.md for more information. +` + +var ( + filesGlob = flag.String("files", "eng/signing/tosign/*", "Glob of Go archives to sign.") + destinationDir = flag.String("o", "eng/signing/signed", "Directory to store signed files.") + tempDir = flag.String("temp-dir", "eng/signing/signing-temp", "Directory to store temporary files.") + signingCsprojDir = flag.String("signing-csproj-dir", "eng/signing", "Directory containing Sign.csproj and related files.") + + notarize = flag.Bool("notarize", false, "Notarize macOS archives. This is currently not working in the signing service.") + signType = flag.String("sign-type", "test", "Type of signing to perform. Options: test, real.") + + timeout = flag.Duration("timeout", 0, + "Timeout for signing operations. Zero means no timeout. "+ + "Any MSBuild processes launched by this tool are be manually killed. "+ + "If set to a value lower than AzDO pipeline timeout, this helps avoid pipeline breakage when uploading MSBuild outputs.") + dryRun = flag.Bool("n", false, "Dry run: don't run the MSBuild signing tooling at all, even in test mode. This works on non-Windows platforms.") +) + +func main() { + help := flag.Bool("h", false, "Print this help message.") + + flag.Usage = func() { + fmt.Fprintf(flag.CommandLine.Output(), "Usage:\n") + flag.PrintDefaults() + fmt.Fprintf(flag.CommandLine.Output(), "%s\n", description) + } + + flag.Parse() + if *help { + flag.Usage() + return + } + + if err := run(); err != nil { + log.Printf("error: %v", err) + os.Exit(1) + } +} + +func run() error { + // A context for timeout. This timeout is mainly here to make sure child MSBuild processes are + // terminated. There are some ctx.Err() checks sprinkled into the Go code, but canceling + // quickly during the packaging/repackaging work in Go is not currently important: the Go work + // takes an insignificant amount of time compared to the signing service calls in MSBuild. + var ctx context.Context + if *timeout == 0 { + ctx = context.Background() + } else { + var cancel context.CancelFunc + ctx, cancel = context.WithDeadline(context.Background(), time.Now().Add(*timeout)) + defer cancel() + } + + archives, err := findArchives(ctx, *filesGlob) + if err != nil { + return err + } + + log.Println("Signing individual files extracted from archives") + + individualFilesToSign, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { + return a.prepareEntriesToSign(ctx) + }) + if err != nil { + return err + } + + if err := sign(ctx, "1-Individual", individualFilesToSign); err != nil { + return err + } + + for _, a := range archives { + if err := a.repackSignedEntries(ctx); err != nil { + return err + } + } + + if *notarize { + log.Println("Notarizing macOS archives") + + filesToNotarize, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { + return a.prepareNotarize(ctx) + }) + if err != nil { + return err + } + + if err := sign(ctx, "2-Notarize", filesToNotarize); err != nil { + return err + } + + for _, a := range archives { + if err := a.unpackNotarize(ctx); err != nil { + return err + } + } + } else { + log.Println("Skipping notarizing macOS archives") + } + + log.Println("Creating signature files") + + signatureFiles, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { + return a.prepareArchiveSignatures(ctx) + }) + if err != nil { + return err + } + + if err := sign(ctx, "3-Sigs", signatureFiles); err != nil { + return err + } + + log.Println("Copying finished files to destination") + + for _, a := range archives { + if err := a.copyToDestination(ctx); err != nil { + return err + } + } + + log.Println("Generating checksum files") + + for _, a := range archives { + if err := checksum.WriteSHA256ChecksumFile(filepath.Join(*destinationDir, a.name)); err != nil { + return err + } + } + + return nil +} + +func findArchives(ctx context.Context, glob string) ([]*archive, error) { + files, err := filepath.Glob(glob) + if err != nil { + return nil, fmt.Errorf("failed to glob files: %v", err) + } + + archives := make([]*archive, 0, len(files)) + + // Check for duplicate filenames. At the end of signing, we will put all the results in the + // same directory (even if the sources came from different directories), so catching this + // early saves time. + // + // Use lowercase because we sign on a Windows machine with a case-insensitive filesystem. + archiveFilenames := make(map[string]string) + + for _, f := range files { + if err := ctx.Err(); err != nil { + return nil, err + } + // Ignore checksum files: we always generate new ones. + if strings.HasSuffix(f, ".sha256") { + continue + } + + filenameLower := strings.ToLower(filepath.Base(f)) + if existingF, ok := archiveFilenames[filenameLower]; ok { + return nil, fmt.Errorf("duplicate archive %q, already found %q (comparing lowercase filename)", f, existingF) + } + archiveFilenames[filenameLower] = f + + a, err := newArchive(f) + if err != nil { + return nil, fmt.Errorf("failed to process %q: %v", f, err) + } + archives = append(archives, a) + } + + if len(archives) == 0 { + return nil, fmt.Errorf("no archives found to sign matching glob %q", *filesGlob) + } + + return archives, nil +} + +func sign(ctx context.Context, step string, files []*fileToSign) error { + var sb strings.Builder + sb.WriteString("\n") + sb.WriteString(" \n") + for _, f := range files { + f.WriteMSBuildItem(&sb) + } + sb.WriteString(" \n") + sb.WriteString("\n") + + log.Printf("Signing with props file content:\n%s\n", sb.String()) + if *dryRun { + log.Printf("Dry run: skipping signing.") + return nil + } + + if err := os.MkdirAll(*tempDir, 0o777); err != nil { + return err + } + // Get an absolute path to pass to MSBuild, because our working dirs may not be the same. + // MSBuild in general will resolve paths relative to the csproj. + absTemp, err := filepath.Abs(*tempDir) + if err != nil { + return err + } + propsFilePath := filepath.Join(absTemp, "Sign"+step+".props") + if err := os.WriteFile(propsFilePath, []byte(sb.String()), 0o666); err != nil { + return err + } + + cmd := exec.CommandContext( + ctx, + "dotnet", "build", "Sign.csproj", + "/p:SignFilesDir="+absTemp, + "/p:FilesToSignPropsFile="+propsFilePath, + "/t:AfterBuild", + "/p:SignType="+*signType, + "/bl:"+filepath.Join(absTemp, "Sign"+step+".binlog"), + "/v:n", + ) + cmd.Dir = *signingCsprojDir + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + log.Printf("Running: %v", cmd) + return cmd.Run() +} + +type fileToSign struct { + originalPath string + fullPath string + authenticode string + // This file is part of a zip payload, e.g. for macOS hardening. + zip bool + // macAppName for notarization. + macAppName string +} + +func (f *fileToSign) WriteMSBuildItem(w io.Writer) { + fmt.Fprintf(w, " \n") +} + +// flatMapSlice sequentially maps each element of es to a slice using f and flattens the resulting +// slices. If any call to f returns an error, the error is returned immediately. +func flatMapSlice[E, R any](es []E, f func(E) ([]R, error)) ([]R, error) { + var results []R + for _, e := range es { + rs, err := f(e) + if err != nil { + return nil, err + } + results = append(results, rs...) + } + return results, nil +} diff --git a/eng/_util/cmd/write-checksum/write-checksum.go b/eng/_util/cmd/write-checksum/write-checksum.go index 191ebd0eae6..abd08ee68ff 100644 --- a/eng/_util/cmd/write-checksum/write-checksum.go +++ b/eng/_util/cmd/write-checksum/write-checksum.go @@ -5,14 +5,11 @@ package main import ( - "crypto/sha256" - "encoding/hex" "flag" "fmt" - "io" "log" - "os" - "path/filepath" + + "github.com/microsoft/go/_util/internal/checksum" ) const description = ` @@ -42,30 +39,8 @@ func main() { log.Fatal("No files specified.") } for _, m := range flag.Args() { - if err := writeSHA256ChecksumFile(m); err != nil { + if err := checksum.WriteSHA256ChecksumFile(m); err != nil { log.Fatal(err) } } } - -func writeSHA256ChecksumFile(path string) error { - file, err := os.Open(path) - if err != nil { - return err - } - defer file.Close() - checksum := sha256.New() - if _, err = io.Copy(checksum, file); err != nil { - return err - } - // Write the checksum in a format that "sha256sum -c" can work with. Use the base path of the - // tarball (not full path, not relative path) because then "sha256sum -c" automatically works - // when the file and the checksum file are downloaded to the same directory. - content := fmt.Sprintf("%v %v\n", hex.EncodeToString(checksum.Sum(nil)), filepath.Base(path)) - outputPath := path + ".sha256" - if err := os.WriteFile(outputPath, []byte(content), 0o666); err != nil { - return err - } - fmt.Printf("Wrote checksum file %q with content: %v", outputPath, content) - return nil -} diff --git a/eng/_util/internal/checksum/checksum.go b/eng/_util/internal/checksum/checksum.go new file mode 100644 index 00000000000..c12d2d0a1d9 --- /dev/null +++ b/eng/_util/internal/checksum/checksum.go @@ -0,0 +1,32 @@ +package checksum + +import ( + "crypto/sha256" + "encoding/hex" + "fmt" + "io" + "os" + "path/filepath" +) + +func WriteSHA256ChecksumFile(path string) error { + file, err := os.Open(path) + if err != nil { + return err + } + defer file.Close() + checksum := sha256.New() + if _, err = io.Copy(checksum, file); err != nil { + return err + } + // Write the checksum in a format that "sha256sum -c" can work with. Use the base path of the + // tarball (not full path, not relative path) because then "sha256sum -c" automatically works + // when the file and the checksum file are downloaded to the same directory. + content := fmt.Sprintf("%v %v\n", hex.EncodeToString(checksum.Sum(nil)), filepath.Base(path)) + outputPath := path + ".sha256" + if err := os.WriteFile(outputPath, []byte(content), 0o666); err != nil { + return err + } + fmt.Printf("Wrote checksum file %q with content: %v", outputPath, content) + return nil +} diff --git a/eng/pipeline/rolling-internal-pipeline.yml b/eng/pipeline/rolling-internal-pipeline.yml index 98d4809a802..8f558e8d892 100644 --- a/eng/pipeline/rolling-internal-pipeline.yml +++ b/eng/pipeline/rolling-internal-pipeline.yml @@ -33,6 +33,11 @@ parameters: type: string default: nil + - name: signExistingRunID + displayName: 'For debugging signing: skip building, and instead sign the artifacts from an existing run. Leave "nil" otherwise.' + type: string + default: 'nil' + variables: - template: variables/pool-providers.yml # MicroBuild configuration. @@ -71,6 +76,7 @@ extends: buildandpack: true official: true sign: true + signExistingRunID: ${{ parameters.signExistingRunID }} createSourceArchive: true createSymbols: true publish: true diff --git a/eng/pipeline/stages/builders-to-stages.yml b/eng/pipeline/stages/builders-to-stages.yml index f5d29d3ede2..84943fc740b 100644 --- a/eng/pipeline/stages/builders-to-stages.yml +++ b/eng/pipeline/stages/builders-to-stages.yml @@ -9,6 +9,8 @@ parameters: builders: [] # If true, include a signing stage+job that depends on all 'buildandpack' builder jobs finishing. sign: false + # If changed to specify an existing pipeline run, skip build and sign the existing run. + signExistingRunID: 'nil' # If true, publish build artifacts to blob storage. publish: false # If true, publish artifacts to the public using Release Studio integration. @@ -25,21 +27,22 @@ parameters: stages: - ${{ if eq(parameters.publishExistingRunID, 'nil') }}: - - ${{ each builder in parameters.builders }}: - - template: pool.yml - parameters: - inner: - template: run-stage.yml - parameters: - builder: ${{ builder }} - createSourceArchive: ${{ parameters.createSourceArchive }} - releaseVersion: ${{ parameters.releaseVersion }} - official: ${{ parameters.official }} - createSymbols: ${{ parameters.createSymbols }} - # Attempt to retry the build on Windows to mitigate flakiness: - # "Access Denied" during EXE copying and general flakiness during tests. - ${{ if eq(builder.os, 'windows') }}: - retryAttempts: [1, 2, 3, 4, "FINAL"] + - ${{ if eq(parameters.signExistingRunID, 'nil') }}: + - ${{ each builder in parameters.builders }}: + - template: pool.yml + parameters: + inner: + template: run-stage.yml + parameters: + builder: ${{ builder }} + createSourceArchive: ${{ parameters.createSourceArchive }} + releaseVersion: ${{ parameters.releaseVersion }} + official: ${{ parameters.official }} + createSymbols: ${{ parameters.createSymbols }} + # Attempt to retry the build on Windows to mitigate flakiness: + # "Access Denied" during EXE copying and general flakiness during tests. + ${{ if eq(builder.os, 'windows') }}: + retryAttempts: [1, 2, 3, 4, "FINAL"] - ${{ if eq(parameters.sign, true) }}: - template: pool.yml @@ -55,6 +58,7 @@ stages: - ${{ each builder in parameters.builders }}: - ${{ if eq(builder.config, 'buildandpack') }}: - ${{ builder }} + signExistingRunID: ${{ parameters.signExistingRunID }} - ${{ if eq(parameters.publish, true) }}: - ${{ if and(not(startsWith(variables['Build.SourceBranch'], 'refs/heads/internal/')), eq(parameters.publishReleaseStudio, true)) }}: diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index c202248f02f..98253e5171a 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -31,6 +31,9 @@ parameters: - name: sign type: boolean default: false + - name: signExistingRunID + type: string + default: 'nil' - name: publish type: boolean default: false @@ -57,6 +60,7 @@ stages: jobsParameters: official: ${{ parameters.official }} sign: ${{ parameters.sign }} + signExistingRunID: ${{ parameters.signExistingRunID }} publish: ${{ parameters.publish }} publishReleaseStudio: ${{ parameters.publishReleaseStudio }} publishExistingRunID: ${{ parameters.publishExistingRunID }} @@ -71,6 +75,8 @@ stages: - { os: windows, arch: amd64, config: buildandpack } - { os: linux, arch: arm, hostArch: amd64, config: buildandpack } - { os: linux, arch: arm64, hostArch: amd64, config: buildandpack } + - { os: darwin, arch: amd64, config: buildandpack } + - { os: darwin, arch: arm64, hostArch: amd64, config: buildandpack } - ${{ if parameters.includeArm64Host }}: - { os: linux, arch: arm64, config: buildandpack } - ${{ if parameters.innerloop }}: diff --git a/eng/pipeline/stages/pool-1.yml b/eng/pipeline/stages/pool-1.yml index edb92053c6e..a53b4a72498 100644 --- a/eng/pipeline/stages/pool-1.yml +++ b/eng/pipeline/stages/pool-1.yml @@ -22,7 +22,9 @@ stages: parameters: ${{ insert }}: ${{ parameters }} - ${{ if eq(parameters.hostArch, 'arm64') }}: + ${{ if eq(parameters.os, 'darwin') }}: + name: Azure Pipelines # use the default AzDo hosted pool + ${{ elseif and(eq(parameters.hostArch, 'arm64'), eq(parameters.os, 'linux')) }}: name: Docker-Linux-Arm-Internal ${{ else }}: ${{ if parameters.public }}: diff --git a/eng/pipeline/stages/pool-2.yml b/eng/pipeline/stages/pool-2.yml index 5a59423e0ce..1509f1194d5 100644 --- a/eng/pipeline/stages/pool-2.yml +++ b/eng/pipeline/stages/pool-2.yml @@ -50,3 +50,8 @@ stages: ${{ else }}: demands: ImageOverride -equals 1es-ubuntu-2004 os: linux + + ${{ elseif eq(parameters.os, 'darwin') }}: + # https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops&tabs=yaml#software + vmImage: 'macos-14' + os: macOs diff --git a/eng/pipeline/stages/sign-stage.yml b/eng/pipeline/stages/sign-stage.yml index 73e1e046a58..2d50a05f009 100644 --- a/eng/pipeline/stages/sign-stage.yml +++ b/eng/pipeline/stages/sign-stage.yml @@ -6,15 +6,29 @@ # publishes the signed files and signatures into a consolidated pipeline artifact. parameters: + - name: builder + type: object + - name: official + type: boolean + - name: pool + type: object + # [] of { id, os, arch, config, distro?, experiment?, broken? } - builders: [] + - name: builders + type: object + + - name: signExistingRunID + type: string stages: - stage: Sign - # Depend on all build stages that produced artifacts that need signing. - dependsOn: - - ${{ each builder in parameters.builders }}: - - ${{ builder.id }} + ${{ if eq(parameters.signExistingRunID, 'nil') }}: + dependsOn: + # Depend on all build stages that produced artifacts that need signing. + - ${{ each builder in parameters.builders }}: + - ${{ builder.id }} + ${{ else }}: + dependsOn: [] jobs: - ${{ if and(ne(variables['System.TeamProject'], 'public'), ne(variables['Build.Reason'], 'PullRequest')) }}: - job: Sign @@ -22,6 +36,9 @@ stages: workspace: clean: all + # Give the sign task leeway to finish up after hitting its own timeout. + timeoutInMinutes: 80 + templateContext: mb: signing: @@ -32,46 +49,46 @@ stages: outputs: # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/outputs - output: pipelineArtifact - path: $(Build.StagingDirectory)/ToSign + path: 'eng\signing\signed' artifact: Binaries Signed + + - output: pipelineArtifact + path: 'eng\signing\signing-temp' + artifact: Signing temp directory $(System.JobAttempt) + condition: always() + - output: pipelineArtifact path: 'eng\signing' - artifact: Signing diagnosis directory + artifact: Signing diagnosis directory $(System.JobAttempt) + condition: always() steps: - template: ../steps/checkout-windows-task.yml - ${{ each builder in parameters.builders }}: - - download: current - artifact: Binaries ${{ builder.id }} - # Filter out manifests added by 1ES pipeline template. - patterns: '!_manifest/**' - displayName: 'Download: Binaries ${{ builder.id }}' - - - powershell: | - $flatDir = "$(Build.StagingDirectory)/ToSign" - New-Item $flatDir -ItemType Directory -ErrorAction Ignore - - Get-ChildItem -Recurse -File -Path @( - 'Binaries ${{ builder.id }}' - ) | %{ - if (Test-Path "$flatDir\$($_.Name)") { - throw "Duplicate filename, unable to flatten: $($_.FullName)" - } - Copy-Item $_.FullName $flatDir - } - displayName: 'Copy to flat dir: ${{ builder.id }}' - workingDirectory: '$(Pipeline.Workspace)' + - ${{ if eq(parameters.signExistingRunID, 'nil') }}: + - download: current + artifact: Binaries ${{ builder.id }} + # Filter out manifests added by 1ES pipeline template. + patterns: '!_manifest/**' + displayName: 'Download: Binaries ${{ builder.id }}' + - ${{ else }}: + - task: DownloadPipelineArtifact@2 + displayName: 'Download: Binaries ${{ builder.id }} (Specific)' + inputs: + buildType: specific + project: $(System.TeamProject) + definition: $(System.DefinitionId) + runVersion: 'specific' + runId: ${{ parameters.signExistingRunID }} + artifact: Binaries ${{ builder.id }} + # Filter out manifests added by 1ES pipeline template. + patterns: '!_manifest/**' + targetPath: '$(Pipeline.Workspace)/Binaries ${{ builder.id }}' - - task: DotNetCoreCLI@2 - displayName: 'Sign Files' - inputs: - command: custom - projects: '$(Build.SourcesDirectory)/eng/signing/Sign.proj' - custom: build - arguments: >- - /t:AfterBuild - /p:SignFilesDir=$(Build.StagingDirectory)/ToSign - /p:SignType=$(SignType) - /bl:eng/signing/SignFiles.binlog - /v:n + - pwsh: | + eng/run.ps1 sign ` + -files '$(Pipeline.Workspace)/Binaries */*' ` + -sign-type '$(SignType)' ` + -timeout 60m + displayName: Sign Files diff --git a/eng/signing/.gitignore b/eng/signing/.gitignore index c66ddb25baa..a784cf86ebb 100644 --- a/eng/signing/.gitignore +++ b/eng/signing/.gitignore @@ -9,3 +9,4 @@ obj/ signing-log/ signing-temp/ tosign/ +signed/ diff --git a/eng/signing/NuGet.config b/eng/signing/NuGet.config index 080b3fce698..8f32de83184 100644 --- a/eng/signing/NuGet.config +++ b/eng/signing/NuGet.config @@ -1,7 +1,7 @@ diff --git a/eng/signing/README.md b/eng/signing/README.md index c8d8879550d..2ffc00ab368 100644 --- a/eng/signing/README.md +++ b/eng/signing/README.md @@ -1,23 +1,8 @@ -# Signing infrastructure - -This directory contains the infrastructure used by Microsoft to sign the Go -binaries in internal builds. It uses -[MicroBuild Signing](https://dev.azure.com/devdiv/DevDiv/_wiki/wikis/DevDiv.wiki/650/MicroBuild-Signing) -(internal Microsoft wiki link). - -To see it in action, go to [`/eng/pipeline/README.md`](/eng/pipeline/README.md) -and follow the link for `microsoft-go`. - -This infrastructure runs on Windows only. - -## Running locally - -1. Create the directory `tosign` and add `.tar.gz` and `.zip` artifacts. -1. Install the plugin: - 1. Download the latest https://devdiv.visualstudio.com/DevDiv/_artifacts/feed/MicroBuildToolset/NuGet/MicroBuild.Plugins.Signing - 1. Extract it to `%userprofile%\.nuget\microbuild.plugins.signing\1.1.900`. - * Optionally make the last dir match the version of the package. It will be discovered dynamically, as a plugin, whether or not it matches. -1. Run a "test sign" build locally to exercise the tooling: - ``` - dotnet build /p:SignFilesDir=tosign /p:SignType=test /p:MicroBuild_SigningEnabled=true /bl - ``` +# MSBuild signing infrastructure + +This directory contains a component of the Microsoft Go signing infrastructure written using MSBuild. +`Sign.csproj` is the interface between the Go signing command [`/eng/_util/cmd/sign`][sign] and MicroBuild, an internal Microsoft toolset written to primarily support .NET projects that use MSBuild. + +See [`/eng/_util/cmd/sign`][sign] for more information about the signing infrastructure. + +[sign]: /eng/_util/cmd/sign \ No newline at end of file diff --git a/eng/signing/Sign.csproj b/eng/signing/Sign.csproj new file mode 100644 index 00000000000..2cca241e2bc --- /dev/null +++ b/eng/signing/Sign.csproj @@ -0,0 +1,28 @@ + + + + + + net7.0 + + + + + + + + + + + + + + $([MSBuild]::NormalizeDirectory('$(SignFilesDir)')) + + + + + + + + diff --git a/eng/signing/Sign.proj b/eng/signing/Sign.proj deleted file mode 100644 index 5f8ba9c8816..00000000000 --- a/eng/signing/Sign.proj +++ /dev/null @@ -1,93 +0,0 @@ - - - - - - net7.0 - - - - - - - - - - - - - true - false - - - - $([MSBuild]::NormalizeDirectory('$(SignFilesDir)')) - - - - - - - - LinuxSignManagedLanguageCompiler - - - - - - - - - - - - - - - - - - - - Microsoft400 - - - - - - - - - - - - - - - - - - - - - From cc3439cdf77c83c53fd1e97d5b5b5dfd85e9bc05 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Nov 2024 09:08:43 -0800 Subject: [PATCH 091/887] Bump golang.org/x/sys from 0.26.0 to 0.27.0 in /eng/_util (#1396) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.26.0 to 0.27.0. - [Commits](https://github.com/golang/sys/compare/v0.26.0...v0.27.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 3215f0670b7..1908c85092a 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,7 @@ go 1.21 require ( github.com/microsoft/go-infra v0.0.5 - golang.org/x/sys v0.26.0 + golang.org/x/sys v0.27.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index f318609f8b8..428da6543f9 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -79,8 +79,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From 32773683ac035db956615e0da6d966eb86802819 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 10:10:50 +0000 Subject: [PATCH 092/887] Bump github/codeql-action from 3.27.0 to 3.27.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1e6c5589053..f19fff75ef5 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: category: /language:go From 1ef48294bed4ddc7c9a081a9e1d377b7b75778a9 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 12 Nov 2024 12:53:21 -0800 Subject: [PATCH 093/887] Add darwin (macOS) innerloop devscript builder --- eng/pipeline/stages/go-builder-matrix-stages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 98253e5171a..cd7a7dfd0ab 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -80,6 +80,7 @@ stages: - ${{ if parameters.includeArm64Host }}: - { os: linux, arch: arm64, config: buildandpack } - ${{ if parameters.innerloop }}: + - { os: darwin, arch: amd64, config: devscript } - { os: linux, arch: amd64, config: devscript } - { os: linux, arch: amd64, config: test } - { os: linux, arch: amd64, config: test, distro: ubuntu } From 6e18c22f2558d707a03b8216b3ff56e7c6baf505 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 10:40:15 +0000 Subject: [PATCH 094/887] Bump github/codeql-action from 3.27.1 to 3.27.3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...396bb3e45325a47dd9ef434068033c6d5bb0d11a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f19fff75ef5..4492648243e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/init@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/autobuild@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/analyze@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 with: category: /language:go From 8fbc0e2c7bcf70e686c2875c666324a76377fd3e Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 14 Nov 2024 16:53:16 +0000 Subject: [PATCH 095/887] add:crypto dsa support and generate patch files --- patches/0015-Add-crypto-dsa-support.patch | 37 +++++ patches/0016-Vendor-crypto-dsa-backends.patch | 149 ++++++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 patches/0015-Add-crypto-dsa-support.patch create mode 100644 patches/0016-Vendor-crypto-dsa-backends.patch diff --git a/patches/0015-Add-crypto-dsa-support.patch b/patches/0015-Add-crypto-dsa-support.patch new file mode 100644 index 00000000000..bc39e97c717 --- /dev/null +++ b/patches/0015-Add-crypto-dsa-support.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: mertakman +Date: Thu, 14 Nov 2024 13:32:30 +0000 +Subject: [PATCH] Add crypto dsa support + +--- + src/go.mod | 2 +- + src/go.sum | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/go.mod b/src/go.mod +index 39d84e4165d654..8a95b6f65c63ef 100644 +--- a/src/go.mod ++++ b/src/go.mod +@@ -4,7 +4,7 @@ go 1.24 + + require ( + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 +- github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd + ) +diff --git a/src/go.sum b/src/go.sum +index 116a769b257e34..54c859b46edd1c 100644 +--- a/src/go.sum ++++ b/src/go.sum +@@ -1,7 +1,7 @@ + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +-github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= +-github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0016-Vendor-crypto-dsa-backends.patch b/patches/0016-Vendor-crypto-dsa-backends.patch new file mode 100644 index 00000000000..335b285d67e --- /dev/null +++ b/patches/0016-Vendor-crypto-dsa-backends.patch @@ -0,0 +1,149 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: mertakman +Date: Thu, 14 Nov 2024 13:32:53 +0000 +Subject: [PATCH] Vendor crypto dsa backends + +--- + .../microsoft/go-crypto-winnative/cng/aes.go | 4 ++-- + .../microsoft/go-crypto-winnative/cng/des.go | 7 +++---- + .../microsoft/go-crypto-winnative/cng/hash.go | 16 +++------------- + .../microsoft/go-crypto-winnative/cng/hkdf.go | 13 +++++++++---- + src/vendor/modules.txt | 2 +- + 5 files changed, 18 insertions(+), 24 deletions(-) + +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go +index caac632894556e..097a0fc77f0adb 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go +@@ -7,6 +7,7 @@ + package cng + + import ( ++ "bytes" + "crypto/cipher" + "errors" + "runtime" +@@ -28,8 +29,7 @@ func NewAESCipher(key []byte) (cipher.Block, error) { + if err != nil { + return nil, err + } +- c := &aesCipher{kh: kh, key: make([]byte, len(key))} +- copy(c.key, key) ++ c := &aesCipher{kh: kh, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*aesCipher).finalize) + return c, nil + } +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go +index b0784affba0aa4..de3f05b84f1d82 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go +@@ -7,6 +7,7 @@ + package cng + + import ( ++ "bytes" + "crypto/cipher" + "runtime" + +@@ -27,8 +28,7 @@ func NewDESCipher(key []byte) (cipher.Block, error) { + if err != nil { + return nil, err + } +- c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))} +- copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil + } +@@ -38,8 +38,7 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { + if err != nil { + return nil, err + } +- c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))} +- copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil + } +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go +index c4f01e17dd4ca1..87b1c95dc7f911 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go +@@ -7,6 +7,7 @@ + package cng + + import ( ++ "bytes" + "crypto" + "hash" + "runtime" +@@ -194,12 +195,7 @@ func newHashX(id string, flag bcrypt.AlgorithmProviderFlags, key []byte) *hashX + if err != nil { + panic(err) + } +- h := new(hashX) +- h.alg = alg +- if len(key) > 0 { +- h.key = make([]byte, len(key)) +- copy(h.key, key) +- } ++ h := &hashX{alg: alg, key: bytes.Clone(key)} + // Don't allocate hx.buf nor call bcrypt.CreateHash yet, + // which would be wasteful if the caller only wants to know + // the hash type. This is a common pattern in this package, +@@ -227,13 +223,7 @@ func (h *hashX) withCtx(fn func(ctx bcrypt.HASH_HANDLE) error) error { + } + + func (h *hashX) Clone() (hash.Hash, error) { +- h2 := &hashX{ +- alg: h.alg, +- } +- if h.key != nil { +- h2.key = make([]byte, len(h.key)) +- copy(h2.key, h.key) +- } ++ h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} + err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { + return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) + }) +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go +index 655926ef635224..5338fb5c7b187c 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go +@@ -156,14 +156,19 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { + return nil, errors.New("cng: unknown key data blob version") + } + // KEY_DATA_BLOB_VERSION1 format is: +- // cbHash uint32 // Big-endian +- // hashName [cbHash]byte ++ // cbHashName uint32 // Big-endian ++ // pHashName [cbHash]byte + // key []byte // Rest of the blob + if len(blob) < 4 { + return nil, errors.New("cng: exported key is corrupted") + } +- hashLength := binary.BigEndian.Uint32(blob[:]) +- return blob[4+hashLength:], nil ++ cbHashName := binary.BigEndian.Uint32(blob) ++ blob = blob[4:] ++ if len(blob) < int(cbHashName) { ++ return nil, errors.New("cng: exported key is corrupted") ++ } ++ // Skip pHashName. ++ return blob[cbHashName:], nil + } + + func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { +diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt +index be1319fc942882..7c9bf41ea0bc87 100644 +--- a/src/vendor/modules.txt ++++ b/src/vendor/modules.txt +@@ -2,7 +2,7 @@ + ## explicit; go 1.22 + github.com/golang-fips/openssl/v2 + github.com/golang-fips/openssl/v2/bbig +-# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d + ## explicit; go 1.22 + github.com/microsoft/go-crypto-winnative/cng + github.com/microsoft/go-crypto-winnative/cng/bbig From 1673f90fcd3a8ac92ebbcd058564969269e82eac Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Fri, 15 Nov 2024 10:48:49 -0800 Subject: [PATCH 096/887] Use Microsoft Go as stage 0 (#1400) * Use Microsoft Go as stage 0 * For build, unset GOROOT if explicitly set --- eng/_util/cmd/build/build.go | 11 + eng/_util/go-install.ps1 | 899 ++++++++++++++++++++++++++ eng/_util/go.mod | 3 +- eng/_util/go.sum | 2 + eng/_util/tools/installscript_test.go | 21 + eng/_util/tools/tools.go | 11 + eng/pipeline/stages/run-stage.yml | 19 +- eng/run.ps1 | 25 +- eng/utilities.ps1 | 101 +-- 9 files changed, 988 insertions(+), 104 deletions(-) create mode 100644 eng/_util/go-install.ps1 create mode 100644 eng/_util/tools/installscript_test.go create mode 100644 eng/_util/tools/tools.go diff --git a/eng/_util/cmd/build/build.go b/eng/_util/cmd/build/build.go index 03d39428e6a..e87ab876093 100644 --- a/eng/_util/cmd/build/build.go +++ b/eng/_util/cmd/build/build.go @@ -138,6 +138,17 @@ func build(o *options) error { } fmt.Printf("---- Target platform: %v_%v\n", targetOS, targetArch) + // Setting GOROOT explicitly in the environment has not been necessary since Go 1.9 + // (https://go.dev/doc/go1.9#goroot), but a dev or build machine may still have it set. It + // interferes with attempts to run the built Go (such as when building the race runtime), so + // remove the explicit GOROOT if set. + if explicitRoot, ok := os.LookupEnv("GOROOT"); ok { + fmt.Printf("---- Removing explicit GOROOT from environment: %v\n", explicitRoot) + if err := os.Unsetenv("GOROOT"); err != nil { + return err + } + } + // The upstream build scripts in {repo-root}/src require your working directory to be src, or // they instantly fail. Change the current process dir so that we can run them. if err := os.Chdir("go/src"); err != nil { diff --git a/eng/_util/go-install.ps1 b/eng/_util/go-install.ps1 new file mode 100644 index 00000000000..29cc7fc9a13 --- /dev/null +++ b/eng/_util/go-install.ps1 @@ -0,0 +1,899 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +<# +.SYNOPSIS + Installs Microsoft Go +.DESCRIPTION + Installs the Microsoft Go toolset. + + Note that the intended use of this script is for Continuous Integration (CI) scenarios, where: + - The toolset needs to be installed without user interaction and without admin rights. + - The toolset installation doesn't need to persist across multiple CI runs. + Visit https://github.com/microsoft/go for a list of other ways to install Microsoft Go. + +.PARAMETER Version + Default: Latest + Download the specified version. Supports some aliases. Possible values: + - Latest - the most recent major version. + - Previous - the second most recent major version. + - 2-part version in format go1.A - represents a specific major version. + examples: go1.18, go1.23 + - 3-part version in format go1.A.B - latest revision of a specific release. + examples: go1.18.0, go1.23.1 + - 4-part version in format go1.A.B-C - a specific revision of Microsoft Go, immutable. + examples: go1.18.0-1, go1.23.1-3 + Microsoft Go doesn't publish prereleases, so they are not available. +.PARAMETER InstallDir + Path to where to install Microsoft Go. Note that if a directory is given, GOROOT is placed + directly in that directory. + Default: - a folder automatically selected inside LocalApplicationData as evaluated by PowerShell. + Example auto on Windows: C:\Users\myself\AppData\Local\microsoft-go\ + Example auto on Linux: /home/myself/.local/share/microsoft-go/ + If OS or Architecture are not , the path includes OS and Architecture. This avoids + overlapping installations but still allows for a shorter path for ordinary situations. +.PARAMETER OS + Default: - this value represents currently running OS + Operating system of prebuilt toolset binaries to be installed. + Possible values are: , windows, linux, darwin +.PARAMETER Architecture + Default: - this value represents currently running OS architecture + Architecture of prebuilt toolset binaries to be installed. + Possible values are: , amd64, x64, 386, x86, arm64, arm +.PARAMETER DryRun + If set, it will not perform installation. Instead, it displays what command line to use to + consistently install currently requested version of Microsoft Go. For example, if you specify + Version 'Latest', it will print a command with the specific 4-part version so this command can + be used deterministicly in a build script. + It also prints the location the binaries would have been installed to. +.PARAMETER NoPath + By default, this script will update the environment variable PATH for the current process to + include the binaries folder inside installation folder. + If set, it will print the binaries location but not set any environment variable. +.PARAMETER AzurePipelinePath + If set, it will print an Azure DevOps logging command that causes the Azure DevOps to update the + PATH environment variable of subsequent build steps to include the binaries folder. +.PARAMETER ProxyAddress + If set, it will use the proxy when making web requests +.PARAMETER ProxyUseDefaultCredentials + Default: false + Use default credentials when using ProxyAddress. +.PARAMETER ProxyBypassList + If set, when using ProxyAddress, this comma separated url list is passed to the underlying + HttpClientHandler. +.PARAMETER DownloadTimeout + Determines timeout duration in seconds for downloading the toolset file. + Default: 1200 seconds (20 minutes) +.PARAMETER KeepArchive + If set, the downloaded file is kept. +.PARAMETER ArchivePath + A path to use to store the toolset archive file, a zip or tar.gz. + Default: a generated random filename in the system's temporary directory. +.PARAMETER Help + Displays this help message. +.PARAMETER Verbose + Displays diagnostics information. +.EXAMPLE + go-install.ps1 + Installs the latest released Microsoft Go version. +.EXAMPLE + go-install.ps1 -Version Previous + Installs the latest version of the previous major (1.X) version of Microsoft Go. +#> +[cmdletbinding()] +param( + [string]$Version="Latest", + [Alias('i')][string]$InstallDir="", + [string]$OS="", + [string]$Architecture="", + [switch]$DryRun, + [switch]$NoPath, + [switch]$AzurePipelinePath, + [string]$ProxyAddress, + [switch]$ProxyUseDefaultCredentials, + [string[]]$ProxyBypassList=@(), + [int]$DownloadTimeout=1200, + [switch]$KeepArchive, + [string]$ArchivePath, + [switch]$Help +) + +Set-StrictMode -Version Latest +$ErrorActionPreference="Stop" +$ProgressPreference="SilentlyContinue" + +$MicrosoftGoInstallScriptVersion = "0.0.1" + +function Say($str) { + try { + Write-Host "go-install: $str" + } + catch { + # Some platforms cannot utilize Write-Host (Azure Functions, for instance). Fall back to Write-Output + Write-Output "go-install: $str" + } +} + +function Say-Warning($str) { + try { + Write-Warning "go-install: $str" + } + catch { + # Some platforms cannot utilize Write-Warning (Azure Functions, for instance). Fall back to Write-Output + Write-Output "go-install: Warning: $str" + } +} + +# Writes a line with error style settings. +# Use this function to show a human-readable comment along with an exception. +function Say-Error($str) { + try { + # Write-Error is quite oververbose for the purpose of the function, let's write one line with error style settings. + $Host.UI.WriteErrorLine("go-install: $str") + } + catch { + Write-Output "go-install: Error: $str" + } +} + +function Say-Verbose($str) { + try { + Write-Verbose "go-install: $str" + } + catch { + # Some platforms cannot utilize Write-Verbose (Azure Functions, for instance). Fall back to Write-Output + Write-Output "go-install: $str" + } +} + +function Measure-Action($name, $block) { + $time = Measure-Command $block + $totalSeconds = $time.TotalSeconds + Say-Verbose "⏱ Action '$name' took $totalSeconds seconds" +} + +function Get-Remote-File-Size($zipUri) { + try { + $response = Invoke-WebRequest -Uri $zipUri -Method Head + $fileSize = $response.Headers["Content-Length"] + if ((![string]::IsNullOrEmpty($fileSize))) { + Say "Remote file $zipUri size is $fileSize bytes." + + return $fileSize + } + } + catch { + Say-Verbose "Content-Length header was not extracted for $zipUri." + } + + return $null +} + +function Say-Invocation($Invocation) { + $command = $Invocation.MyCommand; + $args = (($Invocation.BoundParameters.Keys | foreach { "-$_ `"$($Invocation.BoundParameters[$_])`"" }) -join " ") + Say-Verbose "$command $args" +} + +function Invoke-With-Retry([ScriptBlock]$ScriptBlock, [System.Threading.CancellationToken]$cancellationToken = [System.Threading.CancellationToken]::None, [int]$MaxAttempts = 3, [int]$SecondsBetweenAttempts = 1) { + $Attempts = 0 + $local:startTime = $(get-date) + + while ($true) { + try { + return & $ScriptBlock + } + catch { + $Attempts++ + if (($Attempts -lt $MaxAttempts) -and -not $cancellationToken.IsCancellationRequested) { + Start-Sleep $SecondsBetweenAttempts + } + else { + $local:elapsedTime = $(get-date) - $local:startTime + if (($local:elapsedTime.TotalSeconds - $DownloadTimeout) -gt 0 -and -not $cancellationToken.IsCancellationRequested) { + throw New-Object System.TimeoutException("Failed to reach the server: connection timeout: default timeout is $DownloadTimeout second(s)"); + } + throw; + } + } + } +} + +function Get-Machine-Architecture() { + Say-Invocation $MyInvocation + + # Try the .NET API. If we don't get anything, this is probably PowerShell on Windows. + try { + $Architecture = [System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture + if ($Architecture) { + # Possible values: https://learn.microsoft.com/en-us/dotnet/api/system.runtime.interopservices.architecture + return $Architecture.ToString().ToLowerInvariant() + } + } + catch { + Say-Verbose "Failed to get the machine architecture using .NET API. Falling back to environment variables." + } + + # On PS x86, PROCESSOR_ARCHITECTURE reports x86 even on x64 systems. + # To get the correct architecture, we need to use PROCESSOR_ARCHITEW6432. + # PS x64 doesn't define this, so we fall back to PROCESSOR_ARCHITECTURE. + # Possible values: amd64, x64, x86, arm64, arm + if( $ENV:PROCESSOR_ARCHITEW6432 -ne $null ) { + return $ENV:PROCESSOR_ARCHITEW6432 + } + + return $ENV:PROCESSOR_ARCHITECTURE +} + +function Get-CLIArchitecture-From-Architecture([string]$Architecture) { + Say-Invocation $MyInvocation + + if ($Architecture -eq "") { + $Architecture = Get-Machine-Architecture + } + + switch ($Architecture.ToLowerInvariant()) { + { ($_ -eq "amd64") -or ($_ -eq "x64") } { return "amd64" } + { ($_ -eq "386") -or ($_ -eq "x86") } { return "386" } + { $_ -eq "arm" } { return "armv6l" } + { $_ -eq "arm64" } { return "arm64" } + default { throw "Architecture '$Architecture' not supported. If you think this is a bug, report it at https://github.com/microsoft/go/issues" } + } +} + +function Get-CLIOS-From-OS([string]$OS) { + Say-Invocation $MyInvocation + + if (!(Test-Path -LiteralPath 'variable:IsWindows')) { + # If we don't have IsWindows, this is Windows PowerShell (powershell), not PowerShell Core (pwsh). + # So, we can't use the variable, but we know we're on Windows. + $IsWindows = $true + } + + if ($OS -eq "") { + if ($IsWindows -or [System.Environment]::OSVersion.Platform -eq [System.PlatformID]::Win32NT) { + $OS = "windows" + } + elseif ($IsLinux) { + $OS = "linux" + } + elseif ($IsMacOS) { + $OS = "darwin" + } + else { + throw "Unable to automatically determine the OS." + } + } + + switch ($OS.ToLowerInvariant()) { + { $_ -eq "windows" } { return "windows" } + { $_ -eq "linux" } { return "linux" } + { $_ -eq "darwin" } { return "darwin" } + default { throw "OS '$OS' not supported. If you think this is a bug, report it at https://github.com/microsoft/go/issues" } + } +} + +function Get-GeneratedArchivePath([string]$CLIOS) { + Say-Invocation $MyInvocation + + $Extension = switch ($CLIOS) { + "windows" { ".zip" } + default { ".tar.gz" } + } + + return [System.IO.Path]::combine([System.IO.Path]::GetTempPath(), [System.IO.Path]::GetRandomFileName()) + $Extension +} + +function Fetch-SupportedVersion([string]$StableKey) { + # Figure out what's latest by querying the list of release branches. + $ReleaseBranchData = DownloadJson "https://aka.ms/golang/release/latest/release-branch-links.json" + + # Find first thing in the array of objects where the key by name is true. + foreach ($branch in $ReleaseBranchData) { + if (Get-OrNull $branch $StableKey) { + return $branch.version + } + } + + throw "Failed to find a branch where '$StableKey' is true." +} + +function Get-NormalizedVersion([string]$Version) { + Say-Invocation $MyInvocation + + if ([string]::IsNullOrEmpty($Version)) { + return "" + } + switch ($Version.ToLowerInvariant()) { + { $_ -eq "latest" } { return Fetch-SupportedVersion -StableKey "latestStable" } + { $_ -eq "previous" } { return Fetch-SupportedVersion -StableKey "previousStable" } + { $_ -like "go1.*" } { return $_ } + default { throw "Version '$Version' not recognized. Missing 'go' prefix? If you think this is a bug, report it at https://github.com/microsoft/go/issues" } + } +} + +function Load-Assembly([string] $Assembly) { + try { + Add-Type -Assembly $Assembly | Out-Null + } + catch { + # On Nano Server, Powershell Core Edition is used. Add-Type is unable to resolve base class assemblies because they are not GAC'd. + # Loading the base class assemblies is not unnecessary as the types will automatically get resolved. + } +} + +function GetHTTPResponse([Uri] $Uri, [bool]$HeaderOnly, [bool]$DisableRedirect) +{ + $cts = New-Object System.Threading.CancellationTokenSource + + $downloadScript = { + + $HttpClient = $null + + try { + # HttpClient is used vs Invoke-WebRequest in order to support Nano Server which doesn't support the Invoke-WebRequest cmdlet. + Load-Assembly -Assembly System.Net.Http + + if (-not $ProxyAddress) { + try { + # Despite no proxy being explicitly specified, we may still be behind a default proxy + $DefaultProxy = [System.Net.WebRequest]::DefaultWebProxy; + if($DefaultProxy -and (-not $DefaultProxy.IsBypassed($Uri))) { + if ($null -ne $DefaultProxy.GetProxy($Uri)) { + $ProxyAddress = $DefaultProxy.GetProxy($Uri).OriginalString + } else { + $ProxyAddress = $null + } + $ProxyUseDefaultCredentials = $true + } + } + catch { + # Eat the exception and move forward as the above code is an attempt + # at resolving the DefaultProxy that may not have been a problem. + $ProxyAddress = $null + Say-Verbose("Exception ignored: $_.Exception.Message - moving forward...") + } + } + + $HttpClientHandler = New-Object System.Net.Http.HttpClientHandler + if ($ProxyAddress) { + $HttpClientHandler.Proxy = New-Object System.Net.WebProxy -Property @{ + Address=$ProxyAddress; + UseDefaultCredentials=$ProxyUseDefaultCredentials; + BypassList = $ProxyBypassList; + } + } + if ($DisableRedirect) { + $HttpClientHandler.AllowAutoRedirect = $false + } + $HttpClient = New-Object System.Net.Http.HttpClient -ArgumentList $HttpClientHandler + + # Default timeout for HttpClient is 100s. For a 50 MB download this assumes 500 KB/s average, any less will time out + # Defaulting to 20 minutes allows it to work over much slower connections. + $HttpClient.Timeout = New-TimeSpan -Seconds $DownloadTimeout + + if ($HeaderOnly){ + $completionOption = [System.Net.Http.HttpCompletionOption]::ResponseHeadersRead + } + else { + $completionOption = [System.Net.Http.HttpCompletionOption]::ResponseContentRead + } + + $Task = $HttpClient.GetAsync("$Uri", $completionOption).ConfigureAwait("false"); + $Response = $Task.GetAwaiter().GetResult(); + + if (($null -eq $Response) -or ((-not $HeaderOnly) -and (-not ($Response.IsSuccessStatusCode)))) { + # The feed credential is potentially sensitive info. Do not log FeedCredential to console output. + $DownloadException = [System.Exception] "Unable to download $Uri." + + if ($null -ne $Response) { + $DownloadException.Data["StatusCode"] = [int] $Response.StatusCode + $DownloadException.Data["ErrorMessage"] = "Unable to download $Uri. Returned HTTP status code: " + $DownloadException.Data["StatusCode"] + + if (404 -eq [int] $Response.StatusCode) { + $cts.Cancel() + } + } + + throw $DownloadException + } + + return $Response + } + catch [System.Net.Http.HttpRequestException] { + $DownloadException = [System.Exception] "Unable to download $Uri." + + # Pick up the exception message and inner exceptions' messages if they exist + $CurrentException = $PSItem.Exception + $ErrorMsg = $CurrentException.Message + "`r`n" + while ($CurrentException.InnerException) { + $CurrentException = $CurrentException.InnerException + $ErrorMsg += $CurrentException.Message + "`r`n" + } + + # Check if there is an issue concerning TLS. + if ($ErrorMsg -like "*SSL/TLS*") { + $ErrorMsg += "Ensure that TLS 1.2 or higher is enabled to use this script.`r`n" + } + + $DownloadException.Data["ErrorMessage"] = $ErrorMsg + throw $DownloadException + } + finally { + if ($null -ne $HttpClient) { + $HttpClient.Dispose() + } + } + } + + try { + return Invoke-With-Retry $downloadScript $cts.Token + } + finally { + if ($null -ne $cts) { + $cts.Dispose() + } + } +} + +function Resolve-Installation-Path([string]$InstallDir) { + Say-Invocation $MyInvocation + + if ($InstallDir -eq "") { + $Dir = Join-Path -Path ([Environment]::GetFolderPath('LocalApplicationData')) -ChildPath "microsoft-go" + if ($OS -ne "" -or $Architecture -ne "") { + $Dir = Join-Path -Path $Dir -ChildPath "$($CLIOS)_$CLIArchitecture" + } + return $Dir + } + return $InstallDir +} + +function Resolve-Versioned-Installation-Path([string]$InstallRoot, [string]$SpecificVersion) { + Say-Invocation $MyInvocation + + return Join-Path -Path $InstallRoot -ChildPath "go$SpecificVersion" +} + +function Is-ToolsetInstalled([string]$InstallRoot, [string]$SpecificVersion) { + Say-Invocation $MyInvocation + + $GoToolsetPath = Resolve-Versioned-Installation-Path $InstallRoot $SpecificVersion + $GoBinPath = (Join-Path $GoToolsetPath "bin") + Say-Verbose "Is-ToolsetInstalled: GoToolsetPath=$GoToolsetPath" + # A few basic checks to see if a likely usable toolset is installed. + # If these fail, it will be reinstalled. + return (Test-Path $GoToolsetPath -PathType Container) -and + ( + (Test-Path (Join-Path $GoBinPath "go") -PathType Leaf) -or + (Test-Path (Join-Path $GoBinPath "go.exe") -PathType Leaf) + ) +} + +function Get-Absolute-Path([string]$RelativeOrAbsolutePath) { + # Too much spam + # Say-Invocation $MyInvocation + + return $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath($RelativeOrAbsolutePath) +} + +function Extract-Zip([string]$ArchivePath, [string]$OutPath) { + Say-Invocation $MyInvocation + + Load-Assembly -Assembly System.IO.Compression.FileSystem + [System.IO.Compression.ZipFile]::ExtractToDirectory($ArchivePath, $OutPath) +} + +function Extract-TarGz([string]$ArchivePath, [string]$OutPath) { + Say-Invocation $MyInvocation + + if (-not (Test-Path $OutPath)) { + New-Item -ItemType Directory -Force -Path $OutPath + } + + try { + & tar -C $OutPath -xzf $ArchivePath + if ($LASTEXITCODE -ne 0) { + throw "tar exit code: $LASTEXITCODE" + } + } + catch { + throw "Failed to extract the tar.gz archive `"$ArchivePath`". Error: $_" + } +} + +function Extract-ToolsetArchive([string]$ArchivePath, [string]$InstallRoot, [string]$SpecificVersion) { + Say-Invocation $MyInvocation + + $GoRootPath = Resolve-Versioned-Installation-Path $InstallRoot $SpecificVersion + # First extract to a temporary directory to avoid partial extraction to the final location. This + # makes it so rerunning the script fixes a problem in case of an interruption. Don't use + # systemwide temp directory because Move-Item from there has been observed to fail on Linux. + $TempGoExtractDir = Join-Path $InstallRoot ".tmp-extract" + $TempGoRootPath = Resolve-Versioned-Installation-Path $TempGoExtractDir $SpecificVersion + + # Clean up directories from a previous attempt. + if (Test-Path $GoRootPath) { + Remove-Item $GoRootPath -Recurse -Force + } + if (Test-Path $TempGoExtractDir) { + Remove-Item $TempGoExtractDir -Recurse -Force + } + if (Test-Path $TempGoRootPath) { + Remove-Item $TempGoRootPath -Recurse -Force + } + + try { + switch ([System.IO.Path]::GetExtension($ArchivePath).ToLowerInvariant()) { + ".zip" { Extract-Zip $ArchivePath $TempGoRootPath } + ".gz" { Extract-TarGz $ArchivePath $TempGoRootPath } + default { throw "Unsupported archive type: $ArchivePath" } + } + + # Move contents of inner "go" dir to the output path to avoid unwanted extra dir. + Move-Item (Join-Path $TempGoRootPath "go") $GoRootPath + + $GoRootPath = "" + } + finally { + if ($GoRootPath -ne "" -and (Test-Path $GoRootPath)) { + Remove-Item $GoRootPath -Recurse -Force + } + if (Test-Path $TempGoExtractDir) { + Remove-Item $TempGoExtractDir -Recurse -Force + } + if (Test-Path $TempGoRootPath) { + Remove-Item $TempGoRootPath -Recurse -Force + } + } +} + +function DownloadJson([string]$Source) { + $Text = DownloadString $Source + + try { + return ConvertFrom-Json $Text + } + catch { + Say-Verbose "Failed to parse the JSON response from '$Source': $Text" + throw $_ + } +} + +function DownloadString([string]$Source) { + $Stream = $null + $Reader = $null + + # To make sure errors are accurate and useful, attempt to get the target first. This prevents a + # situation where we succesfully download bing.com after a failed redirect, try to parse the + # HTML as JSON, and present a confusing error message. + if ($Source -like "https://aka.ms/*") { + $DirectSource = Get-AkaMSRedirectTarget $Source + if (!$DirectSource) { + throw "Failed to aka.ms redirect for URL: $Source" + } + $Source = $DirectSource + } + + try { + $Response = GetHTTPResponse -Uri $Source + $Stream = $Response.Content.ReadAsStreamAsync().Result + $Reader = New-Object System.IO.StreamReader($Stream) + return $Reader.ReadToEnd() + } + finally { + if ($null -ne $Stream) { + $Stream.Dispose() + } + if ($null -ne $Reader) { + $Reader.Dispose() + } + } +} + +function DownloadFile($Source, [string]$OutPath) { + if ($Source -notlike "http*") { + # Using System.IO.Path.GetFullPath to get the current directory + # does not work in this context - $pwd gives the current directory + if (![System.IO.Path]::IsPathRooted($Source)) { + $Source = $(Join-Path -Path $pwd -ChildPath $Source) + } + $Source = Get-Absolute-Path $Source + Say "Copying file from $Source to $OutPath" + Copy-Item $Source $OutPath + return + } + + $Stream = $null + + try { + $Response = GetHTTPResponse -Uri $Source + $Stream = $Response.Content.ReadAsStreamAsync().Result + $File = [System.IO.File]::Create($OutPath) + $Stream.CopyTo($File) + $File.Close() + + ValidateRemoteLocalFileSizes -LocalFileOutPath $OutPath -SourceUri $Source + } + finally { + if ($null -ne $Stream) { + $Stream.Dispose() + } + } +} + +function ValidateRemoteLocalFileSizes([string]$LocalFileOutPath, $SourceUri) { + try { + $remoteFileSize = Get-Remote-File-Size -zipUri $SourceUri + $fileSize = [long](Get-Item $LocalFileOutPath).Length + Say "Downloaded file $SourceUri size is $fileSize bytes." + + if ((![string]::IsNullOrEmpty($remoteFileSize)) -and !([string]::IsNullOrEmpty($fileSize)) ) { + if ($remoteFileSize -ne $fileSize) { + Say "The remote and local file sizes are not equal. Remote file size is $remoteFileSize bytes and local size is $fileSize bytes. The local package may be corrupted." + } + else { + Say "The remote and local file sizes are equal." + } + } + else { + Say "Either downloaded or local package size can not be measured. One of them may be corrupted." + } + } + catch { + Say "Either downloaded or local package size can not be measured. One of them may be corrupted." + } +} + +function Remove-FileSafely($Path) { + try { + if (Test-Path $Path) { + Remove-Item $Path + Say-Verbose "The temporary file `"$Path`" was removed." + } + else { + Say-Verbose "The temporary file `"$Path`" does not exist, therefore is not removed." + } + } + catch { + Say-Warning "Failed to remove the temporary file: `"$Path`", remove it manually." + } +} + +function Prepend-ToolsetPathEnv([string]$InstallRoot, [string]$SpecificVersion) { + Say-Invocation $MyInvocation + + $GoRootPath = Resolve-Versioned-Installation-Path $InstallRoot $SpecificVersion + $BinPath = Get-Absolute-Path (Join-Path -Path $GoRootPath -ChildPath "bin") + + if (-Not $NoPath) { + $SuffixedBinPath = $BinPath + [System.IO.Path]::PathSeparator + if (-Not $env:PATH.Contains($SuffixedBinPath)) { + Say "Adding to current process PATH: $BinPath" + Say "Note: This change will not be visible if PowerShell was run as a child process." + $env:PATH = $SuffixedBinPath + $env:PATH + Say-Verbose "The current process PATH is now `"$env:PATH`"." + } + else { + Say "Current process PATH already contains `"$BinPath`"" + } + } + else { + Say "Binaries can be found in $BinPath" + } + + if ($AzurePipelinePath) { + Say "Running an Azure Pipelines logging command to prepend `"$BinPath`" to the PATH." + Say "##vso[task.prependpath]$BinPath" + } +} + +function PrintDryRunOutput($Invocation) { + $RepeatableCommand = ".\$ScriptName -Version `"go$SpecificVersion`" -InstallDir `"$InstallRoot`" -OS `"$CLIOS`" -Architecture `"$CLIArchitecture`"" + + foreach ($key in $Invocation.BoundParameters.Keys) { + if (-not (@("Version","InstallDir","OS","Architecture","DryRun") -contains $key)) { + $RepeatableCommand+=" -$key `"$($Invocation.BoundParameters[$key])`"" + } + } + Say "Repeatable invocation: $RepeatableCommand" +} + +function Get-AkaMSRedirectTarget([string] $akaMsLink) { + $akaMsDownloadLink=$null + + for ($maxRedirections = 9; $maxRedirections -ge 0; $maxRedirections--) + { + #get HTTP response + #do not pass credentials as a part of the $akaMsLink and do not apply credentials in the GetHTTPResponse function + #otherwise the redirect link would have credentials as well + #it would result in applying credentials twice to the resulting link and thus breaking it, and in echoing credentials to the output as a part of redirect link + $Response= GetHTTPResponse -Uri $akaMsLink -HeaderOnly $true -DisableRedirect $true -DisableFeedCredential $true + Say-Verbose "Received response:`n$Response" + + if ([string]::IsNullOrEmpty($Response)) { + Say-Verbose "The link '$akaMsLink' is not valid: failed to get redirect location. The resource is not available." + return $null + } + + #if HTTP code is 301 (Moved Permanently), the redirect link exists + if ($Response.StatusCode -eq 301) + { + try { + $akaMsDownloadLink = $Response.Headers.GetValues("Location")[0] + + if ([string]::IsNullOrEmpty($akaMsDownloadLink)) { + Say-Verbose "The link '$akaMsLink' is not valid: server returned 301 (Moved Permanently), but the headers do not contain the redirect location." + return $null + } + + Say-Verbose "The redirect location retrieved: '$akaMsDownloadLink'." + # This may yet be a link to another redirection. Attempt to retrieve the page again. + $akaMsLink = $akaMsDownloadLink + continue + } + catch { + Say-Verbose "The link '$akaMsLink' is not valid: failed to get redirect location." + return $null + } + } + elseif ((($Response.StatusCode -lt 300) -or ($Response.StatusCode -ge 400)) -and (-not [string]::IsNullOrEmpty($akaMsDownloadLink))) + { + # Redirections have ended. + return $akaMsDownloadLink + } + + Say-Verbose "The link '$akaMsLink' is not valid: failed to retrieve the redirection location." + return $null + } + + Say-Verbose "Aka.ms links have redirected more than the maximum allowed redirections. This may be caused by a cyclic redirection of aka.ms links." + return $null +} + +# Strict mode means attempting to access a JSON key that doesn't exist fails harshly. +# This utility helps make JSON access a bit more concise under those rules. +# https://github.com/PowerShell/PowerShell/issues/10875 +function Get-OrNull($Target, $Property) { + if ($Target -and $Target.PSObject.Properties[$Property]) { + return $Target.PSObject.Properties[$Property].Value + } + return $null +} + +function Get-AssetInformation([string]$NormalizedVersion, [string]$OS, [string]$Architecture) { + Say-Invocation $MyInvocation + + #construct aka.ms link like "https://aka.ms/golang/release/latest/go1.23.assets.json" + $AkaMsLink = "https://aka.ms/golang/release/latest" + $AkaMsLink +="/$NormalizedVersion.assets.json" + Say-Verbose "Constructed assets.json aka.ms link: '$AkaMsLink'." + + $Assets = DownloadJson $AkaMsLink + $MatchingArches = @($Assets.arches | Where-Object { + $Env = Get-OrNull $_ 'env' + return (Get-OrNull $Env 'GOOS') -eq $OS -and + (Get-OrNull $Env 'GOARCH') -eq $Architecture + }) + + foreach ($arch in $MatchingArches) { + Say-Verbose "Matching env '$($arch.env)'." + } + + if ($MatchingArches.Count -ne 1) { + throw "Failed to find exactly one matching asset for OS '$OS' and architecture '$Architecture'." + } + + return ($MatchingArches[0], $Assets.version) +} + +function Prepare-Install-Directory { + New-Item -ItemType Directory -Force -Path $InstallRoot | Out-Null +} + +# The following marker is used by microsoft/go-infra tests to insert more logic that runs before any +# installation happens and may stop the script before installation. This allows unit testing without +# adding additional inputs and complexity only used by tests. + +# [END OF FUNCTIONS] + +if ($Help) { + Get-Help $PSCommandPath -Examples + exit +} + +Say "Microsoft Go Install Script version $MicrosoftGoInstallScriptVersion" + +Say-Verbose "Note that the intended use of this script is for Continuous Integration (CI) scenarios, where:" +Say-Verbose "- The toolset needs to be installed without user interaction and without admin rights." +Say-Verbose "- The toolset installation doesn't need to persist across multiple CI runs." +Say-Verbose "Visit https://github.com/microsoft/go for a list of other ways to install Microsoft Go.`r`n" + +Measure-Action "Product discovery" { + $script:CLIArchitecture = Get-CLIArchitecture-From-Architecture $Architecture + $script:CLIOS = Get-CLIOS-From-OS $OS + $script:NormalizedVersion = Get-NormalizedVersion $Version + Say-Verbose "Normalized version: '$NormalizedVersion'" +} + +if ($ArchivePath -eq "") { + $ArchivePath = Get-GeneratedArchivePath $CLIOS + Say-Verbose "Generated archive path: $ArchivePath" +} + +$InstallRoot = Resolve-Installation-Path $InstallDir +Say-Verbose "InstallRoot: $InstallRoot" + +$ScriptName = $MyInvocation.MyCommand.Name + +Say "Fetching information for version '$Version'." +($Arch, $SpecificVersion) = Get-AssetInformation $NormalizedVersion $CLIOS $CLIArchitecture + +$DownloadLink = $Arch.url +Say-Verbose "Found download link $DownloadLink with version $SpecificVersion" + +if (-Not $DryRun) { + Say-Verbose "Checking if the version $SpecificVersion is already installed" + if (Is-ToolsetInstalled -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion) { + Say "Microsoft Go version '$SpecificVersion' is already installed." + Measure-Action "Setting up shell environment" { Prepend-ToolsetPathEnv -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion } + return + } +} + +if ($DryRun) { + PrintDryRunOutput $MyInvocation + return +} + +Measure-Action "Installation directory preparation" { Prepare-Install-Directory } + +Say-Verbose "Zip path: $ArchivePath" + +Say-Verbose "Downloading link $DownloadLink" + +try { + Measure-Action "Package download" { DownloadFile -Source $DownloadLink -OutPath $ArchivePath } + Say-Verbose "Download succeeded." +} +catch { + $StatusCode = $null + $ErrorMessage = $null + + if ($PSItem.Exception.Data.Contains("StatusCode")) { + $StatusCode = $PSItem.Exception.Data["StatusCode"] + } + + if ($PSItem.Exception.Data.Contains("ErrorMessage")) { + $ErrorMessage = $PSItem.Exception.Data["ErrorMessage"] + } else { + $ErrorMessage = $PSItem.Exception.Message + } + + if (-not $KeepArchive) { + Remove-FileSafely -Path $ArchivePath + } + + throw "Downloading has failed with error:`nUri: $DownloadLink`nStatusCode: $StatusCode`nError: $ErrorMessage" +} + +Say "Extracting the archive." +Measure-Action "Archive extraction" { Extract-ToolsetArchive -ArchivePath $ArchivePath -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion } + +Say-Verbose "Checking installation: version = $SpecificVersion" +$isAssetInstalled = Is-ToolsetInstalled -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion + +# Version verification failed. More likely something is wrong either with the downloaded content or with the verification algorithm. +if (!$isAssetInstalled) { + Say-Error "Failed to verify that the toolset was installed.`nInstallation source: $DownloadLink.`nInstallation location: $InstallRoot.`nReport the bug at https://github.com/microsoft/go/issues." + throw "Toolset with version $SpecificVersion failed to install with an unknown error." +} + +if (-not $KeepArchive) { + Remove-FileSafely -Path $ArchivePath +} + +Measure-Action "Setting up environment PATH to find 'go' command" { Prepend-ToolsetPathEnv -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion } + +Say "Installed version is $SpecificVersion" +Say "Installation finished" diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 1908c85092a..897bab5c0ff 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -4,10 +4,11 @@ module github.com/microsoft/go/_util -go 1.21 +go 1.22.0 require ( github.com/microsoft/go-infra v0.0.5 + github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 golang.org/x/sys v0.27.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 428da6543f9..47684ef2a2e 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -29,6 +29,8 @@ github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHS github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/microsoft/go-infra v0.0.5 h1:2vfRe5hJUwJvnXcHDJiv/gqE0XIqCHnwXBFxXRm5+SI= github.com/microsoft/go-infra v0.0.5/go.mod h1:abvc0FBd6VZIdqeJEgo3+SDIE3wSbjpvPhRZ0i21pls= +github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 h1:i/EXV3vFmJ6UYZ8a4fM2ssKlvSstxvJfiUHau81iNZE= +github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67/go.mod h1:SFsdKAEHdmGsGoh8FkksVaxoQ3rnnJ/TBqN09Ml/0Cw= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= diff --git a/eng/_util/tools/installscript_test.go b/eng/_util/tools/installscript_test.go new file mode 100644 index 00000000000..18cc6ec90dd --- /dev/null +++ b/eng/_util/tools/installscript_test.go @@ -0,0 +1,21 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package testutil + +import ( + "os/exec" + "testing" +) + +func TestInstallScriptUpToDate(t *testing.T) { + cmd := exec.Command("go", "run", "github.com/microsoft/go-infra/goinstallscript", "-check") + cmd.Dir = ".." + out, err := cmd.CombinedOutput() + if err != nil { + t.Errorf("goinstallscript is not up to date: %v, %v", string(out), err) + t.Errorf("To update, in eng/_util, run: go run github.com/microsoft/go-infra/goinstallscript") + t.Fail() + } +} diff --git a/eng/_util/tools/tools.go b/eng/_util/tools/tools.go new file mode 100644 index 00000000000..1bb08dabc44 --- /dev/null +++ b/eng/_util/tools/tools.go @@ -0,0 +1,11 @@ +// Copyright (c) Microsoft Corporation. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build tools + +package tools + +import ( + _ "github.com/microsoft/go-infra/goinstallscript/powershell" +) diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index 34918364cbb..3a5d7af9612 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -94,6 +94,11 @@ stages: - name: MS_GO_UTIL_ALLOW_ONLY_MINIMAL_DEPS value: '1' + # On darwin (macOS) we haven't released a Microsoft Go toolchain. + - ${{ if eq(parameters.builder.os, 'darwin') }}: + - name: MS_USE_PATH_GO + value: '1' + - ${{ if eq(parameters.builder.config, 'codeql_inner') }}: # Manually specify the repository being scanned by this job because # CodeQL can't detect the inner repository (the submodule) @@ -144,10 +149,16 @@ stages: # Initialize stage 0 toolset ahead of time so we can track timing data separately from the # build operations. When we call this script again later, it won't download Go again. - - pwsh: | - . eng/utilities.ps1 - Get-Stage0GoRoot - displayName: Init stage 0 Go toolset + - ${{ if eq(parameters.builder.os, 'darwin') }}: + - task: GoTool@0 + inputs: + version: '1.23.3' + displayName: Init upstream stage 0 Go toolset + - ${{ else }}: + - pwsh: | + . eng/utilities.ps1 + Download-Stage0 + displayName: Init stage 0 Go toolset - template: ../steps/init-submodule-task.yml diff --git a/eng/run.ps1 b/eng/run.ps1 index 07d3c9fa7dd..d3cebeafba8 100644 --- a/eng/run.ps1 +++ b/eng/run.ps1 @@ -15,9 +15,12 @@ For example, to build the repository: To list all possible tools: run.ps1 -Builds 'eng/_util/cmd//.go' and runs it using the list of -arguments. If necessary, this command automatically installs Go and downloads -the dependencies of the tool. +Builds 'eng/_util/cmd//.go' and runs it using the list of arguments. + +This command automatically installs a known version of Microsoft Go that will be +used to build the tools. The known version of Go will also be used to build the +Go source code, if it's built. Set environment variable "MS_USE_PATH_GO" to 1 to +your own Go from PATH instead. Every tool accepts a '-h' argument to show tool usage help. #> @@ -79,8 +82,20 @@ if (-not ($tool_source -is [System.IO.FileInfo])) { # Now that we have a single result, navigate upwards to see which module it's in. $tool_module = $tool_source.Directory.Parent.Parent.FullName -# Get (downloading if necessary) the GOROOT directory of a stage 0 Go. -$stage0_goroot = Get-Stage0GoRoot +# Download a consistent stage 0 version of Go unless opted out. +if ($env:MS_USE_PATH_GO -eq "1") { + try { + Write-Host "Using $(go version) from '$(go env GOROOT)'. Results may differ from CI environment." + } catch { + Write-Host "Error: 'go' is most likely not in PATH. To download the known version, set 'MS_USE_PATH_GO' to '0' or unset it, then try again." + Write-Host "Exception: $_" + exit 1 + } +} else { + Download-Stage0 +} + +$stage0_goroot = & go env GOROOT # The tool may need to know where our copy of Go is located. Save it in env to give it access. Don't # pass it to the tool as an arg, becuase that would complicate arg handling in each tool. diff --git a/eng/utilities.ps1 b/eng/utilities.ps1 index 784074727e7..a6929ec1ebf 100644 --- a/eng/utilities.ps1 +++ b/eng/utilities.ps1 @@ -19,103 +19,16 @@ if ($host.Version.Major -lt 6) { throw "Missing prerequisites; see logs above for details." } -function Get-Stage0GoRoot() { +function Download-Stage0() { # We need Go installed in order to build Go, but our common build environment doesn't have it - # pre-installed. This CI script installs a consistent, official version of Go to a directory in - # $HOME to handle this. This also makes it easier to locally repro issues in CI that involve a + # pre-installed (or the right version pre-installed). This CI script installs a consistent version + # of Go to handle this. This also makes it easier to locally repro issues in CI that involve a # specific version of Go. The downloaded copy of Go is called the "stage 0" version. - $stage0_go_version = '1.22.6' + $stage0_go_version = 'go1.23.3-1' - $proc_arch = ([System.Runtime.InteropServices.RuntimeInformation]::ProcessArchitecture).ToString().ToLowerInvariant() - if ($IsWindows) { - switch ($proc_arch) { - 'x64' { - $stage0_go_sha256 = '6023083a6e4d3199b44c37e9ba7b25d9674da20fd846a35ee5f9589d81c21a6a' - $stage0_go_suffix = 'windows-amd64.zip' - } - 'arm64' { - $stage0_go_sha256 = '7cf55f357ba8116cd3bff992980e20a704ba451b3dab341cf1787b133d900512' - $stage0_go_suffix = 'windows-arm64.zip' - } - Default { throw "Unable to match Windows '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } - } - } elseif ($IsLinux) { - switch ($proc_arch) { - 'x64' { - $stage0_go_sha256 = '999805bed7d9039ec3da1a53bfbcafc13e367da52aa823cb60b68ba22d44c616' - $stage0_go_suffix = 'linux-amd64.tar.gz' - } - 'arm64' { - $stage0_go_sha256 = 'c15fa895341b8eaf7f219fada25c36a610eb042985dc1a912410c1c90098eaf2' - $stage0_go_suffix = 'linux-arm64.tar.gz' - } - Default { throw "Unable to match Linux '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } - } - } elseif ($IsMacOS) { - switch ($proc_arch) { - 'x64' { - $stage0_go_sha256 = '9c3c0124b01b5365f73a1489649f78f971ecf84844ad9ca58fde133096ddb61b' - $stage0_go_suffix = 'darwin-amd64.tar.gz' - } - 'arm64' { - $stage0_go_sha256 = 'ebac39fd44fc22feed1bb519af431c84c55776e39b30f4fd62930da9c0cfd1e3' - $stage0_go_suffix = 'darwin-arm64.tar.gz' - } - Default { throw "Unable to match macOS '$proc_arch' to an architecture supported by the Microsoft scripts to build Go." } - } - } else { - throw "Current OS/Platform is not supported by the Microsoft scripts to build Go." - } - $stage0_url = "https://golang.org/dl/go${stage0_go_version}.${stage0_go_suffix}" - - # Ideally we could set up stage 0 inside the repository, rather than - # userprofile. Tracked by: https://github.com/microsoft/go/issues/12 - $stage0_dir = Join-Path $HOME ".go-stage-0" $stage0_go_version - - # A file that indicates that this version of the stage 0 Go toolset has already been installed. - $download_complete_indicator = Join-Path $stage0_dir ".downloaded-$stage0_go_sha256" - - if (-not (Test-Path $download_complete_indicator -PathType Leaf)) { - Write-Host "Downloading stage 0 Go compiler and extracting to '$stage0_dir' ..." - - # Clear existing stage0 dir in case it's in a broken state. - Remove-Item -Recurse -Force $stage0_dir -ErrorAction Ignore - New-Item -ItemType Directory $stage0_dir | Out-Null - - $go_tarball = Join-Path $stage0_dir "go.$stage0_go_suffix" - - Write-Host "Downloading from '$stage0_url' to '$go_tarball'..." - Invoke-WithRetry -MaxAttempts 5 { - (New-Object System.Net.WebClient).DownloadFile($stage0_url, $go_tarball) - } - - Write-Host "Comparing checksum..." - $actual_hash = (Get-FileHash $go_tarball -Algorithm SHA256).Hash.ToLowerInvariant() - if ($actual_hash -ne $stage0_go_sha256) { - Write-Host "" - Write-Host "Error: hash of downloaded file '$go_tarball' doesn't match expected value:" - Write-Host "Actual: $actual_hash" - Write-Host "Expected: $stage0_go_sha256" - Write-Host "Visit https://golang.org/dl/ to see the list of expected hashes." - - throw "Checksum mismatch. See logs above for details." - } - - Write-Host "Extracting '$go_tarball' to '$stage0_dir'..." - if ($go_tarball.EndsWith(".zip")) { - Extract-Zip $go_tarball $stage0_dir - } elseif ($go_tarball.EndsWith(".tar.gz")) { - Extract-TarGz $go_tarball $stage0_dir - } - Remove-Item "$go_tarball" - - New-Item -ItemType File "$download_complete_indicator" | Out-Null - - Write-Host "Done extracting stage 0 Go compiler to '$stage0_dir'" - } - - # Return GOROOT: contains "bin/go". - return Join-Path $stage0_dir "go" + # Source the install script so that we can use the PATH it assigns. + $installScriptPath = Join-Path $PSScriptRoot "_util" "go-install.ps1" + . $installScriptPath -Version $stage0_go_version } # Copied from https://github.com/dotnet/install-scripts/blob/49d5da7f7d313aa65d24fe95cc29767faef553fd/src/dotnet-install.ps1#L180-L197 From 12a4904dc794363bccf22437179d8d6b67c8e3d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Nov 2024 14:27:54 -0800 Subject: [PATCH 097/887] Bump github/codeql-action from 3.27.3 to 3.27.4 (#1403) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.3 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/396bb3e45325a47dd9ef434068033c6d5bb0d11a...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 4492648243e..86cc16d6f26 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 + uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 + uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3 + uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: category: /language:go From 7dda3365540e36f431a5bb40ffb16d57c0d45d02 Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 18 Nov 2024 11:29:25 +0000 Subject: [PATCH 098/887] fix:move go mod and go sum to patch 0005 --- patches/0005-Add-CNG-crypto-backend.patch | 10 +- patches/0006-Vendor-crypto-backends.patch | 66 ++++---- patches/0015-Add-crypto-dsa-support.patch | 37 ----- patches/0016-Vendor-crypto-dsa-backends.patch | 149 ------------------ 4 files changed, 35 insertions(+), 227 deletions(-) delete mode 100644 patches/0015-Add-crypto-dsa-support.patch delete mode 100644 patches/0016-Vendor-crypto-dsa-backends.patch diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 6d2c8dc7f27..adac4e6644f 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -691,26 +691,26 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 12d8c8f4f97321..39d84e4165d654 100644 +index 12d8c8f4f97321..8a95b6f65c63ef 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 require ( github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 4c3ca847c21cd2..116a769b257e34 100644 +index 4c3ca847c21cd2..54c859b46edd1c 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 836f665e30a..43db9981ab9 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -50,12 +50,12 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../microsoft/go-crypto-winnative/cng/big.go | 30 + .../go-crypto-winnative/cng/cipher.go | 52 + .../microsoft/go-crypto-winnative/cng/cng.go | 131 +++ - .../microsoft/go-crypto-winnative/cng/des.go | 107 ++ + .../microsoft/go-crypto-winnative/cng/des.go | 106 ++ .../microsoft/go-crypto-winnative/cng/dsa.go | 469 ++++++++ .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 ++++ .../go-crypto-winnative/cng/ecdsa.go | 169 +++ - .../microsoft/go-crypto-winnative/cng/hash.go | 316 +++++ - .../microsoft/go-crypto-winnative/cng/hkdf.go | 175 +++ + .../microsoft/go-crypto-winnative/cng/hash.go | 306 +++++ + .../microsoft/go-crypto-winnative/cng/hkdf.go | 180 +++ .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ .../go-crypto-winnative/cng/pbkdf2.go | 70 ++ @@ -68,7 +68,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 63 files changed, 10964 insertions(+) + 63 files changed, 10958 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -7491,7 +7491,7 @@ index 00000000000000..9e841e7a26e4eb + SOFTWARE diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go new file mode 100644 -index 00000000000000..caac632894556e +index 00000000000000..097a0fc77f0adb --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go @@ -0,0 +1,393 @@ @@ -7504,6 +7504,7 @@ index 00000000000000..caac632894556e +package cng + +import ( ++ "bytes" + "crypto/cipher" + "errors" + "runtime" @@ -7525,8 +7526,7 @@ index 00000000000000..caac632894556e + if err != nil { + return nil, err + } -+ c := &aesCipher{kh: kh, key: make([]byte, len(key))} -+ copy(c.key, key) ++ c := &aesCipher{kh: kh, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*aesCipher).finalize) + return c, nil +} @@ -8158,10 +8158,10 @@ index 00000000000000..d1916f94a0a76d +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go new file mode 100644 -index 00000000000000..b0784affba0aa4 +index 00000000000000..de3f05b84f1d82 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -@@ -0,0 +1,107 @@ +@@ -0,0 +1,106 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8171,6 +8171,7 @@ index 00000000000000..b0784affba0aa4 +package cng + +import ( ++ "bytes" + "crypto/cipher" + "runtime" + @@ -8191,8 +8192,7 @@ index 00000000000000..b0784affba0aa4 + if err != nil { + return nil, err + } -+ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))} -+ copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil +} @@ -8202,8 +8202,7 @@ index 00000000000000..b0784affba0aa4 + if err != nil { + return nil, err + } -+ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))} -+ copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil +} @@ -9182,10 +9181,10 @@ index 00000000000000..586e9ae2ebb0c9 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go new file mode 100644 -index 00000000000000..c4f01e17dd4ca1 +index 00000000000000..87b1c95dc7f911 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -0,0 +1,316 @@ +@@ -0,0 +1,306 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9195,6 +9194,7 @@ index 00000000000000..c4f01e17dd4ca1 +package cng + +import ( ++ "bytes" + "crypto" + "hash" + "runtime" @@ -9382,12 +9382,7 @@ index 00000000000000..c4f01e17dd4ca1 + if err != nil { + panic(err) + } -+ h := new(hashX) -+ h.alg = alg -+ if len(key) > 0 { -+ h.key = make([]byte, len(key)) -+ copy(h.key, key) -+ } ++ h := &hashX{alg: alg, key: bytes.Clone(key)} + // Don't allocate hx.buf nor call bcrypt.CreateHash yet, + // which would be wasteful if the caller only wants to know + // the hash type. This is a common pattern in this package, @@ -9415,13 +9410,7 @@ index 00000000000000..c4f01e17dd4ca1 +} + +func (h *hashX) Clone() (hash.Hash, error) { -+ h2 := &hashX{ -+ alg: h.alg, -+ } -+ if h.key != nil { -+ h2.key = make([]byte, len(h.key)) -+ copy(h2.key, h.key) -+ } ++ h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} + err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { + return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) + }) @@ -9504,10 +9493,10 @@ index 00000000000000..c4f01e17dd4ca1 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go new file mode 100644 -index 00000000000000..655926ef635224 +index 00000000000000..5338fb5c7b187c --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -@@ -0,0 +1,175 @@ +@@ -0,0 +1,180 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9666,14 +9655,19 @@ index 00000000000000..655926ef635224 + return nil, errors.New("cng: unknown key data blob version") + } + // KEY_DATA_BLOB_VERSION1 format is: -+ // cbHash uint32 // Big-endian -+ // hashName [cbHash]byte ++ // cbHashName uint32 // Big-endian ++ // pHashName [cbHash]byte + // key []byte // Rest of the blob + if len(blob) < 4 { + return nil, errors.New("cng: exported key is corrupted") + } -+ hashLength := binary.BigEndian.Uint32(blob[:]) -+ return blob[4+hashLength:], nil ++ cbHashName := binary.BigEndian.Uint32(blob) ++ blob = blob[4:] ++ if len(blob) < int(cbHashName) { ++ return nil, errors.New("cng: exported key is corrupted") ++ } ++ // Skip pHashName. ++ return blob[cbHashName:], nil +} + +func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { @@ -11461,7 +11455,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index cf5c0b83c9eeef..be1319fc942882 100644 +index cf5c0b83c9eeef..7c9bf41ea0bc87 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -11469,7 +11463,7 @@ index cf5c0b83c9eeef..be1319fc942882 100644 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig diff --git a/patches/0015-Add-crypto-dsa-support.patch b/patches/0015-Add-crypto-dsa-support.patch deleted file mode 100644 index bc39e97c717..00000000000 --- a/patches/0015-Add-crypto-dsa-support.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: mertakman -Date: Thu, 14 Nov 2024 13:32:30 +0000 -Subject: [PATCH] Add crypto dsa support - ---- - src/go.mod | 2 +- - src/go.sum | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/go.mod b/src/go.mod -index 39d84e4165d654..8a95b6f65c63ef 100644 ---- a/src/go.mod -+++ b/src/go.mod -@@ -4,7 +4,7 @@ go 1.24 - - require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 -- github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd - ) -diff --git a/src/go.sum b/src/go.sum -index 116a769b257e34..54c859b46edd1c 100644 ---- a/src/go.sum -+++ b/src/go.sum -@@ -1,7 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= --github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= --github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0016-Vendor-crypto-dsa-backends.patch b/patches/0016-Vendor-crypto-dsa-backends.patch deleted file mode 100644 index 335b285d67e..00000000000 --- a/patches/0016-Vendor-crypto-dsa-backends.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: mertakman -Date: Thu, 14 Nov 2024 13:32:53 +0000 -Subject: [PATCH] Vendor crypto dsa backends - ---- - .../microsoft/go-crypto-winnative/cng/aes.go | 4 ++-- - .../microsoft/go-crypto-winnative/cng/des.go | 7 +++---- - .../microsoft/go-crypto-winnative/cng/hash.go | 16 +++------------- - .../microsoft/go-crypto-winnative/cng/hkdf.go | 13 +++++++++---- - src/vendor/modules.txt | 2 +- - 5 files changed, 18 insertions(+), 24 deletions(-) - -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -index caac632894556e..097a0fc77f0adb 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -@@ -7,6 +7,7 @@ - package cng - - import ( -+ "bytes" - "crypto/cipher" - "errors" - "runtime" -@@ -28,8 +29,7 @@ func NewAESCipher(key []byte) (cipher.Block, error) { - if err != nil { - return nil, err - } -- c := &aesCipher{kh: kh, key: make([]byte, len(key))} -- copy(c.key, key) -+ c := &aesCipher{kh: kh, key: bytes.Clone(key)} - runtime.SetFinalizer(c, (*aesCipher).finalize) - return c, nil - } -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -index b0784affba0aa4..de3f05b84f1d82 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -@@ -7,6 +7,7 @@ - package cng - - import ( -+ "bytes" - "crypto/cipher" - "runtime" - -@@ -27,8 +28,7 @@ func NewDESCipher(key []byte) (cipher.Block, error) { - if err != nil { - return nil, err - } -- c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))} -- copy(c.key, key) -+ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)} - runtime.SetFinalizer(c, (*desCipher).finalize) - return c, nil - } -@@ -38,8 +38,7 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { - if err != nil { - return nil, err - } -- c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))} -- copy(c.key, key) -+ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)} - runtime.SetFinalizer(c, (*desCipher).finalize) - return c, nil - } -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -index c4f01e17dd4ca1..87b1c95dc7f911 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -7,6 +7,7 @@ - package cng - - import ( -+ "bytes" - "crypto" - "hash" - "runtime" -@@ -194,12 +195,7 @@ func newHashX(id string, flag bcrypt.AlgorithmProviderFlags, key []byte) *hashX - if err != nil { - panic(err) - } -- h := new(hashX) -- h.alg = alg -- if len(key) > 0 { -- h.key = make([]byte, len(key)) -- copy(h.key, key) -- } -+ h := &hashX{alg: alg, key: bytes.Clone(key)} - // Don't allocate hx.buf nor call bcrypt.CreateHash yet, - // which would be wasteful if the caller only wants to know - // the hash type. This is a common pattern in this package, -@@ -227,13 +223,7 @@ func (h *hashX) withCtx(fn func(ctx bcrypt.HASH_HANDLE) error) error { - } - - func (h *hashX) Clone() (hash.Hash, error) { -- h2 := &hashX{ -- alg: h.alg, -- } -- if h.key != nil { -- h2.key = make([]byte, len(h.key)) -- copy(h2.key, h.key) -- } -+ h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} - err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { - return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) - }) -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -index 655926ef635224..5338fb5c7b187c 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -@@ -156,14 +156,19 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { - return nil, errors.New("cng: unknown key data blob version") - } - // KEY_DATA_BLOB_VERSION1 format is: -- // cbHash uint32 // Big-endian -- // hashName [cbHash]byte -+ // cbHashName uint32 // Big-endian -+ // pHashName [cbHash]byte - // key []byte // Rest of the blob - if len(blob) < 4 { - return nil, errors.New("cng: exported key is corrupted") - } -- hashLength := binary.BigEndian.Uint32(blob[:]) -- return blob[4+hashLength:], nil -+ cbHashName := binary.BigEndian.Uint32(blob) -+ blob = blob[4:] -+ if len(blob) < int(cbHashName) { -+ return nil, errors.New("cng: exported key is corrupted") -+ } -+ // Skip pHashName. -+ return blob[cbHashName:], nil - } - - func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index be1319fc942882..7c9bf41ea0bc87 100644 ---- a/src/vendor/modules.txt -+++ b/src/vendor/modules.txt -@@ -2,7 +2,7 @@ - ## explicit; go 1.22 - github.com/golang-fips/openssl/v2 - github.com/golang-fips/openssl/v2/bbig --# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 -+# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d - ## explicit; go 1.22 - github.com/microsoft/go-crypto-winnative/cng - github.com/microsoft/go-crypto-winnative/cng/bbig From 24554890030fff218cd741b8c758339fea8ded22 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 18 Nov 2024 13:49:15 +0100 Subject: [PATCH 099/887] Add initial version of the Developer Guide (#1402) * Add initial version of the Developer Guide * add TODO * Apply suggestions from code review Co-authored-by: Davis Goodin * expand developer guide * improve dev guide --------- Co-authored-by: Davis Goodin --- README.md | 2 + eng/doc/DeveloperGuide.md | 114 ++++++++++++++++++++++++++++++++++++++ eng/doc/README.md | 2 +- 3 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 eng/doc/DeveloperGuide.md diff --git a/README.md b/README.md index c3009378547..87cf443621f 100644 --- a/README.md +++ b/README.md @@ -138,6 +138,8 @@ This project has adopted the [Microsoft Open Source Code of Conduct](https://ope For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. +Please read the [Developer Guide](eng/doc/DeveloperGuide.md) for more information about contributing to this project. + ## Trademarks This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md new file mode 100644 index 00000000000..b82f332dab8 --- /dev/null +++ b/eng/doc/DeveloperGuide.md @@ -0,0 +1,114 @@ +# Developer Guide + +This document is a guide for developers who want to contribute to the Microsoft Go repository. +It explains how to build the repository, how to work with the Go submodule, and how to use the different tools that help maintain the repository. + +This guide is primarily intended for developers working for the Go team at Microsoft, but it can also be useful for external contributors. + +## Setting up the repository + +### Contributor License Agreement + +Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. +For details, visit https://cla.opensource.microsoft.com. + +### Install a Go toolchain + +A preexisting Go toolchain is required to bootstrap the build process. +You can use your system's package manager to install Go, or you can download it from the [official Go website](https://golang.org/dl/). +The only requirement is that the Go version is high enough for the bootstrap process. +If the version is too low, the bootstrap process will fail and ask you to install a newer version. + +This repository implements some scripts (provided by `eng/run.ps1`) to facilitate installing the correct bootstrapping Go version and also to build the Go toolchain from source, see the [`eng` Readme](../eng/README.md) for more information. +It is recommended that you get familiar with both the upstream Go build process and the scripts provided in this repository. + +### Install git and the git-go-patch command + +This repository heavily relies on advanced Git features to manage the Go submodule, so it is recommended to develop with a local clone of the repository rather than using the GitHub web interface. + +You will need to have Git installed on your system, either from your system's package manager or from the [official Git website](https://git-scm.com/downloads). + +The [`git-go-patch`](https://github.com/microsoft/go-infra/tree/main/cmd/git-go-patch) command is a tool that helps you manage the patches in the `go` submodule. + +To install the `git-go-patch` command, run the following command: + +``` +go install github.com/microsoft/go-infra/cmd/go-patch@latest +``` + +> [!NOTE] +> Make sure `git-go-patch` is accessible in your shell's `PATH` variable. +> You may need to add `$GOPATH/bin` to your `PATH`. Use `go env GOPATH` to locate it. + +Then, run the command to see the help documentation: + +``` +git go-patch -h +``` + +> [!NOTE] +> `git` detects that our `git-go-patch` executable starts with `git-` and makes it available as `git go-patch`. + +### Initialize the submodule and apply patches + +The repository uses a [Git submodule](https://git-scm.com/book/en/v2/Git-Tools-Submodules) named `go` to store the Go source code. +All the patches that modify the Go source code are stored in the [`patches`](../../patches) directory. + +To initialize the submodule and apply the patches, run the following command: + +``` +git go-patch apply +``` + +### Build the Go toolchain + +You now can edit the `go/src` directory as you would the upstream Go project. +[The upstream "Installing Go from source" instructions](https://go.dev/doc/install/source) apply to the `go` directory and can be used to build and test. + +In order to make changes to the standard library packages located in `go/src` you will first need to build to Go toolchain from the `go/src` directory itself using the following command: + +``` +cd go/src +./make.bash # or make.bat on Windows +``` + +> [!NOTE] +> Rebuilding the Go toolchain from source is not necessary for changes in the Go standard library, they are immediately reflected in any future `go build`, `go test`, or `go run` commands. +> However, if you are making changes to the Go toolchain itself (any package under `go/src/cmd`), you will need to rebuild the Go toolchain. + +The newly built Go toolchain will be available in the `go/bin` directory. From now one this guide will assume that any mention of the `go` command refers to the one in the `go/bin` directory. +There are different ways to use the new Go toolchain: +- Add `go/bin` to your `PATH`, although but it is not recommended because it will probably contain unstable features that may interfere with other Go projects. +- You can use the full path to the `go` command in the `go/bin` directory. +- You can instruct your IDE to use the `go` command in the `go/bin` directory (recommended approach). See the [IDE setup](#ide-setup) section for more information. + +### Test that your environment is set up correctly + +To test that your environment is set up correctly, run the following command: + +``` +cd go/src +go version +go test -short ./... +``` + +## IDE setup + +### Visual Studio Code + +Visual Studio Code (VS Code from now on) is a popular IDE for Go development. We recommend using the official Go extension for VS Code. +Please refer to the [Go extension documentation](https://code.visualstudio.com/docs/languages/go) for more information on how to set up VS Code for Go development. + +#### Using the Go toolchain from the `go` submodule + +You can use the Go toolchain from the `go` submodule in VS Code by following these steps: + +1. In VS Code, open `Command Palette's Help` > `Show All Commands`. Or use the keyboard shortcut (`Ctrl+Shift+P`). +1. Search for `Go: Choose Go environment` then run the command from the pallet. +1. Select `Choose from file browser`. +1. Select the `go` command in the `go/bin` directory. +1. Save the file and restart VS Code. + +## Making changes to go/src + +TODO \ No newline at end of file diff --git a/eng/doc/README.md b/eng/doc/README.md index ee320e64e89..87eee3c4f46 100644 --- a/eng/doc/README.md +++ b/eng/doc/README.md @@ -2,7 +2,7 @@ This directory, `/eng/doc`, contains documents describing the Microsoft infrastructure used to build Go, in particular any designs that are not obvious by reading the infrastructure code itself. -For dev scenario documentation, see [eng/README.md](/eng/README.md). +For dev scenario documentation, see the [DeveloperGuide.md](DeveloperGuide.md) doc. The [Downloads.md](Downloads.md) doc contains a table of links to the latest assets for each supported Go release branch. The [release-branch-links.json](release-branch-links.json) file contains the same data in JSON format suitable for parsing. From 0cdbf6ae0e74dd0421b01a066768d6c862b3be84 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 19 Nov 2024 13:41:20 -0800 Subject: [PATCH 100/887] Enable notarization by default, with nothing to do (#1411) --- eng/_util/cmd/sign/archive.go | 55 ++++++++--------------------------- eng/_util/cmd/sign/sign.go | 36 +++++++++++------------ 2 files changed, 30 insertions(+), 61 deletions(-) diff --git a/eng/_util/cmd/sign/archive.go b/eng/_util/cmd/sign/archive.go index 701e83103eb..08fad345ab1 100644 --- a/eng/_util/cmd/sign/archive.go +++ b/eng/_util/cmd/sign/archive.go @@ -370,29 +370,17 @@ func (a *archive) prepareNotarize(ctx context.Context) ([]*fileToSign, error) { return nil, nil } - log.Printf("Creating zip containing the macOS tar.gz to notarize at %q", a.macNotarizePackPath()) - if err := withZipCreate(a.macNotarizePackPath(), func(zw *zip.Writer) error { - w, err := zw.CreateHeader(&zip.FileHeader{ - Name: a.name, - }) - if err != nil { - return err - } - return withFileOpen(a.latestPath(), func(f *os.File) error { - _, err := io.Copy(w, f) - return err - }) - }); err != nil { - return nil, err - } - return []*fileToSign{ - { - originalPath: a.path, - fullPath: a.macNotarizePackPath(), - authenticode: "8020", // Can't specify MacNotarize or MacAppName is not detected. - macAppName: "MicrosoftGo", - }, - }, nil + // Currently, we don't produce any macOS artifacts that can accept stapled notarization, like + // app bundles, disk images, or installers. + // + // The executable binaries inside our tar.gz archive are already notarized by the earlier + // "MacDeveloperHarden" step, and that's the best we can do. Individual file notarizations are + // not stapled: they are stored by Apple and downloaded on demand. + // + // If we do produce notarizable artifacts in the future, add the logic here to pack them in a + // zip and add logic to unpackNotarize to extract them back out, if zip submission is still a + // MicroBuild and/or ESRP requirement. + return nil, nil } func (a *archive) unpackNotarize(ctx context.Context) error { @@ -404,26 +392,7 @@ func (a *archive) unpackNotarize(ctx context.Context) error { return nil } - a.notarizedPath = filepath.Join(a.workDir, a.name+".notarized") - log.Printf("Unpacking notarized content to %q", a.notarizedPath) - return withZipOpen(a.macNotarizePackPath(), func(zr *zip.ReadCloser) error { - return eachZipEntry(zr, func(f *zip.File) error { - if err := ctx.Err(); err != nil { - return err - } - if f.Name != a.name { - return fmt.Errorf("unexpected file in notarize zip: %q", f.Name) - } - return withFileCreate(a.notarizedPath, func(w *os.File) error { - r, err := f.Open() - if err != nil { - return err - } - _, err = io.Copy(w, r) - return cmp.Or(err, r.Close()) - }) - }) - }) + return nil } func (a *archive) prepareArchiveSignatures(ctx context.Context) ([]*fileToSign, error) { diff --git a/eng/_util/cmd/sign/sign.go b/eng/_util/cmd/sign/sign.go index 07c7a7bd31f..b1136205112 100644 --- a/eng/_util/cmd/sign/sign.go +++ b/eng/_util/cmd/sign/sign.go @@ -39,7 +39,6 @@ var ( tempDir = flag.String("temp-dir", "eng/signing/signing-temp", "Directory to store temporary files.") signingCsprojDir = flag.String("signing-csproj-dir", "eng/signing", "Directory containing Sign.csproj and related files.") - notarize = flag.Bool("notarize", false, "Notarize macOS archives. This is currently not working in the signing service.") signType = flag.String("sign-type", "test", "Type of signing to perform. Options: test, real.") timeout = flag.Duration("timeout", 0, @@ -108,27 +107,23 @@ func run() error { } } - if *notarize { - log.Println("Notarizing macOS archives") + log.Println("Notarizing macOS archives") - filesToNotarize, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { - return a.prepareNotarize(ctx) - }) - if err != nil { - return err - } + filesToNotarize, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { + return a.prepareNotarize(ctx) + }) + if err != nil { + return err + } - if err := sign(ctx, "2-Notarize", filesToNotarize); err != nil { - return err - } + if err := sign(ctx, "2-Notarize", filesToNotarize); err != nil { + return err + } - for _, a := range archives { - if err := a.unpackNotarize(ctx); err != nil { - return err - } + for _, a := range archives { + if err := a.unpackNotarize(ctx); err != nil { + return err } - } else { - log.Println("Skipping notarizing macOS archives") } log.Println("Creating signature files") @@ -208,6 +203,11 @@ func findArchives(ctx context.Context, glob string) ([]*archive, error) { } func sign(ctx context.Context, step string, files []*fileToSign) error { + if len(files) == 0 { + log.Printf("No files to sign for step %q", step) + return nil + } + var sb strings.Builder sb.WriteString("\n") sb.WriteString(" \n") From 01b7d5fe176b025d55c93467d57f020d7943d83e Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 19 Nov 2024 13:41:32 -0800 Subject: [PATCH 101/887] Fix official build dependency on Get-Stage0GoRoot (#1410) --- eng/pipeline/steps/install-gopdb.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/pipeline/steps/install-gopdb.yml b/eng/pipeline/steps/install-gopdb.yml index 044d0243247..ba20d2da42f 100644 --- a/eng/pipeline/steps/install-gopdb.yml +++ b/eng/pipeline/steps/install-gopdb.yml @@ -26,9 +26,9 @@ steps: - pwsh: | . eng/utilities.ps1 - $gobin = Get-Stage0GoRoot # Make sure we have a Go toolchain available + Download-Stage0 # Make sure we have a Go toolchain available cd go-pdb - & $gobin/bin/go.exe build -o $(pdbPath)/gopdb.exe ./cmd/gopdb + & go build -o $(pdbPath)/gopdb.exe ./cmd/gopdb displayName: Install gopdb - pwsh: | From bf4210da690f48583ae5803e2cc8900c301652f3 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 19 Nov 2024 14:22:57 -0800 Subject: [PATCH 102/887] Developer guide edits (#1413) * Improve "Clone and build" with pointers * eng/doc/DeveloperGuide.md: various edits * More PATH nuance, use established "go/bin" expectation * Apply suggestions from code review Co-authored-by: George Adams --------- Co-authored-by: George Adams --- README.md | 28 ++++++-------- eng/README.md | 8 ++++ eng/doc/DeveloperGuide.md | 79 ++++++++++++++++++++++++++------------- 3 files changed, 74 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 87cf443621f..7064b0dc31c 100644 --- a/README.md +++ b/README.md @@ -104,25 +104,21 @@ extracting the tar.gz file, build it using the #### Clone and build -This repository wraps the upstream Go repository and includes build scripts that -automate some aspects of the build process. See [eng/README.md](eng/README.md) -for more details about the infrastructure. +The first step is to clone this repository using Git and check out the desired +tag or commit. The `zip` file that GitHub offers for download is incomplete: it +doesn't include the `go` submodule. -Prerequisites: +If you want to contribute to the Microsoft Go project, read the [Developer +Guide](eng/doc/DeveloperGuide.md). It lists the steps we recommend to set up a +Microsoft Go development environment, execute your first Microsoft Go build, run +the standard library test suite, and contribute a PR. -* [PowerShell 6+](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) -* [Go install from source prerequisites](https://go.dev/doc/install/source) - * Exception: this repository's build script automatically downloads a - bootstrap version of Go. +If you just want to build Microsoft Go on your own machine, you may find it more +convenient to use the tools provided by the `eng/run.ps1` script. We use this +script for CI builds. See [eng/README.md](eng/README.md) for more details about +`eng/run.ps1` and other repository infrastructure. -After cloning the repository and checking out the desired tag or commit, use the -following build command: - -``` -pwsh eng/run.ps1 build -refresh -``` - -The resulting Go binary can then be found at `go/bin/go`. +Once built, the Microsoft Go binary is found at `go/bin/go`. ## Contributing diff --git a/eng/README.md b/eng/README.md index 9aa1ec0faf0..5f43b5fabb3 100644 --- a/eng/README.md +++ b/eng/README.md @@ -23,6 +23,14 @@ submodule to new Go commits. ## Building Go +Prerequisites: + +* [Git](https://git-scm.com/downloads) +* [PowerShell 6+](https://docs.microsoft.com/en-us/powershell/scripting/install/installing-powershell) +* [Go install from source prerequisites](https://go.dev/doc/install/source) + * Exception: this repository's build script automatically downloads a + bootstrap version of Go. + In the root of the repository, run this command: ```pwsh diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index b82f332dab8..231c241d453 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -15,18 +15,29 @@ For details, visit https://cla.opensource.microsoft.com. ### Install a Go toolchain A preexisting Go toolchain is required to bootstrap the build process. -You can use your system's package manager to install Go, or you can download it from the [official Go website](https://golang.org/dl/). +You can use your system's package manager to install Go, download Go from the [official Go website](https://golang.org/dl/), or download a prebuilt version of Microsoft Go itself. + The only requirement is that the Go version is high enough for the bootstrap process. -If the version is too low, the bootstrap process will fail and ask you to install a newer version. +If you attempt to build Go while using a bootstrap Go with a version that is too low, the bootstrap process will fail and ask you to install a newer version. + +> [!NOTE] +> The in-support versions of Go found on the [official Go website](https://golang.org/dl/) are always high enough to bootstrap the development branch. +> This is because: +> * The [last two major versions of Go are supported by the Go project](https://go.dev/s/release#release-maintenance). (Microsoft Go has the same policy.) +> * Go N can always be bootstrapped by [both N-1 and N-2](https://tip.golang.org/doc/install/source#go14). -This repository implements some scripts (provided by `eng/run.ps1`) to facilitate installing the correct bootstrapping Go version and also to build the Go toolchain from source, see the [`eng` Readme](../eng/README.md) for more information. -It is recommended that you get familiar with both the upstream Go build process and the scripts provided in this repository. +> [!NOTE] +> This repository's `eng/run.ps1` PowerShell script is able to download a correct bootstrapping Go version automatically before building Microsoft Go from source. +> We recommend that Microsoft Go team members be familiar with this script because it is used by Microsoft Go CI. +> However, it isn't necessary to use the script for most work on the Microsoft Go patches. +> See the [`eng` Readme](/eng/README.md) for more information about `eng/run.ps1`. ### Install git and the git-go-patch command -This repository heavily relies on advanced Git features to manage the Go submodule, so it is recommended to develop with a local clone of the repository rather than using the GitHub web interface. +This repository heavily relies on advanced Git features to manage the Go submodule, so it is recommended to develop with a local Git clone of the repository rather than other methods, e.g. using the GitHub web interface. -You will need to have Git installed on your system, either from your system's package manager or from the [official Git website](https://git-scm.com/downloads). +Make sure Git is installed on your system. +You can get Git from your system's package manager or the [official Git website](https://git-scm.com/downloads). The [`git-go-patch`](https://github.com/microsoft/go-infra/tree/main/cmd/git-go-patch) command is a tool that helps you manage the patches in the `go` submodule. @@ -64,27 +75,41 @@ git go-patch apply You now can edit the `go/src` directory as you would the upstream Go project. [The upstream "Installing Go from source" instructions](https://go.dev/doc/install/source) apply to the `go` directory and can be used to build and test. +We recommend reading the upstream instructions, but we've included some minimal instructions here to get started. -In order to make changes to the standard library packages located in `go/src` you will first need to build to Go toolchain from the `go/src` directory itself using the following command: +First, use the following commands to build the Go toolchain using the source in the `go/src` directory: -``` -cd go/src -./make.bash # or make.bat on Windows -``` +- On Unix-like systems: + ```bash + cd go/src + ./make.bash + ``` + +- On Windows: + ```bat + cd go/src + .\make.bat + ``` + +The newly built Go toolchain will be available in the `go/bin` directory. +An app built by `go/bin/go` will use the standard library in `go/src`, so changes that you make to the standard library are reflected in the built app. + +From now on, when this guide mentions the `go` command, it refers to executing the `go` binary in the `go/bin` directory. > [!NOTE] -> Rebuilding the Go toolchain from source is not necessary for changes in the Go standard library, they are immediately reflected in any future `go build`, `go test`, or `go run` commands. -> However, if you are making changes to the Go toolchain itself (any package under `go/src/cmd`), you will need to rebuild the Go toolchain. +> Rebuilding the Go toolchain from source is not necessary for changes in the Go standard library: changes are immediately reflected in any `go build`, `go test`, or `go run` commands. +> However, if you make changes to the Go toolchain itself (any package under `go/src/cmd`), you do need to rebuild the Go toolchain. -The newly built Go toolchain will be available in the `go/bin` directory. From now one this guide will assume that any mention of the `go` command refers to the one in the `go/bin` directory. There are different ways to use the new Go toolchain: -- Add `go/bin` to your `PATH`, although but it is not recommended because it will probably contain unstable features that may interfere with other Go projects. -- You can use the full path to the `go` command in the `go/bin` directory. -- You can instruct your IDE to use the `go` command in the `go/bin` directory (recommended approach). See the [IDE setup](#ide-setup) section for more information. + +- Use the full path to the `go` command. +- Add the full path of `go/bin` to the start of `PATH`. + - We only recommend setting `PATH` in a specific terminal session, not user-wide or system-wide. The development version of Go will probably contain unstable features that may interfere with your other Go projects. +- Instruct your IDE to use the `go` command. Recommended approach for most development work. See the [IDE setup](#ide-setup) section for more information. ### Test that your environment is set up correctly -To test that your environment is set up correctly, run the following command: +To test that your environment is set up correctly, run the following commands, which work the same on all platforms: ``` cd go/src @@ -94,20 +119,24 @@ go test -short ./... ## IDE setup -### Visual Studio Code +### VS Code -Visual Studio Code (VS Code from now on) is a popular IDE for Go development. We recommend using the official Go extension for VS Code. +[VS Code](https://code.visualstudio.com/) (Visual Studio Code) is a popular IDE for Go development. +We recommend using the official Go extension for VS Code. Please refer to the [Go extension documentation](https://code.visualstudio.com/docs/languages/go) for more information on how to set up VS Code for Go development. #### Using the Go toolchain from the `go` submodule -You can use the Go toolchain from the `go` submodule in VS Code by following these steps: +You can use your build of `go` in VS Code by following these steps: -1. In VS Code, open `Command Palette's Help` > `Show All Commands`. Or use the keyboard shortcut (`Ctrl+Shift+P`). -1. Search for `Go: Choose Go environment` then run the command from the pallet. +1. In VS Code, open the command palette. + - `View` > `Command Palette...`. + - Default keyboard shortcut: `Ctrl+Shift+P`. +1. Search for `Go: Choose Go environment` and select it. 1. Select `Choose from file browser`. -1. Select the `go` command in the `go/bin` directory. -1. Save the file and restart VS Code. +1. Select the `go` executable in the `go/bin` directory. (On Windows, `go.exe`.) +1. Open the command palette. +1. Search for `Developer: Reload Window` and select it. ## Making changes to go/src From bdf9fca502ebafbe42065c68620fdf3710247f8e Mon Sep 17 00:00:00 2001 From: mertakman Date: Wed, 20 Nov 2024 12:05:40 +0000 Subject: [PATCH 103/887] fix:add making changes section to DeveloperGuide --- eng/doc/DeveloperGuide.md | 64 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index 231c241d453..6246e61b7e4 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -138,6 +138,66 @@ You can use your build of `go` in VS Code by following these steps: 1. Open the command palette. 1. Search for `Developer: Reload Window` and select it. -## Making changes to go/src +## Making Changes to `go/src` -TODO \ No newline at end of file +### Preparing `go/src` folder +As mentioned above, after downloading the submodule using the command: + +```bash +git submodule update --init --recursive +``` + +and applying all changes from patch files with: + +```bash +git go-patch apply +``` + +fully prepared go/src directory will be created. From this point forward, all tasks related to vendoring, updating the go.mod file, and running tests should exclusively utilize the Go toolchain provided by the go submodule. + +It is crucial to note that the Go version and source code within the submodule may differ from your local setup. As a result, tests that pass in your local environment may fail in the submodule environment, and tests that pass in the submodule may fail locally. Always validate your changes within the submodule context to ensure compatibility and consistency. + +### Making Changes + +Once the `go/src` folder is prepared, any modifications made to this directory will be tracked by the Git history of the submodule. You can view these changes by running: + +```bash +git status +``` + +To create patch files from the changes, you must commit them. Only committed changes will be extracted by go-patch and included in the patch files. + +### Generating New Patch Files + +After making changes in the `go/src` directory, you must commit your changes following the standard Git process. For example: + +```bash +git add . --all +git commit -m "example" +``` + +This will create a commit with the message "example" in the Git log. + +Then, when you run: + +```bash +git go-patch extract +``` + +The `go-patch` command will generate a patch file under the `go/patches` directory. The patch file will be prefixed with a serial number (one greater than the number of existing patch files), followed by a dash-separated commit message. + +### Squashing Changes to Existing Patch Files + +Creating new patch files is not always necessary when there are existing patch files with similar purposes for the same files. In such cases, you can squash new commits on top of the existing ones to update their contents. The go-patch extract command will detect the differences in these commits and regenerate the patch files with the updated contents. + +Before starting work, please check the go/patches folder for any existing patch files related to the files you're working on. This helps maintain a clean repository by avoiding redundant patch files. + +### Rolling Back Changes in `go/src` + +We do not retain changes in the submodule after generating patch files, as this approach is similar to maintaining a fork. The submodule is pinned to a specific commit hash, and we always start from that point, applying patch files on top of it. Therefore, once the work is complete and patch files are generated, it is essential to clean up the working directory. + +Additionally, any new commits will cause `git go-patch extract` to generate new patch files. To return the `go/src` directory to its initial state after completing your work, run the following command: + +```bash +git submodule update --init --recursive --checkout +``` From 1e1b6caa6d9820cbdce358c3ed0cf4d5b5149aa0 Mon Sep 17 00:00:00 2001 From: mertakman Date: Wed, 20 Nov 2024 13:50:19 +0000 Subject: [PATCH 104/887] fix:remove paragraph that adds duplicate information --- eng/doc/DeveloperGuide.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index 6246e61b7e4..4629787f13c 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -140,25 +140,6 @@ You can use your build of `go` in VS Code by following these steps: ## Making Changes to `go/src` -### Preparing `go/src` folder -As mentioned above, after downloading the submodule using the command: - -```bash -git submodule update --init --recursive -``` - -and applying all changes from patch files with: - -```bash -git go-patch apply -``` - -fully prepared go/src directory will be created. From this point forward, all tasks related to vendoring, updating the go.mod file, and running tests should exclusively utilize the Go toolchain provided by the go submodule. - -It is crucial to note that the Go version and source code within the submodule may differ from your local setup. As a result, tests that pass in your local environment may fail in the submodule environment, and tests that pass in the submodule may fail locally. Always validate your changes within the submodule context to ensure compatibility and consistency. - -### Making Changes - Once the `go/src` folder is prepared, any modifications made to this directory will be tracked by the Git history of the submodule. You can view these changes by running: ```bash From b67a64b6aa4faeffed00205ef01cf157bb0d28a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 10:27:50 +0000 Subject: [PATCH 105/887] Bump github/codeql-action from 3.27.4 to 3.27.5 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 86cc16d6f26..0e787aea59c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: category: /language:go From 9e54e242d3f728cb0bb95d5756219dec6845ddc4 Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 21 Nov 2024 11:51:03 +0000 Subject: [PATCH 106/887] fix:remove capital prefixes from title --- eng/doc/DeveloperGuide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index 4629787f13c..21bcd092165 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -138,7 +138,7 @@ You can use your build of `go` in VS Code by following these steps: 1. Open the command palette. 1. Search for `Developer: Reload Window` and select it. -## Making Changes to `go/src` +## Making changes to `go/src` Once the `go/src` folder is prepared, any modifications made to this directory will be tracked by the Git history of the submodule. You can view these changes by running: From 543d480f1802ddd01354f925fe96d2d55686bb5b Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 25 Nov 2024 01:39:55 +0000 Subject: [PATCH 107/887] fix: reconstruct latest paragraph to give better explanation of changes --- eng/doc/DeveloperGuide.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index 21bcd092165..b217ab8561e 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -173,12 +173,11 @@ Creating new patch files is not always necessary when there are existing patch f Before starting work, please check the go/patches folder for any existing patch files related to the files you're working on. This helps maintain a clean repository by avoiding redundant patch files. -### Rolling Back Changes in `go/src` - -We do not retain changes in the submodule after generating patch files, as this approach is similar to maintaining a fork. The submodule is pinned to a specific commit hash, and we always start from that point, applying patch files on top of it. Therefore, once the work is complete and patch files are generated, it is essential to clean up the working directory. - -Additionally, any new commits will cause `git go-patch extract` to generate new patch files. To return the `go/src` directory to its initial state after completing your work, run the following command: +### Submitting Changes +When working with the `go/src` submodule, changes should not be committed directly. Instead, we use patch files to manage modifications. Since the submodule is pinned to a specific commit hash, we always start from that state and apply patch files on top. This approach avoids the need to maintain a fork and ensures consistency. +After generating the required patch files and completing your work, it is crucial to clean up the submodule to prevent any changes from being committed. To restore the submodule to its original state, execute the following command: ```bash git submodule update --init --recursive --checkout ``` +This ensures the submodule remains clean and aligned with its designated commit state. Once done, you can proceed to commit the patch files to your pull request. From 81b15597190415266a0718436c35c5250834e163 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 26 Nov 2024 08:55:16 -0800 Subject: [PATCH 108/887] Developer guide edits: rebase, cleanup, PRs, format (#1420) * Fix formatting * Mention git go-patch rebase; clarify cleanup; more about PR * Folder -> directory, clearer inline commands * Style: only use "will" for things that happen in the non-immediate future or conditionally * Focus the sections; add dedicated patch update section; other edits --- eng/doc/DeveloperGuide.md | 111 +++++++++++++++++++++++++++++++------- 1 file changed, 93 insertions(+), 18 deletions(-) diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index b217ab8561e..7f95f61ff70 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -91,8 +91,8 @@ First, use the following commands to build the Go toolchain using the source in .\make.bat ``` -The newly built Go toolchain will be available in the `go/bin` directory. -An app built by `go/bin/go` will use the standard library in `go/src`, so changes that you make to the standard library are reflected in the built app. +The newly built Go toolchain is available in the `go/bin` directory. +An app built by `go/bin/go` uses the standard library in `go/src`, so changes that you make to the standard library are reflected in the built app. From now on, when this guide mentions the `go` command, it refers to executing the `go` binary in the `go/bin` directory. @@ -138,46 +138,121 @@ You can use your build of `go` in VS Code by following these steps: 1. Open the command palette. 1. Search for `Developer: Reload Window` and select it. -## Making changes to `go/src` +## Making changes to `go` -Once the `go/src` folder is prepared, any modifications made to this directory will be tracked by the Git history of the submodule. You can view these changes by running: +Once the `go` directory is prepared, it is a submodule, a semi-independent Git repository. +Git tracks changes in `go` separately from the main repository. + +You can view the changes tracked in `go` by running: ```bash +cd go git status ``` -To create patch files from the changes, you must commit them. Only committed changes will be extracted by go-patch and included in the patch files. +A Git GUI that supports submodules shows the statuses of both the main repository and the `go` submodule. + +> [!NOTE] +> In this section, many commands expect that your console's working directory is somewhere inside the submodule. +> This is indicated by a code sample starting with `cd go`. +> If you use the same console session, you don't need to run the `cd` command again. +> +> The `git go-patch` subcommands don't require that your working directory is in the submodule. +> However, we recommend running them inside the submodule anyway because it makes the workflow less confusing and error-prone. + +At this point, you can make changes, run tests, rebuild, and use the built Go toolchain in external projects. +Most of the interesting Go code to modify is in `go/src`. -### Generating New Patch Files +Once you have made changes that work as you expect, move on to the next step. -After making changes in the `go/src` directory, you must commit your changes following the standard Git process. For example: +### Generating new patch files + +After making changes in the `go` directory, you must commit your changes following the standard Git process. +For example: ```bash +cd go git add . --all git commit -m "example" ``` -This will create a commit with the message "example" in the Git log. +This creates a commit with the message "example" in the Git log. + +### Changing existing patch files + +Creating new patch files is not always necessary. +It often makes more sense to update an existing patch file because the changes serve the same purpose. +In such cases, you can squash new commits on top of the existing ones to update their contents. +You can also amend commits directly. -Then, when you run: +Before submitting a PR, check the `patches` directory or submodule history for any existing patches related to the files you're working on. +We prefer to avoid redundant patch files to keep the repository clean and easy to review. + +To squash commits, amend them, and more, use a rebase. +We recommend using an [*interactive rebase*](https://git-scm.com/docs/git-rebase#_interactive_mode). +The patching tool can start an interactive rebase session for you. +To do this, run: ```bash -git go-patch extract +cd go +git go-patch rebase ``` -The `go-patch` command will generate a patch file under the `go/patches` directory. The patch file will be prefixed with a serial number (one greater than the number of existing patch files), followed by a dash-separated commit message. +Make sure the rebase is complete before continuing. +If you're unsure, check `git status` in the submodule. + +### Updating `patches` + +So far, your change only exists inside the `go` submodule's Git state. +To extract your change into a new patch file or update the existing patch files, run: + +```bash +cd go +git go-patch extract +``` -### Squashing Changes to Existing Patch Files +Each automatically generated patch filename has a serial number prefix followed by a dash-separated commit message. +They are human-readable text files, but you shouldn't edit or rename them manually. -Creating new patch files is not always necessary when there are existing patch files with similar purposes for the same files. In such cases, you can squash new commits on top of the existing ones to update their contents. The go-patch extract command will detect the differences in these commits and regenerate the patch files with the updated contents. +### Submitting changes -Before starting work, please check the go/patches folder for any existing patch files related to the files you're working on. This helps maintain a clean repository by avoiding redundant patch files. +When working with the `go` submodule, you may notice that outside the submodule, Git marks the `go` submodule as modified. +It's important to **not** commit this change. -### Submitting Changes +One way to avoid committing the change is to clean up the submodule after completing your work on the patches. +To restore the submodule to its original state, execute the following command: -When working with the `go/src` submodule, changes should not be committed directly. Instead, we use patch files to manage modifications. Since the submodule is pinned to a specific commit hash, we always start from that state and apply patch files on top. This approach avoids the need to maintain a fork and ensures consistency. -After generating the required patch files and completing your work, it is crucial to clean up the submodule to prevent any changes from being committed. To restore the submodule to its original state, execute the following command: ```bash git submodule update --init --recursive --checkout ``` -This ensures the submodule remains clean and aligned with its designated commit state. Once done, you can proceed to commit the patch files to your pull request. + +This allows you to use `git add .`, `git commit -a`, and similar commands without concern. + +If you make a mistake and commit the submodule change, PR tests will fail harmlessly. + +> [!NOTE] +> If you use `git add [...]` or a GUI to selectively stage and commit changes, it isn't necessary to clean up the submodule. +> It may be useful to keep the submodule dirty for faster iteration on the patches in response to PR feedback and test results. + +Commit the patch file changes. + +If you have write access to the `microsoft/go` repository, push the changes to a branch named `dev//`. +The `dev/` prefix is important, `your GitHub username` isn't as important, and `topic` is unimportant but helps you organize and recognize your own work. + +If you don't have write access, use a GitHub fork, and give the branch any name you want. + +Submit a GitHub PR with your change. +Include a short description and links to related GitHub issues if any exist. +If you submit the PR to a release branch, add a `[]` prefix to the PR title, such as `[release-branch.go1.22] Support TLS 1.3`. + +### Merging changes + +If you don't have write access to `microsoft/go`, wait for a maintainer to review and merge your PR. + +If you do have write access, in general, wait for two review approvals before merging your PR. +Exceptions where only one approval is necessary: + +* Small documentation updates. +* Backports to release branches without significant changes. + +Squash, rebase, and merge-commit merges are all acceptable. From f3c66c88dda3da35a2b16899187fd9e7cd30f455 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 18 Nov 2024 15:20:34 +0100 Subject: [PATCH 109/887] add initial DSA support --- .../0002-Add-crypto-backend-foundation.patch | 54 ++++++++++++++++--- .../0003-Add-BoringSSL-crypto-backend.patch | 20 ++++--- patches/0004-Add-OpenSSL-crypto-backend.patch | 22 +++++--- patches/0005-Add-CNG-crypto-backend.patch | 22 ++++++-- 4 files changed, 94 insertions(+), 24 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 159be26ee44..1d1729c9115 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -8,6 +8,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/aes/cipher_asm.go | 2 +- src/crypto/boring/boring.go | 2 +- src/crypto/des/cipher.go | 7 + + src/crypto/dsa/dsa.go | 13 ++ src/crypto/ecdh/ecdh.go | 2 +- src/crypto/ecdh/nist.go | 2 +- src/crypto/ecdsa/boring.go | 4 +- @@ -23,7 +24,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/internal/backend/bbig/big.go | 17 ++ src/crypto/internal/backend/common.go | 92 +++++++++ src/crypto/internal/backend/isrequirefips.go | 9 + - src/crypto/internal/backend/nobackend.go | 193 +++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 201 +++++++++++++++++++ src/crypto/internal/backend/norequirefips.go | 9 + src/crypto/internal/backend/stub.s | 10 + src/crypto/md5/md5.go | 7 + @@ -51,7 +52,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_server.go | 25 ++- src/crypto/tls/handshake_server_tls13.go | 10 + src/crypto/tls/key_schedule.go | 18 +- - src/crypto/tls/prf.go | 77 +++++--- + src/crypto/tls/prf.go | 77 ++++--- src/crypto/tls/prf_test.go | 12 +- src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + @@ -60,7 +61,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 5 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 56 files changed, 893 insertions(+), 106 deletions(-) + 57 files changed, 914 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -144,6 +145,37 @@ index 04b73e7d3bf758..0891652a4566fb 100644 c := new(tripleDESCipher) c.cipher1.generateSubkeys(key[:8]) +diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go +index 4524bd492feba0..3937865aee7ef8 100644 +--- a/src/crypto/dsa/dsa.go ++++ b/src/crypto/dsa/dsa.go +@@ -18,6 +18,8 @@ import ( + "io" + "math/big" + ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/randutil" + ) + +@@ -86,6 +88,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes + return errors.New("crypto/dsa: invalid ParameterSizes") + } + ++ if boring.Enabled && boring.SupportsDSA(L, N) { ++ p, q, g, err := boring.GenerateDSAParameters(L, N) ++ if err != nil { ++ return err ++ } ++ params.P = bbig.Dec(p) ++ params.Q = bbig.Dec(q) ++ params.G = bbig.Dec(g) ++ return nil ++ } ++ + qBytes := make([]byte, N/8) + pBytes := make([]byte, L/8) + diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go index b7c26f91e57f02..7a12e2bbaaafd1 100644 --- a/src/crypto/ecdh/ecdh.go @@ -657,10 +689,10 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..08600a2c833ac7 +index 00000000000000..cc224d339ee4e9 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,193 @@ +@@ -0,0 +1,201 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -706,8 +738,8 @@ index 00000000000000..08600a2c833ac7 + +func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { panic("cryptobackend: not available") } + -+func NewAESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } ++func NewAESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } +func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } + +type PublicKeyECDSA struct{ _ int } @@ -854,6 +886,14 @@ index 00000000000000..08600a2c833ac7 +func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { + panic("cryptobackend: not available") +} ++ ++func SupportsDSA(l, n int) bool { ++ return false ++} ++ ++func GenerateDSAParameters(l, n int) (p, q, g BigInt, err error) { ++ panic("cryptobackend: not available") ++} diff --git a/src/crypto/internal/backend/norequirefips.go b/src/crypto/internal/backend/norequirefips.go new file mode 100644 index 00000000000000..26bfb5f6a643f3 diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 430b91187d5..89cbb8792b7 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,8 +5,8 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 225 ++++++++++++++++++ - 2 files changed, 237 insertions(+) + src/crypto/internal/backend/boring_linux.go | 233 ++++++++++++++++++ + 2 files changed, 245 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go @@ -30,10 +30,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..7c5fbeea717618 +index 00000000000000..6cecf976fa6a9b --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,225 @@ +@@ -0,0 +1,233 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -82,8 +82,8 @@ index 00000000000000..7c5fbeea717618 + +func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return boring.NewHMAC(h, key) } + -+func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) } -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) } ++func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) } ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) } +func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS13(c) } + +type PublicKeyECDSA = boring.PublicKeyECDSA @@ -259,3 +259,11 @@ index 00000000000000..7c5fbeea717618 +func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { + panic("cryptobackend: not available") +} ++ ++func SupportsDSA(l, n int) bool { ++ return false ++} ++ ++func GenerateDSAParameters(l, n int) (p, q, g boring.BigInt, err error) { ++ panic("cryptobackend: not available") ++} diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 938e6927e2d..83188497d77 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 323 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 333 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 408 insertions(+), 25 deletions(-) + 36 files changed, 418 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..69af0ffe2fcf80 +index 00000000000000..e0208441429955 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,323 @@ +@@ -0,0 +1,333 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -218,6 +218,7 @@ index 00000000000000..69af0ffe2fcf80 + "syscall" + + "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-winnative/cng" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -520,6 +521,15 @@ index 00000000000000..69af0ffe2fcf80 +func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { + return openssl.VerifyEd25519(pub, message, sig) +} ++ ++func SupportsDSA(l, n int) bool { ++ return false ++} ++ ++func GenerateDSAParameters(l, n int) (p, q, g cng.BigInt, err error) { ++ // TODO ++ panic("Mert should implement") ++} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 --- a/src/crypto/internal/boring/fipstls/stub.s @@ -586,10 +596,10 @@ index 34c22c8fbba7da..933ac569e034a8 100644 package rsa diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 86466e67e87eeb..dbcc1bec58bd46 100644 +index c6294694521c69..ab99b176ac9540 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go -@@ -690,6 +690,9 @@ func TestDecryptOAEP(t *testing.T) { +@@ -700,6 +700,9 @@ func TestDecryptOAEP(t *testing.T) { } func Test2DecryptOAEP(t *testing.T) { diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index adac4e6644f..43d89c46350 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -7,13 +7,13 @@ Subject: [PATCH] Add CNG crypto backend src/cmd/api/boring_test.go | 2 +- src/cmd/go/go_boring_test.go | 2 +- src/crypto/boring/boring.go | 2 +- - src/crypto/ecdsa/badlinkname.go | 17 ++ + src/crypto/ecdsa/badlinkname.go | 17 + src/crypto/ecdsa/boring.go | 2 +- src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 280 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 292 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 375 insertions(+), 27 deletions(-) + 36 files changed, 387 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..3d3d13709de5ac +index 00000000000000..6c62c79982bdd6 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,280 @@ +@@ -0,0 +1,292 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -467,6 +467,18 @@ index 00000000000000..3d3d13709de5ac +func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { + panic("cryptobackend: not available") +} ++ ++func SupportsDSA(l, n int) bool { ++ return n != 224 ++} ++ ++func GenerateDSAParameters(l, n int) (p, q, g cng.BigInt, err error) { ++ params, err := cng.GenerateDSAParameters(l) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ return params.P, params.Q, params.G, nil ++} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go index bc595e91024f11..7766d674f5cfaf 100644 --- a/src/crypto/internal/backend/common.go From dfcf6a29edd185b8737bfd58e8936679a28ffebd Mon Sep 17 00:00:00 2001 From: mertakman Date: Wed, 27 Nov 2024 14:54:47 +0000 Subject: [PATCH 110/887] fix:update supportdsa and generatedsaparameters functions --- go | 2 +- patches/0004-Add-OpenSSL-crypto-backend.patch | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/go b/go index b33fc480a25..a1407f03270 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit b33fc480a25c30d38104a9efaf73326c888e8557 +Subproject commit a1407f03270450f2e56605b69bddebcb881a0658 diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 83188497d77..2b9610745d9 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 333 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 332 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 418 insertions(+), 25 deletions(-) + 36 files changed, 417 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..e0208441429955 +index 00000000000000..7ff09906b8d07b --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,333 @@ +@@ -0,0 +1,332 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -218,7 +218,6 @@ index 00000000000000..e0208441429955 + "syscall" + + "github.com/golang-fips/openssl/v2" -+ "github.com/microsoft/go-crypto-winnative/cng" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -523,12 +522,12 @@ index 00000000000000..e0208441429955 +} + +func SupportsDSA(l, n int) bool { -+ return false ++ return openssl.SupportsDSA() +} + -+func GenerateDSAParameters(l, n int) (p, q, g cng.BigInt, err error) { -+ // TODO -+ panic("Mert should implement") ++func GenerateDSAParameters(l, n int) (p, q, g openssl.BigInt, err error) { ++ params, err := openssl.GenerateDSAParameters(l, n) ++ return params.P, params.Q, params.G, err +} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 From 7099b2667089f07104e89be1c4e57ebbfa7f6330 Mon Sep 17 00:00:00 2001 From: mertakman Date: Wed, 27 Nov 2024 15:01:04 +0000 Subject: [PATCH 111/887] fix:revert changes accidentally committed to submodule --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index a1407f03270..b33fc480a25 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit a1407f03270450f2e56605b69bddebcb881a0658 +Subproject commit b33fc480a25c30d38104a9efaf73326c888e8557 From 6ff3e0120d15c064f191fa3a83320f6836359a2e Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 28 Nov 2024 17:03:10 +0000 Subject: [PATCH 112/887] fix:consistently panic in nobackend --- patches/0002-Add-crypto-backend-foundation.patch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 1d1729c9115..2bee5dcda14 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -3,6 +3,7 @@ From: qmuntal Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation +fix:nobackend panic consistently without return --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- @@ -689,7 +690,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..cc224d339ee4e9 +index 00000000000000..9204848708436e --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,201 @@ @@ -888,7 +889,7 @@ index 00000000000000..cc224d339ee4e9 +} + +func SupportsDSA(l, n int) bool { -+ return false ++ panic("cryptobackend: not available") +} + +func GenerateDSAParameters(l, n int) (p, q, g BigInt, err error) { From b19ce4a54233cdc7cf350ddca403d59894f2063c Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 2 Dec 2024 03:49:05 +0000 Subject: [PATCH 113/887] fix:add better clause and more descriptive SupportsDSA function --- patches/0005-Add-CNG-crypto-backend.patch | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 43d89c46350..0da11ecfda8 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 292 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 293 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 387 insertions(+), 27 deletions(-) + 36 files changed, 388 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..6c62c79982bdd6 +index 00000000000000..39c3c7043ab720 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,292 @@ +@@ -0,0 +1,293 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -469,7 +469,8 @@ index 00000000000000..6c62c79982bdd6 +} + +func SupportsDSA(l, n int) bool { -+ return n != 224 ++ // These are the only N values supported by CNG ++ return n == 160 || n == 256 +} + +func GenerateDSAParameters(l, n int) (p, q, g cng.BigInt, err error) { From 9eb540f6c13e3c455c2034a51157d731ed2bb6f8 Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 2 Dec 2024 18:13:38 +0000 Subject: [PATCH 114/887] fix:remove commit note line --- patches/0002-Add-crypto-backend-foundation.patch | 1 - 1 file changed, 1 deletion(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 2bee5dcda14..66257f9d55d 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -3,7 +3,6 @@ From: qmuntal Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation -fix:nobackend panic consistently without return --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- From f1d4ce373bb66010472cd1b329f6f64abfd5ad93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 10:23:12 +0000 Subject: [PATCH 115/887] Bump github/codeql-action from 3.27.5 to 3.27.6 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.5 to 3.27.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f09c1c0a94de965c15400f5634aa42fac8fb8f88...aa578102511db1f4524ed59b8cc2bae4f6e88195) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0e787aea59c..ec7cb594d42 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: category: /language:go From 46dd197ef3e6f665ec22a9cb3bd546a069da47a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Dec 2024 10:29:21 -0800 Subject: [PATCH 116/887] Bump golang.org/x/sys from 0.27.0 to 0.28.0 in /eng/_util (#1431) Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.27.0 to 0.28.0. - [Commits](https://github.com/golang/sys/compare/v0.27.0...v0.28.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 897bab5c0ff..3393abeda93 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -9,7 +9,7 @@ go 1.22.0 require ( github.com/microsoft/go-infra v0.0.5 github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 - golang.org/x/sys v0.27.0 + golang.org/x/sys v0.28.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 47684ef2a2e..ffefea135f1 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -81,8 +81,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From 54a87ba3eff7c6cee963a142affd450581449325 Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 9 Dec 2024 16:45:40 +0000 Subject: [PATCH 117/887] Add: DSA implementations for Win CNG and OpenSSL --- .../0002-Add-crypto-backend-foundation.patch | 240 +++++++++++++++++- .../0003-Add-BoringSSL-crypto-backend.patch | 31 ++- patches/0004-Add-OpenSSL-crypto-backend.patch | 58 ++++- patches/0005-Add-CNG-crypto-backend.patch | 28 +- 4 files changed, 335 insertions(+), 22 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 66257f9d55d..66d1ec4eb63 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -8,13 +8,15 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/aes/cipher_asm.go | 2 +- src/crypto/boring/boring.go | 2 +- src/crypto/des/cipher.go | 7 + - src/crypto/dsa/dsa.go | 13 ++ + src/crypto/dsa/boring.go | 109 +++++++++ + src/crypto/dsa/dsa.go | 48 ++++ + src/crypto/dsa/notboring.go | 16 ++ src/crypto/ecdh/ecdh.go | 2 +- src/crypto/ecdh/nist.go | 2 +- src/crypto/ecdsa/boring.go | 4 +- src/crypto/ecdsa/ecdsa.go | 4 +- src/crypto/ecdsa/notboring.go | 2 +- - src/crypto/ed25519/boring.go | 71 +++++++ + src/crypto/ed25519/boring.go | 71 ++++++ src/crypto/ed25519/ed25519.go | 75 ++++++- src/crypto/ed25519/ed25519_test.go | 2 +- src/crypto/ed25519/notboring.go | 16 ++ @@ -22,9 +24,9 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/hmac/hmac_test.go | 2 +- src/crypto/internal/backend/backend_test.go | 30 +++ src/crypto/internal/backend/bbig/big.go | 17 ++ - src/crypto/internal/backend/common.go | 92 +++++++++ + src/crypto/internal/backend/common.go | 92 ++++++++ src/crypto/internal/backend/isrequirefips.go | 9 + - src/crypto/internal/backend/nobackend.go | 201 +++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 224 +++++++++++++++++++ src/crypto/internal/backend/norequirefips.go | 9 + src/crypto/internal/backend/stub.s | 10 + src/crypto/md5/md5.go | 7 + @@ -52,16 +54,18 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_server.go | 25 ++- src/crypto/tls/handshake_server_tls13.go | 10 + src/crypto/tls/key_schedule.go | 18 +- - src/crypto/tls/prf.go | 77 ++++--- + src/crypto/tls/prf.go | 77 +++++-- src/crypto/tls/prf_test.go | 12 +- src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + src/hash/boring_test.go | 5 + src/hash/marshal_test.go | 5 + src/hash/notboring_test.go | 5 + - src/net/smtp/smtp_test.go | 72 ++++--- + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 57 files changed, 914 insertions(+), 106 deletions(-) + 59 files changed, 1097 insertions(+), 106 deletions(-) + create mode 100644 src/crypto/dsa/boring.go + create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -145,8 +149,123 @@ index 04b73e7d3bf758..0891652a4566fb 100644 c := new(tripleDESCipher) c.cipher1.generateSubkeys(key[:8]) +diff --git a/src/crypto/dsa/boring.go b/src/crypto/dsa/boring.go +new file mode 100644 +index 00000000000000..d01c955da8c9e5 +--- /dev/null ++++ b/src/crypto/dsa/boring.go +@@ -0,0 +1,109 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto ++ ++package dsa ++ ++import ( ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" ++ "crypto/internal/boring/bcache" ++ "math/big" ++) ++ ++// Cached conversions from Go PublicKey/PrivateKey to BoringCrypto. ++// ++// The first operation on a PublicKey or PrivateKey makes a parallel ++// BoringCrypto key and saves it in pubCache or privCache. ++// ++// We could just assume that once used in a sign/verify/encrypt/decrypt operation, ++// a particular key is never again modified, but that has not been a ++// stated assumption before. Just in case there is any existing code that ++// does modify the key between operations, we save the original values ++// alongside the cached BoringCrypto key and check that the real key ++// still matches before using the cached key. The theory is that the real ++// operations are significantly more expensive than the comparison. ++ ++type boringPub struct { ++ key *boring.PublicKeyDSA ++ orig PublicKey ++} ++ ++var pubCache bcache.Cache[PublicKey, boringPub] ++var privCache bcache.Cache[PrivateKey, boringPriv] ++ ++func init() { ++ pubCache.Register() ++ privCache.Register() ++} ++ ++func boringPublicKey(pub *PublicKey) (*boring.PublicKeyDSA, error) { ++ b := pubCache.Get(pub) ++ if b != nil && publicKeyEqual(&b.orig, pub) { ++ return b.key, nil ++ } ++ ++ b = new(boringPub) ++ b.orig = copyPublicKey(pub) ++ key, err := boring.NewPublicKeyDSA(bbig.Enc(b.orig.P), bbig.Enc(b.orig.Q), bbig.Enc(b.orig.G), bbig.Enc(b.orig.Y)) ++ if err != nil { ++ return nil, err ++ } ++ b.key = key ++ pubCache.Put(pub, b) ++ return key, nil ++} ++ ++type boringPriv struct { ++ key *boring.PrivateKeyDSA ++ orig PrivateKey ++} ++ ++func boringPrivateKey(priv *PrivateKey) (*boring.PrivateKeyDSA, error) { ++ b := privCache.Get(priv) ++ if b != nil && privateKeyEqual(&b.orig, priv) { ++ return b.key, nil ++ } ++ ++ b = new(boringPriv) ++ b.orig = copyPrivateKey(priv) ++ ++ P := b.orig.P ++ Q := b.orig.Q ++ G := b.orig.G ++ X := b.orig.X ++ Y := b.orig.Y ++ ++ key, err := boring.NewPrivateKeyDSA(bbig.Enc(P), bbig.Enc(Q), bbig.Enc(G), bbig.Enc(X), bbig.Enc(Y)) ++ if err != nil { ++ return nil, err ++ } ++ b.key = key ++ privCache.Put(priv, b) ++ return key, nil ++} ++ ++func publicKeyEqual(k1, k2 *PublicKey) bool { ++ return k1.Y != nil && k1.Y.Cmp(k2.Y) == 0 && k1.P.Cmp(k2.P) == 0 && k1.Q.Cmp(k2.Q) == 0 && k1.G.Cmp(k2.G) == 0 ++} ++ ++func copyPublicKey(k *PublicKey) PublicKey { ++ return PublicKey{ ++ Parameters{new(big.Int).Set(k.P), new(big.Int).Set(k.Q), new(big.Int).Set(k.G)}, ++ Y: new(big.Int).Set(k.Y), ++ } ++} ++ ++func privateKeyEqual(k1, k2 *PrivateKey) bool { ++ return publicKeyEqual(&k1.PublicKey, &k2.PublicKey) && ++ k1.X.Cmp(k2.X) == 0 ++} ++ ++func copyPrivateKey(k *PrivateKey) PrivateKey { ++ return PrivateKey{ ++ PublicKey: copyPublicKey(&k.PublicKey), ++ X: new(big.Int).Set(k.X), ++ } ++} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..3937865aee7ef8 100644 +index 4524bd492feba0..787258c9526f74 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go @@ -18,6 +18,8 @@ import ( @@ -176,6 +295,84 @@ index 4524bd492feba0..3937865aee7ef8 100644 qBytes := make([]byte, N/8) pBytes := make([]byte, L/8) +@@ -161,6 +174,23 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { + return errors.New("crypto/dsa: parameters not set up before generating key") + } + ++ if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { ++ b, err := boringPrivateKey(priv) ++ if err != nil { ++ return err ++ } ++ ++ generatedKey, err := boring.GenerateKeyDSA(bbig.Enc(priv.P), bbig.Enc(priv.Q), bbig.Enc(priv.G)) ++ if err != nil { ++ return err ++ } ++ ++ priv.X = bbig.Dec(generatedKey.X) ++ priv.Y = bbig.Dec(generatedKey.Y) ++ ++ return ++ } ++ + x := new(big.Int) + xBytes := make([]byte, priv.Q.BitLen()/8) + +@@ -212,6 +242,16 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err + err = ErrInvalidPublicKey + return + } ++ ++ if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { ++ b, err := boringPrivateKey(priv) ++ if err != nil { ++ return err ++ } ++ ++ return boring.SignDSA(b, hash) ++ } ++ + n >>= 3 + + var attempts int +@@ -271,6 +311,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err + // to the byte-length of the subgroup. This function does not perform that + // truncation itself. + func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { ++ if boring.Enabled && boring.SupportsDSA(pub.P.BitLen(), priv.Q.BitLen()) { ++ b, err := boringPrivateKey(priv) ++ if err != nil { ++ return nil, err ++ } ++ ++ return boring.VerifyDSA(pub, hash, bbig.Enc(r), bbig.Enc(s)) ++ } + // FIPS 186-3, section 4.7 + + if pub.P.Sign() == 0 { +diff --git a/src/crypto/dsa/notboring.go b/src/crypto/dsa/notboring.go +new file mode 100644 +index 00000000000000..f8771d0189f990 +--- /dev/null ++++ b/src/crypto/dsa/notboring.go +@@ -0,0 +1,16 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto ++ ++package dsa ++ ++import boring "crypto/internal/backend" ++ ++func boringPublicKey(*PublicKey) (*boring.PublicKeyDSA, error) { ++ panic("boringcrypto: not available") ++} ++func boringPrivateKey(*PrivateKey) (*boring.PrivateKeyDSA, error) { ++ panic("boringcrypto: not available") ++} diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go index b7c26f91e57f02..7a12e2bbaaafd1 100644 --- a/src/crypto/ecdh/ecdh.go @@ -689,10 +886,10 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..9204848708436e +index 00000000000000..be18ecce6eabaa --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,201 @@ +@@ -0,0 +1,224 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -894,6 +1091,29 @@ index 00000000000000..9204848708436e +func GenerateDSAParameters(l, n int) (p, q, g BigInt, err error) { + panic("cryptobackend: not available") +} ++ ++type PublicKeyDSA struct{ _ int } ++type PrivateKeyDSA struct{ _ int } ++ ++func GenerateKeyDSA(p, q, g BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyDSA(p, q, g, y BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s BigInt, error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt) bool { ++ panic("cryptobackend: not available") ++} diff --git a/src/crypto/internal/backend/norequirefips.go b/src/crypto/internal/backend/norequirefips.go new file mode 100644 index 00000000000000..26bfb5f6a643f3 diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 89cbb8792b7..47abcee319e 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,8 +5,8 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 233 ++++++++++++++++++ - 2 files changed, 245 insertions(+) + src/crypto/internal/backend/boring_linux.go | 256 ++++++++++++++++++ + 2 files changed, 268 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go @@ -30,10 +30,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..6cecf976fa6a9b +index 00000000000000..638164b1569a1e --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,233 @@ +@@ -0,0 +1,256 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -267,3 +267,26 @@ index 00000000000000..6cecf976fa6a9b +func GenerateDSAParameters(l, n int) (p, q, g boring.BigInt, err error) { + panic("cryptobackend: not available") +} ++ ++type PrivateKeyDSA struct{} ++type PrivateKeyDSA struct{} ++ ++func GenerateKeyDSA(p, q, g boring.BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y boring.BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyDSA(p, q, g, y boring.BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s boring.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt) bool { ++ panic("cryptobackend: not available") ++} diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 2b9610745d9..4ba27e51dfc 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 332 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 382 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 417 insertions(+), 25 deletions(-) + 36 files changed, 467 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..7ff09906b8d07b +index 00000000000000..dff302585913ae --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,332 @@ +@@ -0,0 +1,382 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -213,11 +213,13 @@ index 00000000000000..7ff09906b8d07b + "crypto/cipher" + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" ++ "errors" + "hash" + "io" + "syscall" + + "github.com/golang-fips/openssl/v2" ++ "github.com/microsoft/go-crypto-winnative/cng" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -529,6 +531,54 @@ index 00000000000000..7ff09906b8d07b + params, err := openssl.GenerateDSAParameters(l, n) + return params.P, params.Q, params.G, err +} ++ ++func GenerateKeyDSA(p, q, g openssl.BigInt) (*openssl.PrivateKeyDSA, error) { ++ return openssl.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { ++ return openssl.NewPrivateKeyDSA(openssl.DSAParameters{p, q, g}, x, y) ++} ++ ++func NewPublicKeyDSA(p, q, g, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { ++ return openssl.NewPublicKeyDSA(openssl.DSAParameters{p, q, g}, y) ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s openssl.BigInt, error) { ++ sig, err := openssl.SignDSA(priv, hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // BCRYPTSignHash generates DSA signatures in P1363 format, ++ // which is simply (r, s), each of them exactly half of the array. ++ if len(sig)%2 != 0 { ++ return nil, nil, errors.New("crypto/dsa: invalid signature size from bcrypt") ++ } ++ ++ return sig[:len(sig)/2], sig[len(sig)/2:], nil ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { ++ // As of FIPS 186-4 the maximum Q size is 32 bytes. ++ // ++ // See also: cbGroupSize at ++ // https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_dsa_key_blob_v2 ++ const maxGroupSize = 32 ++ ++ sig := make([]byte, 0, 2*maxGroupSize) ++ prependZeros := func(nonZeroBytes int) { ++ if zeros := int(size/2) - nonZeroBytes; zeros > 0 { ++ sig = append(sig, make([]byte, zeros)...) ++ } ++ } ++ prependZeros(len(r)) ++ sig = append(sig, r...) ++ prependZeros(len(s)) ++ sig = append(sig, s...) ++ ++ return openssl.VerifyDSA(pub, hash, sig) ++} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 --- a/src/crypto/internal/boring/fipstls/stub.s diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 0da11ecfda8..5e45bf3320d 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 293 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 313 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 388 insertions(+), 27 deletions(-) + 36 files changed, 408 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..39c3c7043ab720 +index 00000000000000..7c718dfe66e51c --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,293 @@ +@@ -0,0 +1,313 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -480,6 +480,26 @@ index 00000000000000..39c3c7043ab720 + } + return params.P, params.Q, params.G, nil +} ++ ++func GenerateKeyDSA(p, q, g cng.BigInt) (*cng.PrivateKeyDSA, error) { ++ return cng.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y cng.BigInt) (*cng.PrivateKeyDSA, error) { ++ return cng.NewPrivateKeyDSA(cng.DSAParameters{p, q, g}, x, y) ++} ++ ++func NewPublicKeyDSA(p, q, g, y cng.BigInt) (*cng.PrivateKeyDSA, error) { ++ return cng.NewPublicKeyDSA(cng.DSAParameters{p, q, g}, y) ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s cng.BigInt, err error) { ++ return cng.SignDSA(priv, hash) ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt) bool { ++ return cng.VerifyDSA(pub, hash, sig) ++} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go index bc595e91024f11..7766d674f5cfaf 100644 --- a/src/crypto/internal/backend/common.go From e51ccc69ec6105820d617624a8a59287343bd0c0 Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 9 Dec 2024 16:58:00 +0000 Subject: [PATCH 118/887] fix:nobackend err --- patches/0002-Add-crypto-backend-foundation.patch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 66d1ec4eb63..81eceff3d21 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -3,6 +3,7 @@ From: qmuntal Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation +fix:nobackend panic consistently without return --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- @@ -886,7 +887,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..be18ecce6eabaa +index 00000000000000..c8d1742872c484 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,224 @@ @@ -1107,7 +1108,7 @@ index 00000000000000..be18ecce6eabaa + panic("cryptobackend: not available") +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s BigInt, error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s BigInt, err error) { + panic("cryptobackend: not available") +} + From 5a9a991a42777b9d42bd53d3eab01efe54ed6aae Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 05:49:58 +0000 Subject: [PATCH 119/887] fix:export no fields on nobackend --- .../0002-Add-crypto-backend-foundation.patch | 46 +++++++++---------- .../0003-Add-BoringSSL-crypto-backend.patch | 4 +- patches/0004-Add-OpenSSL-crypto-backend.patch | 17 ++++--- patches/0005-Add-CNG-crypto-backend.patch | 17 ++++--- 4 files changed, 46 insertions(+), 38 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 81eceff3d21..9fae167a855 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -4,13 +4,15 @@ Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation fix:nobackend panic consistently without return + +002fix --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- src/crypto/boring/boring.go | 2 +- src/crypto/des/cipher.go | 7 + src/crypto/dsa/boring.go | 109 +++++++++ - src/crypto/dsa/dsa.go | 48 ++++ + src/crypto/dsa/dsa.go | 44 ++++ src/crypto/dsa/notboring.go | 16 ++ src/crypto/ecdh/ecdh.go | 2 +- src/crypto/ecdh/nist.go | 2 +- @@ -64,7 +66,7 @@ fix:nobackend panic consistently without return src/hash/notboring_test.go | 5 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1097 insertions(+), 106 deletions(-) + 59 files changed, 1093 insertions(+), 106 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -266,7 +268,7 @@ index 00000000000000..d01c955da8c9e5 + } +} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..787258c9526f74 100644 +index 4524bd492feba0..aa7970053f1a5d 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go @@ -18,6 +18,8 @@ import ( @@ -296,31 +298,25 @@ index 4524bd492feba0..787258c9526f74 100644 qBytes := make([]byte, N/8) pBytes := make([]byte, L/8) -@@ -161,6 +174,23 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { +@@ -161,6 +174,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { return errors.New("crypto/dsa: parameters not set up before generating key") } + if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { -+ b, err := boringPrivateKey(priv) ++ x, y, err := boring.GenerateKeyDSA(bbig.Enc(priv.P), bbig.Enc(priv.Q), bbig.Enc(priv.G)) + if err != nil { + return err + } ++ priv.X = bbig.Dec(x) ++ priv.Y = bbig.Dec(y) + -+ generatedKey, err := boring.GenerateKeyDSA(bbig.Enc(priv.P), bbig.Enc(priv.Q), bbig.Enc(priv.G)) -+ if err != nil { -+ return err -+ } -+ -+ priv.X = bbig.Dec(generatedKey.X) -+ priv.Y = bbig.Dec(generatedKey.Y) -+ -+ return ++ return nil + } + x := new(big.Int) xBytes := make([]byte, priv.Q.BitLen()/8) -@@ -212,6 +242,16 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err +@@ -212,6 +236,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err err = ErrInvalidPublicKey return } @@ -328,26 +324,28 @@ index 4524bd492feba0..787258c9526f74 100644 + if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { + b, err := boringPrivateKey(priv) + if err != nil { -+ return err ++ return nil, nil, err + } + -+ return boring.SignDSA(b, hash) ++ r, s, err := boring.SignDSA(b, hash) ++ ++ return bbig.Dec(r), bbig.Dec(s), err + } + n >>= 3 var attempts int -@@ -271,6 +311,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err +@@ -271,6 +307,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err // to the byte-length of the subgroup. This function does not perform that // truncation itself. func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { -+ if boring.Enabled && boring.SupportsDSA(pub.P.BitLen(), priv.Q.BitLen()) { -+ b, err := boringPrivateKey(priv) ++ if boring.Enabled && boring.SupportsDSA(pub.P.BitLen(), pub.Q.BitLen()) { ++ bkey, err := boringPublicKey(pub) + if err != nil { -+ return nil, err ++ return false + } + -+ return boring.VerifyDSA(pub, hash, bbig.Enc(r), bbig.Enc(s)) ++ return boring.VerifyDSA(bkey, hash, bbig.Enc(r), bbig.Enc(s)) + } // FIPS 186-3, section 4.7 @@ -887,7 +885,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..c8d1742872c484 +index 00000000000000..af8cbf11c28f06 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,224 @@ @@ -1096,7 +1094,7 @@ index 00000000000000..c8d1742872c484 +type PublicKeyDSA struct{ _ int } +type PrivateKeyDSA struct{ _ int } + -+func GenerateKeyDSA(p, q, g BigInt) (*PrivateKeyDSA, error) { ++func GenerateKeyDSA(p, q, g BigInt) (x, y BigInt, err error) { + panic("cryptobackend: not available") +} + diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 47abcee319e..e5d2ac38b35 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -30,7 +30,7 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..638164b1569a1e +index 00000000000000..d0d7c51212da6c --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go @@ -0,0 +1,256 @@ @@ -271,7 +271,7 @@ index 00000000000000..638164b1569a1e +type PrivateKeyDSA struct{} +type PrivateKeyDSA struct{} + -+func GenerateKeyDSA(p, q, g boring.BigInt) (*PrivateKeyDSA, error) { ++func GenerateKeyDSA(p, q, g boring.BigInt) (x, y boring.BigInt, err error) { + panic("cryptobackend: not available") +} + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 4ba27e51dfc..d9c36f384e2 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 382 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 387 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 467 insertions(+), 25 deletions(-) + 36 files changed, 472 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..dff302585913ae +index 00000000000000..89ba8d7f698b41 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,382 @@ +@@ -0,0 +1,387 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -532,8 +532,13 @@ index 00000000000000..dff302585913ae + return params.P, params.Q, params.G, err +} + -+func GenerateKeyDSA(p, q, g openssl.BigInt) (*openssl.PrivateKeyDSA, error) { -+ return openssl.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) { ++ generatedKey, err := openssl.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++ if err != nil { ++ return nil, nil, err ++ } ++ ++ return generatedKey.X, generatedKey.Y, nil +} + +func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 5e45bf3320d..5c2f5697983 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 313 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 318 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 408 insertions(+), 27 deletions(-) + 36 files changed, 413 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..7c718dfe66e51c +index 00000000000000..e06646456aefe0 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,313 @@ +@@ -0,0 +1,318 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -481,8 +481,13 @@ index 00000000000000..7c718dfe66e51c + return params.P, params.Q, params.G, nil +} + -+func GenerateKeyDSA(p, q, g cng.BigInt) (*cng.PrivateKeyDSA, error) { -+ return cng.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++func GenerateKeyDSA(p, q, g cng.BigInt) (x, y cng.BigInt, err error) { ++ generatedKey, err := cng.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++ if err != nil { ++ return nil, nil, err ++ } ++ ++ return generatedKey.X, generatedKey.Y, nil +} + +func NewPrivateKeyDSA(p, q, g, x, y cng.BigInt) (*cng.PrivateKeyDSA, error) { From d20fd4413ae9a98581c4e342d050b759b9c645fd Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 06:05:54 +0000 Subject: [PATCH 120/887] fix:remove commit message --- patches/0002-Add-crypto-backend-foundation.patch | 3 --- 1 file changed, 3 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 9fae167a855..3dba2979338 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -3,9 +3,6 @@ From: qmuntal Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation -fix:nobackend panic consistently without return - -002fix --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- From d510d914fd6456edad899b6682092a05060bde93 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 06:13:00 +0000 Subject: [PATCH 121/887] fix:remove commit message --- patches/0004-Add-OpenSSL-crypto-backend.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index d9c36f384e2..95395b5af9d 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -193,7 +193,7 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..89ba8d7f698b41 +index 00000000000000..a264fa42af8198 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,387 @@ @@ -549,7 +549,7 @@ index 00000000000000..89ba8d7f698b41 + return openssl.NewPublicKeyDSA(openssl.DSAParameters{p, q, g}, y) +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s openssl.BigInt, error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s openssl.BigInt, err error) { + sig, err := openssl.SignDSA(priv, hash) + if err != nil { + return nil, err From e7fa9320841df01b1006e1408d87c8b063a1aa47 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 06:32:37 +0000 Subject: [PATCH 122/887] fix:update function signatures --- patches/0004-Add-OpenSSL-crypto-backend.patch | 4 ++-- patches/0005-Add-CNG-crypto-backend.patch | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 95395b5af9d..bdf27f1c1ac 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -193,7 +193,7 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..a264fa42af8198 +index 00000000000000..4166b9a237cab3 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,387 @@ @@ -582,7 +582,7 @@ index 00000000000000..a264fa42af8198 + prependZeros(len(s)) + sig = append(sig, s...) + -+ return openssl.VerifyDSA(pub, hash, sig) ++ return openssl.VerifyDSA(pub, hashed, sig) +} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 5c2f5697983..fc94173ab47 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -183,7 +183,7 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..e06646456aefe0 +index 00000000000000..2401bb177b900c --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go @@ -0,0 +1,318 @@ @@ -503,7 +503,7 @@ index 00000000000000..e06646456aefe0 +} + +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt) bool { -+ return cng.VerifyDSA(pub, hash, sig) ++ return cng.VerifyDSA(pub, hashed, r, s) +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go index bc595e91024f11..7766d674f5cfaf 100644 From 9b22b1453617b54b36adcceeb6c76ad312a074b7 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 07:03:46 +0000 Subject: [PATCH 123/887] Fix:update patches correctly --- .../0003-Add-BoringSSL-crypto-backend.patch | 4 ++-- patches/0004-Add-OpenSSL-crypto-backend.patch | 18 ++++++++++-------- patches/0005-Add-CNG-crypto-backend.patch | 13 ++++++++----- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index e5d2ac38b35..781ada7e703 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -30,7 +30,7 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..d0d7c51212da6c +index 00000000000000..03dd981dbbfa48 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go @@ -0,0 +1,256 @@ @@ -269,7 +269,7 @@ index 00000000000000..d0d7c51212da6c +} + +type PrivateKeyDSA struct{} -+type PrivateKeyDSA struct{} ++type PublicKeyDSA struct{} + +func GenerateKeyDSA(p, q, g boring.BigInt) (x, y boring.BigInt, err error) { + panic("cryptobackend: not available") diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index bdf27f1c1ac..10fdd759403 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 387 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 389 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 472 insertions(+), 25 deletions(-) + 36 files changed, 474 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..4166b9a237cab3 +index 00000000000000..296665f9f8a896 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,387 @@ +@@ -0,0 +1,389 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -219,7 +219,6 @@ index 00000000000000..4166b9a237cab3 + "syscall" + + "github.com/golang-fips/openssl/v2" -+ "github.com/microsoft/go-crypto-winnative/cng" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -523,6 +522,9 @@ index 00000000000000..4166b9a237cab3 + return openssl.VerifyEd25519(pub, message, sig) +} + ++type PublicKeyDSA = openssl.PublicKeyDSA ++type PrivateKeyDSA = openssl.PrivateKeyDSA ++ +func SupportsDSA(l, n int) bool { + return openssl.SupportsDSA() +} @@ -533,7 +535,7 @@ index 00000000000000..4166b9a237cab3 +} + +func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) { -+ generatedKey, err := openssl.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++ generatedKey, err := openssl.GenerateKeyDSA(openssl.DSAParameters{p, q, g}) + if err != nil { + return nil, nil, err + } @@ -545,14 +547,14 @@ index 00000000000000..4166b9a237cab3 + return openssl.NewPrivateKeyDSA(openssl.DSAParameters{p, q, g}, x, y) +} + -+func NewPublicKeyDSA(p, q, g, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { ++func NewPublicKeyDSA(p, q, g, y openssl.BigInt) (*openssl.PublicKeyDSA, error) { + return openssl.NewPublicKeyDSA(openssl.DSAParameters{p, q, g}, y) +} + +func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s openssl.BigInt, err error) { + sig, err := openssl.SignDSA(priv, hash) + if err != nil { -+ return nil, err ++ return nil, nil, err + } + + // BCRYPTSignHash generates DSA signatures in P1363 format, diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index fc94173ab47..790c2b808d6 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 318 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 321 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 413 insertions(+), 27 deletions(-) + 36 files changed, 416 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..2401bb177b900c +index 00000000000000..542b21f1a25e05 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,318 @@ +@@ -0,0 +1,321 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -468,6 +468,9 @@ index 00000000000000..2401bb177b900c + panic("cryptobackend: not available") +} + ++type PrivateKeyDSA = cng.PrivateKeyDSA ++type PublicKeyDSA = cng.PublicKeyDSA ++ +func SupportsDSA(l, n int) bool { + // These are the only N values supported by CNG + return n == 160 || n == 256 @@ -494,7 +497,7 @@ index 00000000000000..2401bb177b900c + return cng.NewPrivateKeyDSA(cng.DSAParameters{p, q, g}, x, y) +} + -+func NewPublicKeyDSA(p, q, g, y cng.BigInt) (*cng.PrivateKeyDSA, error) { ++func NewPublicKeyDSA(p, q, g, y cng.BigInt) (*cng.PublicKeyDSA, error) { + return cng.NewPublicKeyDSA(cng.DSAParameters{p, q, g}, y) +} + From 363507c82603687221e17897451b90a054f59f64 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 07:22:09 +0000 Subject: [PATCH 124/887] fix:boringssl wrong import signature --- patches/0003-Add-BoringSSL-crypto-backend.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 781ada7e703..f4ce862eab6 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -30,7 +30,7 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..03dd981dbbfa48 +index 00000000000000..797e805300c4c9 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go @@ -0,0 +1,256 @@ @@ -279,7 +279,7 @@ index 00000000000000..03dd981dbbfa48 + panic("cryptobackend: not available") +} + -+func NewPublicKeyDSA(p, q, g, y boring.BigInt) (*PrivateKeyDSA, error) { ++func NewPublicKeyDSA(p, q, g, y boring.BigInt) (*PublicKeyDSA, error) { + panic("cryptobackend: not available") +} + From 0edd64b40fef6510f9d22e1b3a707ec5ad81ce87 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 07:36:00 +0000 Subject: [PATCH 125/887] fix:parameters --- .../0002-Add-crypto-backend-foundation.patch | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 3dba2979338..546927091ac 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -3,12 +3,15 @@ From: qmuntal Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation +fix:nobackend panic consistently without return + +002fix --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- src/crypto/boring/boring.go | 2 +- src/crypto/des/cipher.go | 7 + - src/crypto/dsa/boring.go | 109 +++++++++ + src/crypto/dsa/boring.go | 113 ++++++++++ src/crypto/dsa/dsa.go | 44 ++++ src/crypto/dsa/notboring.go | 16 ++ src/crypto/ecdh/ecdh.go | 2 +- @@ -63,7 +66,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 5 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1093 insertions(+), 106 deletions(-) + 59 files changed, 1097 insertions(+), 106 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -151,10 +154,10 @@ index 04b73e7d3bf758..0891652a4566fb 100644 c.cipher1.generateSubkeys(key[:8]) diff --git a/src/crypto/dsa/boring.go b/src/crypto/dsa/boring.go new file mode 100644 -index 00000000000000..d01c955da8c9e5 +index 00000000000000..3be888a0104809 --- /dev/null +++ b/src/crypto/dsa/boring.go -@@ -0,0 +1,109 @@ +@@ -0,0 +1,113 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -248,7 +251,11 @@ index 00000000000000..d01c955da8c9e5 + +func copyPublicKey(k *PublicKey) PublicKey { + return PublicKey{ -+ Parameters{new(big.Int).Set(k.P), new(big.Int).Set(k.Q), new(big.Int).Set(k.G)}, ++ Parameters: Parameters{ ++ P: new(big.Int).Set(k.P), ++ Q: new(big.Int).Set(k.Q), ++ G: new(big.Int).Set(k.G), ++ }, + Y: new(big.Int).Set(k.Y), + } +} From e408c08bd57a549e5ba5eb7eb754693ebef921db Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 07:56:53 +0000 Subject: [PATCH 126/887] fix: correct function signature for nobackend --- patches/0002-Add-crypto-backend-foundation.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 546927091ac..1574121316e 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -889,7 +889,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..af8cbf11c28f06 +index 00000000000000..2f6b54f20be6bf --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,224 @@ @@ -1106,7 +1106,7 @@ index 00000000000000..af8cbf11c28f06 + panic("cryptobackend: not available") +} + -+func NewPublicKeyDSA(p, q, g, y BigInt) (*PrivateKeyDSA, error) { ++func NewPublicKeyDSA(p, q, g, y BigInt) (*PublicKeyDSA, error) { + panic("cryptobackend: not available") +} + From b02069649d9c43d4067e016b70dba10304814695 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 15:34:42 +0000 Subject: [PATCH 127/887] fix: openssl conversions --- patches/0004-Add-OpenSSL-crypto-backend.patch | 58 +++++++++++-------- 1 file changed, 33 insertions(+), 25 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 10fdd759403..d505f7e0db2 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 389 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 397 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 474 insertions(+), 25 deletions(-) + 36 files changed, 482 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..296665f9f8a896 +index 00000000000000..613a23b89dcd69 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,389 @@ +@@ -0,0 +1,397 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -219,6 +219,9 @@ index 00000000000000..296665f9f8a896 + "syscall" + + "github.com/golang-fips/openssl/v2" ++ "github.com/golang-fips/openssl/v2/bbig" ++ "golang.org/x/crypto/cryptobyte" ++ "golang.org/x/crypto/cryptobyte/asn1" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -557,34 +560,39 @@ index 00000000000000..296665f9f8a896 + return nil, nil, err + } + -+ // BCRYPTSignHash generates DSA signatures in P1363 format, -+ // which is simply (r, s), each of them exactly half of the array. -+ if len(sig)%2 != 0 { -+ return nil, nil, errors.New("crypto/dsa: invalid signature size from bcrypt") ++ r, s, err := parseSignature(sig) ++ if err != nil { ++ return nil, nil, err + } + -+ return sig[:len(sig)/2], sig[len(sig)/2:], nil ++ return bbig.Dec(r), bbig.Dec(s), nil +} + +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { -+ // As of FIPS 186-4 the maximum Q size is 32 bytes. -+ // -+ // See also: cbGroupSize at -+ // https://learn.microsoft.com/en-us/windows/win32/api/bcrypt/ns-bcrypt-bcrypt_dsa_key_blob_v2 -+ const maxGroupSize = 32 -+ -+ sig := make([]byte, 0, 2*maxGroupSize) -+ prependZeros := func(nonZeroBytes int) { -+ if zeros := int(size/2) - nonZeroBytes; zeros > 0 { -+ sig = append(sig, make([]byte, zeros)...) -+ } ++ sig := encodeSignature(bbig.Enc(r), bbig.Enc(s)) ++ return openssl.VerifyDSA(pub, hashed, sig) ++} ++ ++func parseSignature(sig []byte) (r, s []byte, err error) { ++ var inner cryptobyte.String ++ input := cryptobyte.String(sig) ++ if !input.ReadASN1(&inner, asn1.SEQUENCE) || ++ !input.Empty() || ++ !inner.ReadASN1Integer(&r) || ++ !inner.ReadASN1Integer(&s) || ++ !inner.Empty() { ++ return nil, nil, errors.New("invalid ASN.1") + } -+ prependZeros(len(r)) -+ sig = append(sig, r...) -+ prependZeros(len(s)) -+ sig = append(sig, s...) ++ return r, s, nil ++} + -+ return openssl.VerifyDSA(pub, hashed, sig) ++func encodeSignature(r, s []byte) ([]byte, error) { ++ var b cryptobyte.Builder ++ b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ addASN1IntBytes(b, r) ++ addASN1IntBytes(b, s) ++ }) ++ return b.Bytes() +} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 From f57d4f73fd841ba6127d3cdfb32ec248065e23be Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 15:50:09 +0000 Subject: [PATCH 128/887] fix:add missing signatures --- patches/0004-Add-OpenSSL-crypto-backend.patch | 36 +++++++++++++++---- 1 file changed, 29 insertions(+), 7 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index d505f7e0db2..7ecb9e44b2a 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 397 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 419 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 482 insertions(+), 25 deletions(-) + 36 files changed, 504 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..613a23b89dcd69 +index 00000000000000..f72aad4805a06b --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,397 @@ +@@ -0,0 +1,419 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -560,16 +560,20 @@ index 00000000000000..613a23b89dcd69 + return nil, nil, err + } + -+ r, s, err := parseSignature(sig) ++ rByte, sByte, err := parseSignature(sig) + if err != nil { + return nil, nil, err + } + -+ return bbig.Dec(r), bbig.Dec(s), nil ++ return bbig.Dec(rByte), bbig.Dec(sByte), nil +} + +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { -+ sig := encodeSignature(bbig.Enc(r), bbig.Enc(s)) ++ sig, err := encodeSignature(bbig.Enc(r), bbig.Enc(s)) ++ if err != nil { ++ return false ++ } ++ + return openssl.VerifyDSA(pub, hashed, sig) +} + @@ -594,6 +598,24 @@ index 00000000000000..613a23b89dcd69 + }) + return b.Bytes() +} ++ ++// addASN1IntBytes encodes in ASN.1 a positive integer represented as ++// a big-endian byte slice with zero or more leading zeroes. ++func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) { ++ for len(bytes) > 0 && bytes[0] == 0 { ++ bytes = bytes[1:] ++ } ++ if len(bytes) == 0 { ++ b.SetError(errors.New("invalid integer")) ++ return ++ } ++ b.AddASN1(asn1.INTEGER, func(c *cryptobyte.Builder) { ++ if bytes[0]&0x80 != 0 { ++ c.AddUint8(0) ++ } ++ c.AddBytes(bytes) ++ }) ++} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 --- a/src/crypto/internal/boring/fipstls/stub.s From 120c6b5ad97e4f6e446ae0afac754878bcd4860e Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 16:04:50 +0000 Subject: [PATCH 129/887] fix:bigint --- patches/0004-Add-OpenSSL-crypto-backend.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 7ecb9e44b2a..88f6564bf82 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -193,7 +193,7 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..f72aad4805a06b +index 00000000000000..0b4964d971f4bc --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,419 @@ @@ -211,6 +211,7 @@ index 00000000000000..f72aad4805a06b +import ( + "crypto" + "crypto/cipher" ++ "crypto/internal/backend/bbig" + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" + "errors" @@ -219,7 +220,6 @@ index 00000000000000..f72aad4805a06b + "syscall" + + "github.com/golang-fips/openssl/v2" -+ "github.com/golang-fips/openssl/v2/bbig" + "golang.org/x/crypto/cryptobyte" + "golang.org/x/crypto/cryptobyte/asn1" +) From 41c3f930cffb583ac7dfc3d6ef03d57415dbd988 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 16:23:06 +0000 Subject: [PATCH 130/887] fix:openssl bigint --- patches/0004-Add-OpenSSL-crypto-backend.patch | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 88f6564bf82..54a1a278d64 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 419 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 418 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 504 insertions(+), 25 deletions(-) + 36 files changed, 503 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..0b4964d971f4bc +index 00000000000000..9186ae56d702a1 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,419 @@ +@@ -0,0 +1,418 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -211,7 +211,6 @@ index 00000000000000..0b4964d971f4bc +import ( + "crypto" + "crypto/cipher" -+ "crypto/internal/backend/bbig" + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" + "errors" @@ -565,11 +564,11 @@ index 00000000000000..0b4964d971f4bc + return nil, nil, err + } + -+ return bbig.Dec(rByte), bbig.Dec(sByte), nil ++ return new(openssl.BigInt).SetBytes(rByte), new(openssl.BigInt).SetBytes(sByte), nil +} + +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { -+ sig, err := encodeSignature(bbig.Enc(r), bbig.Enc(s)) ++ sig, err := encodeSignature(r.Bytes(), s.Bytes()) + if err != nil { + return false + } From e88e2531bf500404c04497f339f1d85b78c64494 Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 16:37:13 +0000 Subject: [PATCH 131/887] fix:bigint conversion --- patches/0004-Add-OpenSSL-crypto-backend.patch | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 54a1a278d64..1795b3fe182 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 418 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 419 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 503 insertions(+), 25 deletions(-) + 36 files changed, 504 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..9186ae56d702a1 +index 00000000000000..dbb7962d4370b7 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,418 @@ +@@ -0,0 +1,419 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -219,6 +219,7 @@ index 00000000000000..9186ae56d702a1 + "syscall" + + "github.com/golang-fips/openssl/v2" ++ "github.com/golang-fips/openssl/v2/bbig" + "golang.org/x/crypto/cryptobyte" + "golang.org/x/crypto/cryptobyte/asn1" +) @@ -564,11 +565,11 @@ index 00000000000000..9186ae56d702a1 + return nil, nil, err + } + -+ return new(openssl.BigInt).SetBytes(rByte), new(openssl.BigInt).SetBytes(sByte), nil ++ return bbig.Enc(new(big.Int).SetBytes(rByte)), bbig.Enc(new(big.BigInt).SetBytes(sByte)), nil +} + +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { -+ sig, err := encodeSignature(r.Bytes(), s.Bytes()) ++ sig, err := encodeSignature(bbig.Dec(r).Bytes(), bbig.Dec(s).Bytes()) + if err != nil { + return false + } From b6673d060ddbb6baaf397d3cede91c0ced4e1a8b Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 16:47:12 +0000 Subject: [PATCH 132/887] fix:import math big --- patches/0004-Add-OpenSSL-crypto-backend.patch | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 1795b3fe182..06f586f2759 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 419 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 420 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 504 insertions(+), 25 deletions(-) + 36 files changed, 505 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..dbb7962d4370b7 +index 00000000000000..736c0a5df7e80a --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,419 @@ +@@ -0,0 +1,420 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -216,6 +216,7 @@ index 00000000000000..dbb7962d4370b7 + "errors" + "hash" + "io" ++ "math/big" + "syscall" + + "github.com/golang-fips/openssl/v2" From 592171e0e139d814094a8d8a9935edea1714d1ad Mon Sep 17 00:00:00 2001 From: mertakman Date: Tue, 10 Dec 2024 16:50:45 +0000 Subject: [PATCH 133/887] fix bigint syntax --- patches/0004-Add-OpenSSL-crypto-backend.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 06f586f2759..59412a9f2c3 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -193,7 +193,7 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..736c0a5df7e80a +index 00000000000000..3c3991993ee40a --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,420 @@ @@ -566,7 +566,7 @@ index 00000000000000..736c0a5df7e80a + return nil, nil, err + } + -+ return bbig.Enc(new(big.Int).SetBytes(rByte)), bbig.Enc(new(big.BigInt).SetBytes(sByte)), nil ++ return bbig.Enc(new(big.Int).SetBytes(rByte)), bbig.Enc(new(big.Int).SetBytes(sByte)), nil +} + +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { From 4a687ca6ff9d59c49401ac80f557eea4d4dd46f7 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 10 Dec 2024 11:39:03 -0800 Subject: [PATCH 134/887] FIPS readme: updates for CNG accuracy, other clarity (#1432) * FIPS readme: updates for CNG accuracy, other clarity * Update eng/doc/fips/README.md * Update note about OpenSSL config, mention AzL3 in changelog --- eng/doc/fips/README.md | 46 ++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 17 deletions(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index d02bf737209..6c2ddef7fd9 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -59,9 +59,9 @@ There are typically two goals that lead to this document. Creating a FIPS compli | Build-time config | Runtime config | Internal Microsoft crypto policy | FIPS behavior | | --- | --- | --- | --- | | Default | Default | Not compliant | Crypto usage is not FIPS compliant. | -| `GOEXPERIMENT=systemcrypto` | Default | Compliant | Can be used to create a compliant app. FIPS mode is automatically enabled at runtime if it is configured systemwide or `GOFIPS=1`. Flexible. | -| `GOEXPERIMENT=systemcrypto` | `GOFIPS=1` | Compliant | Can be used to create a compliant app. The app either enables FIPS mode or ensures it is already enabled. Otherwise, the app panics. | -| `GOEXPERIMENT=systemcrypto` | `GOFIPS=0` | Compliant | Crypto usage is not FIPS compliant. The app attempts to disable FIPS mode and panics if it isn't possible. | +| `GOEXPERIMENT=systemcrypto` | Default | Compliant | Can be used to create a compliant app. FIPS mode is determined by system-wide configuration. Make sure you are familiar with your platform's system-wide FIPS switch, described in [Usage: Runtime](#usage-runtime). | +| `GOEXPERIMENT=systemcrypto` | `GOFIPS=1` | Compliant | Can be used to create a compliant app. Depending on platform, the app either enables FIPS mode or ensures it is already enabled. The app panics if there is a problem. See [Usage: Runtime](#usage-runtime). | +| `GOEXPERIMENT=systemcrypto` | `GOFIPS=0` | Compliant | Crypto usage is unlikely to be FIPS compliant. The exact behavior of `GOFIPS=0` varies per platform. See [Usage: Runtime](#usage-runtime). | | `GOEXPERIMENT=systemcrypto` | `GO_OPENSSL_VERSION_OVERRIDE=1.1.1k-fips` | Compliant | Can be used to create a compliant app. If the app is built for Linux, `systemcrypto` chooses `opensslcrypto`, and the environment variable causes it to load `libcrypto.so.1.1.1k-fips` instead of using the automatic search behavior. This environment variable has no effect with `cngcrypto`. | | `GOEXPERIMENT=systemcrypto` and `-tags=requirefips` | Default | Compliant | Can be used to create a compliant app. The behavior is the same as `GOFIPS=1`, but no runtime configuration is necessary. See [the `requirefips` section](#build-option-to-require-fips-mode) for more information on when this "locked-in" approach may be useful rather than the flexible approach. | @@ -163,7 +163,7 @@ Another approach that generally works for any build system is to modify the buil #### PowerShell - Set `GOEXPERIMENT` environment variable - ```pwsh - $env:GOEXPERIMENT = "cngcrypto" + $env:GOEXPERIMENT = "systemcrypto" go build ./myapp ``` @@ -190,38 +190,44 @@ Another approach that generally works for any build system is to modify the buil $env:GOFLAGS = "-tags=goexperiment.systemcrypto" go build ./myapp ``` -- Note: if `-tags` is specified in `GOFLAGS` and `-tags` is also passed to the build command, the value passed to the build command is used and the one in `GOFLAGS` is ignored. + +> [!NOTE] +> If `-tags` is specified in `GOFLAGS` and `-tags` is also passed directly to the build command, the value passed to the build command is used and the one in `GOFLAGS` is ignored. ## Usage: Runtime -A program built with `opensslcrypto` always uses the OpenSSL library present on the system for crypto APIs. Likewise for `cngcrypto` and CNG. If the platform's crypto library can't be found or loaded, the Go program panics during initialization. +A program built with `systemcrypto` always uses the system-provided cryptography library for supported crypto APIs. This is the case for `opensslcrypto` (always using OpenSSL) and `cngcrypto` (always using CNG). If the platform's crypto library can't be found or loaded, the Go program panics during initialization. -The following sections describe how to enable FIPS mode. +The following sections describe how to enable FIPS mode and the effect of the `GOFIPS` environment variable on each supported platform. > [!NOTE] -> The options described in this section have no effect at build time, only when the system running the Go program is changed. This is normally the desired behavior. See [`requirefips`](#build-option-to-require-fips-mode) for the optional build tag that enables FIPS mode. +> The options described in this section have no effect at build time, only runtime. When the Go program starts up, it examines its environment variables and other platform-specific configurations. This is normally the desired behavior. See [`requirefips`](#build-option-to-require-fips-mode) for info about an optional build tag that may affect FIPS mode. ### Linux FIPS mode (OpenSSL) -To set FIPS mode on Linux, use one of the following options. The first match wins: +To set FIPS mode on Linux, use one of the following options. The first match in this list wins: - Explicitly enable it by setting the environment variable `GOFIPS=1`. - Explicitly disable it by setting the environment variable `GOFIPS=0`. - Implicitly enable it by booting the Linux Kernel in FIPS mode. - - Linux FIPS mode sets the content of `/proc/sys/crypto/fips_enabled` to `1`. The Go runtime reads this file. + - The Linux Kernel's FIPS mode sets the content of `/proc/sys/crypto/fips_enabled` to `1`. The Go runtime reads this file. -If the Go runtime detects a FIPS preference, it configures OpenSSL during program initialization. This includes disabling FIPS mode if `GOFIPS=0`. If configuration fails, program initialization panics. +If the Go runtime detects a FIPS preference, it configures OpenSSL during program initialization. This includes disabling FIPS mode if `GOFIPS=0` even if OpenSSL is configured to be in FIPS mode by default. If configuration fails, program initialization panics. -If no option is detected, the Go runtime doesn't set the OpenSSL FIPS mode, and the standard OpenSSL configuration is left unchanged. For more information about the standard OpenSSL FIPS behavior, see https://www.openssl.org/docs/fips.html. +If no preference is detected, the Go runtime doesn't set the OpenSSL FIPS mode, and the standard OpenSSL configuration is left unchanged. For more information about the standard OpenSSL FIPS behavior, see https://www.openssl.org/docs/fips.html. ### Windows FIPS mode (CNG) -To enable FIPS mode on Windows, [enable the Windows FIPS policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation#step-3-enable-the-fips-security-policy). For testing purposes, this can be set via the registry key `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy`, dword value `Enabled` set to `1`. +To enable FIPS mode on Windows, [enable the Windows FIPS policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation#step-3-enable-the-fips-security-policy). -To make the Go runtime panic during program initialization if FIPS mode is not enabled, set the environment variable `GOFIPS=1`. +If the Go runtime detects `GOFIPS=1` and FIPS policy is not enabled, the program will panic during program initialization. This may be useful to detect and refuse to run on incorrectly configured Windows systems. Otherwise, `GOFIPS` has no effect. > [!NOTE] -> Unlike `opensslcrypto`, a Windows program built with `cngcrypto` doesn't include the ability to enable/disable FIPS, only ensure it's enabled. Windows FIPS mode is not a per-process setting, and changing it may require elevated permissions. Adding this feature would likely have unintended consequences. +> Unlike `opensslcrypto`, a Windows program built with `cngcrypto` doesn't include the ability to enable/disable FIPS mode. The change must be made by configuring the OS, not the Go program. +> +> This is because Windows FIPS mode is not a per-process setting, and changing it may require elevated permissions. We expect that adding a feature that attempts to change the Windows policy would have unintended consequences. + +For testing purposes, Windows FIPS policy can be enabled via the registry key `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy`, dword value `Enabled` set to `1`. ## Usage: Extra configuration options @@ -343,7 +349,9 @@ Not all OpenSSL versions are supported. OpenSSL does not maintain ABI compatibil Versions not listed above are not supported at all. > [!NOTE] -> Note that one can enable or disable certain [OpenSSL features] when building it, diverging from the default configuration. The Go runtime does not support all possible configurations, and some may cause the Go runtime to panic during initialization or not work as expected. The Go runtime is tested with the default configuration of the supported versions and with the OpenSSL configuration shipped in [Azure Linux]. +> Any build of OpenSSL might have various [OpenSSL features] enabled or disabled, diverging from the default configuration. Microsoft Go does not support all possible OpenSSL configurations. Some may cause the Go runtime to panic during initialization or not work as expected. +> +> The Go runtime is tested with the default configuration of each supported OpenSSL version and with the OpenSSL configurations in the [Azure Linux] 2 and [Azure Linux] 3 distributions. ### Dynamic linking @@ -377,7 +385,7 @@ Prior to Go 1.22, a program using the Go TLS stack must import the `crypto/tls/f The work done to support FIPS compatibility mode leverages code and ideas from other open-source projects: -- All crypto stubs are a mirror of Google's [dev.boringcrypto branch](https://github.com/golang/go/tree/dev.boringcrypto) and the release branch ports of that branch. +- All crypto stubs are based on upstream Go's [boringcrypto implementation](https://pkg.go.dev/crypto/internal/boring). - The mapping between BoringSSL and OpenSSL APIs is taken from Fedora's [Go fork](https://pagure.io/go). - Portable OpenSSL implementation ported from Microsoft's [.NET runtime](https://github.com/dotnet/runtime) cryptography module. @@ -389,6 +397,10 @@ A program running in FIPS mode can claim it is using a FIPS-certified cryptograp This list of major changes is intended for quick reference and for access to historical information about versions that are no longer supported. The behavior of all in-support versions are documented in the sections above with notes for version-specific differences where necessary. +### Go [1.22.9-2](https://github.com/microsoft/go/releases/tag/v1.22.9-2) and [1.23.3-2](https://github.com/microsoft/go/releases/tag/v1.23.3-2) (Dec 2024) + +- Adds compatibility with changes that [Azure Linux] 3 made to the OpenSSL configuration, specifically the change to use [SCOSSL](https://github.com/microsoft/SymCrypt-OpenSSL). The SCOSSL-related Azure Linux packages must also be up to date for compatibility, at least `SymCrypt-103.6.0-1` and `SymCrypt-OpenSSL-1.6.1-1`. + ### Go 1.22 (Feb 2024) - Automatically enforce that `crypto/tls` and `crypto/x509` only use FIPS-approved settings when running in FIPS mode. From c32fb350057386a6ba3550a692fbc436b4eefd22 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 10:33:54 +0000 Subject: [PATCH 135/887] Bump github/codeql-action from 3.27.6 to 3.27.7 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.6 to 3.27.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/aa578102511db1f4524ed59b8cc2bae4f6e88195...babb554ede22fd5605947329c4d04d8e7a0b8155) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ec7cb594d42..b73ed2b0374 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/init@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/autobuild@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/analyze@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 with: category: /language:go From 6110fbfa016194cc55dd04e9954b1b4a23380ece Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 12 Dec 2024 03:59:21 +0000 Subject: [PATCH 136/887] fix:dependency imports --- .../0002-Add-crypto-backend-foundation.patch | 3 --- patches/0004-Add-OpenSSL-crypto-backend.patch | 22 +++++++++++++------ 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 1574121316e..a0655a055ff 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -3,9 +3,6 @@ From: qmuntal Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation -fix:nobackend panic consistently without return - -002fix --- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 59412a9f2c3..b9d186350c7 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -32,7 +32,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/x509/notboring.go | 2 +- src/go.mod | 1 + src/go.sum | 2 + - src/go/build/deps_test.go | 7 +- + src/go/build/deps_test.go | 8 +- src/go/build/vendor_test.go | 1 + src/hash/boring_test.go | 2 +- src/hash/notboring_test.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 505 insertions(+), 25 deletions(-) + 36 files changed, 506 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,7 +193,7 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..3c3991993ee40a +index 00000000000000..017baddcf79c06 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,420 @@ @@ -211,6 +211,7 @@ index 00000000000000..3c3991993ee40a +import ( + "crypto" + "crypto/cipher" ++ "crypto/internal/backend/bbig" + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" + "errors" @@ -220,7 +221,6 @@ index 00000000000000..3c3991993ee40a + "syscall" + + "github.com/golang-fips/openssl/v2" -+ "github.com/golang-fips/openssl/v2/bbig" + "golang.org/x/crypto/cryptobyte" + "golang.org/x/crypto/cryptobyte/asn1" +) @@ -835,7 +835,7 @@ index b4efd6d3c50c11..4c3ca847c21cd2 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 578b4d6f68504c..80a14d54739524 100644 +index 578b4d6f68504c..0a69b3e3167ee4 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -476,6 +476,8 @@ var depsRules = ` @@ -855,7 +855,15 @@ index 578b4d6f68504c..80a14d54739524 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -812,7 +815,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -522,6 +525,7 @@ var depsRules = ` + < encoding/asn1 + < golang.org/x/crypto/cryptobyte/asn1 + < golang.org/x/crypto/cryptobyte ++ < crypto/internal/backend + < crypto/internal/bigmod + < crypto/dsa, crypto/elliptic, crypto/rsa + < crypto/ecdsa +@@ -812,7 +816,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -864,7 +872,7 @@ index 578b4d6f68504c..80a14d54739524 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -822,7 +825,7 @@ func findImports(pkg string) ([]string, error) { +@@ -822,7 +826,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} From 234fe896793cca41268de8be8c26e0662812cb46 Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 12 Dec 2024 06:53:03 +0000 Subject: [PATCH 137/887] fix:restructure pkg layout --- .../0002-Add-crypto-backend-foundation.patch | 75 +++++++++++++++--- .../0003-Add-BoringSSL-crypto-backend.patch | 6 +- patches/0004-Add-OpenSSL-crypto-backend.patch | 79 +++---------------- patches/0005-Add-CNG-crypto-backend.patch | 6 +- 4 files changed, 81 insertions(+), 85 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index a0655a055ff..6bb40d06a32 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/boring/boring.go | 2 +- src/crypto/des/cipher.go | 7 + src/crypto/dsa/boring.go | 113 ++++++++++ - src/crypto/dsa/dsa.go | 44 ++++ + src/crypto/dsa/dsa.go | 88 ++++++++ src/crypto/dsa/notboring.go | 16 ++ src/crypto/ecdh/ecdh.go | 2 +- src/crypto/ecdh/nist.go | 2 +- @@ -63,7 +63,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 5 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1097 insertions(+), 106 deletions(-) + 59 files changed, 1141 insertions(+), 106 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -269,19 +269,23 @@ index 00000000000000..3be888a0104809 + } +} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..aa7970053f1a5d 100644 +index 4524bd492feba0..9161e4b0a6ce85 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go -@@ -18,6 +18,8 @@ import ( +@@ -18,7 +18,12 @@ import ( "io" "math/big" + boring "crypto/internal/backend" + "crypto/internal/backend/bbig" "crypto/internal/randutil" ++ ++ "golang.org/x/crypto/cryptobyte" ++ "golang.org/x/crypto/cryptobyte/asn1" ) -@@ -86,6 +88,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes + // Parameters represents the domain parameters for a key. These parameters can +@@ -86,6 +91,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes return errors.New("crypto/dsa: invalid ParameterSizes") } @@ -299,7 +303,7 @@ index 4524bd492feba0..aa7970053f1a5d 100644 qBytes := make([]byte, N/8) pBytes := make([]byte, L/8) -@@ -161,6 +174,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { +@@ -161,6 +177,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { return errors.New("crypto/dsa: parameters not set up before generating key") } @@ -317,7 +321,7 @@ index 4524bd492feba0..aa7970053f1a5d 100644 x := new(big.Int) xBytes := make([]byte, priv.Q.BitLen()/8) -@@ -212,6 +236,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err +@@ -212,6 +239,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err err = ErrInvalidPublicKey return } @@ -328,7 +332,7 @@ index 4524bd492feba0..aa7970053f1a5d 100644 + return nil, nil, err + } + -+ r, s, err := boring.SignDSA(b, hash) ++ r, s, err := boring.SignDSA(b, hash, parseSignature) + + return bbig.Dec(r), bbig.Dec(s), err + } @@ -336,7 +340,7 @@ index 4524bd492feba0..aa7970053f1a5d 100644 n >>= 3 var attempts int -@@ -271,6 +307,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err +@@ -271,6 +310,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err // to the byte-length of the subgroup. This function does not perform that // truncation itself. func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { @@ -346,11 +350,56 @@ index 4524bd492feba0..aa7970053f1a5d 100644 + return false + } + -+ return boring.VerifyDSA(bkey, hash, bbig.Enc(r), bbig.Enc(s)) ++ return boring.VerifyDSA(bkey, hash, bbig.Enc(r), bbig.Enc(s), encodeSignature) + } // FIPS 186-3, section 4.7 if pub.P.Sign() == 0 { +@@ -307,3 +354,44 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { + + return v.Cmp(r) == 0 + } ++ ++func parseSignature(sig []byte) ([]uint, []uint, error) { ++ var r, s []byte ++ var inner cryptobyte.String ++ input := cryptobyte.String(sig) ++ if !input.ReadASN1(&inner, asn1.SEQUENCE) || ++ !input.Empty() || ++ !inner.ReadASN1Integer(&r) || ++ !inner.ReadASN1Integer(&s) || ++ !inner.Empty() { ++ return nil, nil, errors.New("invalid ASN.1") ++ } ++ return []uint(bbig.Enc(new(big.Int).SetBytes(r))), []uint(bbig.Enc(new(big.Int).SetBytes(s))), nil ++} ++ ++func encodeSignature(r, s []uint) ([]byte, error) { ++ var b cryptobyte.Builder ++ b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ addASN1IntBytes(b, bbig.Dec(r).Bytes()) ++ addASN1IntBytes(b, bbig.Dec(s).Bytes()) ++ }) ++ return b.Bytes() ++} ++ ++// addASN1IntBytes encodes in ASN.1 a positive integer represented as ++// a big-endian byte slice with zero or more leading zeroes. ++func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) { ++ for len(bytes) > 0 && bytes[0] == 0 { ++ bytes = bytes[1:] ++ } ++ if len(bytes) == 0 { ++ b.SetError(errors.New("invalid integer")) ++ return ++ } ++ b.AddASN1(asn1.INTEGER, func(c *cryptobyte.Builder) { ++ if bytes[0]&0x80 != 0 { ++ c.AddUint8(0) ++ } ++ c.AddBytes(bytes) ++ }) ++} diff --git a/src/crypto/dsa/notboring.go b/src/crypto/dsa/notboring.go new file mode 100644 index 00000000000000..f8771d0189f990 @@ -886,7 +935,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..2f6b54f20be6bf +index 00000000000000..826732e87d4764 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,224 @@ @@ -1107,11 +1156,11 @@ index 00000000000000..2f6b54f20be6bf + panic("cryptobackend: not available") +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s BigInt, err error) { + panic("cryptobackend: not available") +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { + panic("cryptobackend: not available") +} diff --git a/src/crypto/internal/backend/norequirefips.go b/src/crypto/internal/backend/norequirefips.go diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index f4ce862eab6..46c71341c5a 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -30,7 +30,7 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..797e805300c4c9 +index 00000000000000..8cf833cf2bf3f9 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go @@ -0,0 +1,256 @@ @@ -283,10 +283,10 @@ index 00000000000000..797e805300c4c9 + panic("cryptobackend: not available") +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s boring.BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s boring.BigInt, err error) { + panic("cryptobackend: not available") +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { + panic("cryptobackend: not available") +} diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index b9d186350c7..ffa29c6057f 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 420 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 375 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -32,7 +32,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/x509/notboring.go | 2 +- src/go.mod | 1 + src/go.sum | 2 + - src/go/build/deps_test.go | 8 +- + src/go/build/deps_test.go | 7 +- src/go/build/vendor_test.go | 1 + src/hash/boring_test.go | 2 +- src/hash/notboring_test.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 506 insertions(+), 25 deletions(-) + 36 files changed, 460 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..017baddcf79c06 +index 00000000000000..939dc54a0e8014 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,420 @@ +@@ -0,0 +1,375 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -211,18 +211,13 @@ index 00000000000000..017baddcf79c06 +import ( + "crypto" + "crypto/cipher" -+ "crypto/internal/backend/bbig" + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" -+ "errors" + "hash" + "io" -+ "math/big" + "syscall" + + "github.com/golang-fips/openssl/v2" -+ "golang.org/x/crypto/cryptobyte" -+ "golang.org/x/crypto/cryptobyte/asn1" +) + +// Enabled controls whether FIPS crypto is enabled. @@ -555,68 +550,28 @@ index 00000000000000..017baddcf79c06 + return openssl.NewPublicKeyDSA(openssl.DSAParameters{p, q, g}, y) +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s openssl.BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s openssl.BigInt, err error) { + sig, err := openssl.SignDSA(priv, hash) + if err != nil { + return nil, nil, err + } + -+ rByte, sByte, err := parseSignature(sig) ++ r, s, err := parseSignature(sig) + if err != nil { + return nil, nil, err + } + -+ return bbig.Enc(new(big.Int).SetBytes(rByte)), bbig.Enc(new(big.Int).SetBytes(sByte)), nil ++ return openssl.BigInt(r), openssl.BigInt(s), nil +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt) bool { -+ sig, err := encodeSignature(bbig.Dec(r).Bytes(), bbig.Dec(s).Bytes()) ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { ++ sig, err := encodeSignature(r, s) + if err != nil { + return false + } + + return openssl.VerifyDSA(pub, hashed, sig) +} -+ -+func parseSignature(sig []byte) (r, s []byte, err error) { -+ var inner cryptobyte.String -+ input := cryptobyte.String(sig) -+ if !input.ReadASN1(&inner, asn1.SEQUENCE) || -+ !input.Empty() || -+ !inner.ReadASN1Integer(&r) || -+ !inner.ReadASN1Integer(&s) || -+ !inner.Empty() { -+ return nil, nil, errors.New("invalid ASN.1") -+ } -+ return r, s, nil -+} -+ -+func encodeSignature(r, s []byte) ([]byte, error) { -+ var b cryptobyte.Builder -+ b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { -+ addASN1IntBytes(b, r) -+ addASN1IntBytes(b, s) -+ }) -+ return b.Bytes() -+} -+ -+// addASN1IntBytes encodes in ASN.1 a positive integer represented as -+// a big-endian byte slice with zero or more leading zeroes. -+func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) { -+ for len(bytes) > 0 && bytes[0] == 0 { -+ bytes = bytes[1:] -+ } -+ if len(bytes) == 0 { -+ b.SetError(errors.New("invalid integer")) -+ return -+ } -+ b.AddASN1(asn1.INTEGER, func(c *cryptobyte.Builder) { -+ if bytes[0]&0x80 != 0 { -+ c.AddUint8(0) -+ } -+ c.AddBytes(bytes) -+ }) -+} diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s index f2e5a503eaacb6..1dc7116efdff2e 100644 --- a/src/crypto/internal/boring/fipstls/stub.s @@ -835,7 +790,7 @@ index b4efd6d3c50c11..4c3ca847c21cd2 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 578b4d6f68504c..0a69b3e3167ee4 100644 +index 578b4d6f68504c..80a14d54739524 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -476,6 +476,8 @@ var depsRules = ` @@ -855,15 +810,7 @@ index 578b4d6f68504c..0a69b3e3167ee4 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -522,6 +525,7 @@ var depsRules = ` - < encoding/asn1 - < golang.org/x/crypto/cryptobyte/asn1 - < golang.org/x/crypto/cryptobyte -+ < crypto/internal/backend - < crypto/internal/bigmod - < crypto/dsa, crypto/elliptic, crypto/rsa - < crypto/ecdsa -@@ -812,7 +816,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -812,7 +815,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -872,7 +819,7 @@ index 578b4d6f68504c..0a69b3e3167ee4 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -822,7 +826,7 @@ func findImports(pkg string) ([]string, error) { +@@ -822,7 +825,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 790c2b808d6..34c6aab86be 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -183,7 +183,7 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..542b21f1a25e05 +index 00000000000000..3543e4eff7402d --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go @@ -0,0 +1,321 @@ @@ -501,11 +501,11 @@ index 00000000000000..542b21f1a25e05 + return cng.NewPublicKeyDSA(cng.DSAParameters{p, q, g}, y) +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte) (r, s cng.BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s cng.BigInt, err error) { + return cng.SignDSA(priv, hash) +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { + return cng.VerifyDSA(pub, hashed, r, s) +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go From c18168d03ace1a9ae25a98cc0bb5ebd92e7ca0d5 Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 12 Dec 2024 07:46:55 +0000 Subject: [PATCH 138/887] fix:patch files --- patches/0002-Add-crypto-backend-foundation.patch | 14 +++++++------- patches/0003-Add-BoringSSL-crypto-backend.patch | 12 +++++++----- patches/0004-Add-OpenSSL-crypto-backend.patch | 16 +++++++++------- patches/0005-Add-CNG-crypto-backend.patch | 14 ++++++++------ 4 files changed, 31 insertions(+), 25 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 6bb40d06a32..83625420309 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -269,7 +269,7 @@ index 00000000000000..3be888a0104809 + } +} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..9161e4b0a6ce85 100644 +index 4524bd492feba0..f8e20be38a3794 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go @@ -18,7 +18,12 @@ import ( @@ -360,7 +360,7 @@ index 4524bd492feba0..9161e4b0a6ce85 100644 return v.Cmp(r) == 0 } + -+func parseSignature(sig []byte) ([]uint, []uint, error) { ++func parseSignature(sig []byte) (boring.BigInt, boring.BigInt, error) { + var r, s []byte + var inner cryptobyte.String + input := cryptobyte.String(sig) @@ -371,10 +371,10 @@ index 4524bd492feba0..9161e4b0a6ce85 100644 + !inner.Empty() { + return nil, nil, errors.New("invalid ASN.1") + } -+ return []uint(bbig.Enc(new(big.Int).SetBytes(r))), []uint(bbig.Enc(new(big.Int).SetBytes(s))), nil ++ return bbig.Enc(new(big.Int).SetBytes(r)), bbig.Enc(new(big.Int).SetBytes(s)), nil +} + -+func encodeSignature(r, s []uint) ([]byte, error) { ++func encodeSignature(r, s boring.BigInt) ([]byte, error) { + var b cryptobyte.Builder + b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { + addASN1IntBytes(b, bbig.Dec(r).Bytes()) @@ -935,7 +935,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..826732e87d4764 +index 00000000000000..5a1f8da56d4fed --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,224 @@ @@ -1156,11 +1156,11 @@ index 00000000000000..826732e87d4764 + panic("cryptobackend: not available") +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (BigInt, BigInt, error)) (r, s BigInt, err error) { + panic("cryptobackend: not available") +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt, encodeSignature func(r, s BigInt) ([]byte, error)) bool { + panic("cryptobackend: not available") +} diff --git a/src/crypto/internal/backend/norequirefips.go b/src/crypto/internal/backend/norequirefips.go diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 46c71341c5a..11a92c92920 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,8 +5,8 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 256 ++++++++++++++++++ - 2 files changed, 268 insertions(+) + src/crypto/internal/backend/boring_linux.go | 258 ++++++++++++++++++ + 2 files changed, 270 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go @@ -30,10 +30,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..8cf833cf2bf3f9 +index 00000000000000..39757223de3425 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,256 @@ +@@ -0,0 +1,258 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -55,6 +55,8 @@ index 00000000000000..8cf833cf2bf3f9 + +const Enabled = true + ++type BigInt = boring.BigInt ++ +const RandReader = boring.RandReader + +func SupportsHash(h crypto.Hash) bool { @@ -283,7 +285,7 @@ index 00000000000000..8cf833cf2bf3f9 + panic("cryptobackend: not available") +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s boring.BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (boring.BigInt, boring.BigInt, error)) (r, s boring.BigInt, err error) { + panic("cryptobackend: not available") +} + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index ffa29c6057f..f944c639ba2 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 375 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 377 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 460 insertions(+), 25 deletions(-) + 36 files changed, 462 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..939dc54a0e8014 +index 00000000000000..fcffdbf1162816 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,375 @@ +@@ -0,0 +1,377 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -223,6 +223,8 @@ index 00000000000000..939dc54a0e8014 +// Enabled controls whether FIPS crypto is enabled. +const Enabled = true + ++type BigInt = openssl.BigInt ++ +// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. +// FreeBSD library version numbering does not directly align to the version of OpenSSL. +// Its preferred search order is 11 -> 111. @@ -550,13 +552,13 @@ index 00000000000000..939dc54a0e8014 + return openssl.NewPublicKeyDSA(openssl.DSAParameters{p, q, g}, y) +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s openssl.BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (openssl.BigInt, openssl.BigInt, error)) (r, s openssl.BigInt, err error) { + sig, err := openssl.SignDSA(priv, hash) + if err != nil { + return nil, nil, err + } + -+ r, s, err := parseSignature(sig) ++ r, s, err = parseSignature(sig) + if err != nil { + return nil, nil, err + } @@ -564,7 +566,7 @@ index 00000000000000..939dc54a0e8014 + return openssl.BigInt(r), openssl.BigInt(s), nil +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt, encodeSignature func(r, s openssl.BigInt) ([]byte, error)) bool { + sig, err := encodeSignature(r, s) + if err != nil { + return false diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 34c6aab86be..f18c1b4283a 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 321 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 323 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 416 insertions(+), 27 deletions(-) + 36 files changed, 418 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..3543e4eff7402d +index 00000000000000..bb2915ace01223 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,321 @@ +@@ -0,0 +1,323 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -213,6 +213,8 @@ index 00000000000000..3543e4eff7402d +// Enabled controls whether FIPS crypto is enabled. +const Enabled = true + ++type BigInt = cng.BigInt ++ +func init() { + // 1: FIPS required: abort the process if the system is not in FIPS mode. + // other values: continue regardless of system-configured FIPS mode. @@ -501,11 +503,11 @@ index 00000000000000..3543e4eff7402d + return cng.NewPublicKeyDSA(cng.DSAParameters{p, q, g}, y) +} + -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) ([]uint, []uint, error)) (r, s cng.BigInt, err error) { ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (cng.BigInt, cng.BigInt, error)) (r, s cng.BigInt, err error) { + return cng.SignDSA(priv, hash) +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt, encodeSignature func(r, s cng.BigInt) ([]byte, error)) bool { + return cng.VerifyDSA(pub, hashed, r, s) +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go From 5916786ee8898b0fa21fc34a2d1684567e999f99 Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 12 Dec 2024 08:02:18 +0000 Subject: [PATCH 139/887] fix:boringssl update --- patches/0003-Add-BoringSSL-crypto-backend.patch | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 11a92c92920..7c8331b25d4 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -30,7 +30,7 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..39757223de3425 +index 00000000000000..31e57a8dffd4c3 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go @@ -0,0 +1,258 @@ @@ -289,6 +289,6 @@ index 00000000000000..39757223de3425 + panic("cryptobackend: not available") +} + -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt, encodeSignature func(r, s []uint) ([]byte, error)) bool { ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt, encodeSignature func(r, s boring.BigInt) ([]byte, error)) bool { + panic("cryptobackend: not available") +} From ce933c1cc95894240ee40b49fe351151df8f4712 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 09:54:33 +0100 Subject: [PATCH 140/887] upgrade AZL3 pipeline --- eng/pipeline/pr-outerloop-pipeline.yml | 2 +- eng/pipeline/pr-pipeline.yml | 2 +- eng/pipeline/rolling-innerloop-pipeline.yml | 2 +- eng/pipeline/rolling-pipeline.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/eng/pipeline/pr-outerloop-pipeline.yml b/eng/pipeline/pr-outerloop-pipeline.yml index d38cbe3be3f..b558d2e1095 100644 --- a/eng/pipeline/pr-outerloop-pipeline.yml +++ b/eng/pipeline/pr-outerloop-pipeline.yml @@ -29,7 +29,7 @@ resources: - container: mariner2arm64 image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 - container: azurelinux3 - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241210101540-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/pr-pipeline.yml b/eng/pipeline/pr-pipeline.yml index 48998dd148d..e8fd657e469 100644 --- a/eng/pipeline/pr-pipeline.yml +++ b/eng/pipeline/pr-pipeline.yml @@ -26,7 +26,7 @@ resources: - container: mariner2arm64 image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 - container: azurelinux3 - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241210101540-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-innerloop-pipeline.yml b/eng/pipeline/rolling-innerloop-pipeline.yml index ef929e84564..ad3174cfc35 100644 --- a/eng/pipeline/rolling-innerloop-pipeline.yml +++ b/eng/pipeline/rolling-innerloop-pipeline.yml @@ -49,7 +49,7 @@ extends: mariner2arm64: image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 azurelinux3: - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241210101540-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml diff --git a/eng/pipeline/rolling-pipeline.yml b/eng/pipeline/rolling-pipeline.yml index c9be0e47187..814709fca90 100644 --- a/eng/pipeline/rolling-pipeline.yml +++ b/eng/pipeline/rolling-pipeline.yml @@ -42,7 +42,7 @@ extends: mariner2arm64: image: mcr.microsoft.com/microsoft-go/infra-images:cbl-mariner-2.0-arm64-default-20241029143304-6049f85 azurelinux3: - image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241024144202-a3a1203 + image: mcr.microsoft.com/microsoft-go/infra-images:azurelinux-3.0-amd64-default-20241210101540-a3a1203 stages: - template: stages/go-builder-matrix-stages.yml From 279c65eaf08feba87a2a81f4f0fc4c131159171b Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 12 Dec 2024 13:16:16 +0000 Subject: [PATCH 141/887] fix linter --- patches/0004-Add-OpenSSL-crypto-backend.patch | 8 ++++---- patches/0005-Add-CNG-crypto-backend.patch | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index f944c639ba2..0286fecd9fc 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -193,7 +193,7 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..fcffdbf1162816 +index 00000000000000..85856d3c900eb8 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,377 @@ @@ -536,7 +536,7 @@ index 00000000000000..fcffdbf1162816 +} + +func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) { -+ generatedKey, err := openssl.GenerateKeyDSA(openssl.DSAParameters{p, q, g}) ++ generatedKey, err := openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}) + if err != nil { + return nil, nil, err + } @@ -545,11 +545,11 @@ index 00000000000000..fcffdbf1162816 +} + +func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { -+ return openssl.NewPrivateKeyDSA(openssl.DSAParameters{p, q, g}, x, y) ++ return openssl.NewPrivateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}, x, y) +} + +func NewPublicKeyDSA(p, q, g, y openssl.BigInt) (*openssl.PublicKeyDSA, error) { -+ return openssl.NewPublicKeyDSA(openssl.DSAParameters{p, q, g}, y) ++ return openssl.NewPublicKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}, y) +} + +func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (openssl.BigInt, openssl.BigInt, error)) (r, s openssl.BigInt, err error) { diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index f18c1b4283a..b2c14715499 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -183,7 +183,7 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..bb2915ace01223 +index 00000000000000..e6feb6256e4a0d --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go @@ -0,0 +1,323 @@ @@ -487,7 +487,7 @@ index 00000000000000..bb2915ace01223 +} + +func GenerateKeyDSA(p, q, g cng.BigInt) (x, y cng.BigInt, err error) { -+ generatedKey, err := cng.GenerateKeyDSA(cng.DSAParameters{p, q, g}) ++ generatedKey, err := cng.GenerateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}) + if err != nil { + return nil, nil, err + } @@ -496,11 +496,11 @@ index 00000000000000..bb2915ace01223 +} + +func NewPrivateKeyDSA(p, q, g, x, y cng.BigInt) (*cng.PrivateKeyDSA, error) { -+ return cng.NewPrivateKeyDSA(cng.DSAParameters{p, q, g}, x, y) ++ return cng.NewPrivateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}, x, y) +} + +func NewPublicKeyDSA(p, q, g, y cng.BigInt) (*cng.PublicKeyDSA, error) { -+ return cng.NewPublicKeyDSA(cng.DSAParameters{p, q, g}, y) ++ return cng.NewPublicKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}, y) +} + +func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (cng.BigInt, cng.BigInt, error)) (r, s cng.BigInt, err error) { From 111f9048b25c21695a7f6a1ca43e12eb39826d4d Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 12:45:46 +0100 Subject: [PATCH 142/887] add missing copyright headers --- .../0002-Add-crypto-backend-foundation.patch | 22 +++++++---- patches/0004-Add-OpenSSL-crypto-backend.patch | 14 +++++-- patches/0005-Add-CNG-crypto-backend.patch | 14 +++++-- ...GOFIPS-when-running-the-Go-toolchain.patch | 20 ++++++---- ...upport-for-logging-used-Windows-APIs.patch | 38 ++++++++++++------- 5 files changed, 72 insertions(+), 36 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 83625420309..b8461a103da 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -58,12 +58,12 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/prf_test.go | 12 +- src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + - src/hash/boring_test.go | 5 + + src/hash/boring_test.go | 9 + src/hash/marshal_test.go | 5 + - src/hash/notboring_test.go | 5 + + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1141 insertions(+), 106 deletions(-) + 59 files changed, 1145 insertions(+), 106 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -2277,10 +2277,14 @@ index c6a2518f62ff3a..578b4d6f68504c 100644 < crypto/ed25519 diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go new file mode 100644 -index 00000000000000..c90899062a9665 +index 00000000000000..b4cb21f3580737 --- /dev/null +++ b/src/hash/boring_test.go -@@ -0,0 +1,5 @@ +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ +//go:build goexperiment.boringcrypto + +package hash_test @@ -2304,10 +2308,14 @@ index 3091f7a67acede..fead8cc4bec73a 100644 diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go new file mode 100644 -index 00000000000000..79f8c22f2b7416 +index 00000000000000..0f289915be6daa --- /dev/null +++ b/src/hash/notboring_test.go -@@ -0,0 +1,5 @@ +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ +//go:build !goexperiment.boringcrypto + +package hash_test diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 0286fecd9fc..fd0ae950b7e 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -843,20 +843,26 @@ index 7f6237ffd59c11..7c821ae4bc5727 100644 // Verify that the vendor directories contain only packages matching the list above. diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go -index c90899062a9665..802c0f8b8987bf 100644 +index b4cb21f3580737..ff24d12966e22f 100644 --- a/src/hash/boring_test.go +++ b/src/hash/boring_test.go -@@ -1,4 +1,4 @@ +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + -//go:build goexperiment.boringcrypto +//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto package hash_test diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go -index 79f8c22f2b7416..f3e8ed3e1cbf20 100644 +index 0f289915be6daa..bd935326bf7305 100644 --- a/src/hash/notboring_test.go +++ b/src/hash/notboring_test.go -@@ -1,4 +1,4 @@ +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + -//go:build !goexperiment.boringcrypto +//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index b2c14715499..a8076bcb13d 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -793,10 +793,13 @@ index 7c821ae4bc5727..1d0b9b20e9b1d4 100644 // Verify that the vendor directories contain only packages matching the list above. diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go -index 802c0f8b8987bf..99e1933f84b52c 100644 +index ff24d12966e22f..a5242cca089049 100644 --- a/src/hash/boring_test.go +++ b/src/hash/boring_test.go -@@ -1,4 +1,4 @@ +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + -//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto +//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto @@ -816,10 +819,13 @@ index f07b9aaa2c4898..2ff6c4827391c0 100644 import ( diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go -index f3e8ed3e1cbf20..a85fc430cfa655 100644 +index bd935326bf7305..40c84700690612 100644 --- a/src/hash/notboring_test.go +++ b/src/hash/notboring_test.go -@@ -1,4 +1,4 @@ +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + -//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto +//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto diff --git a/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch index 25f46c09a6a..c9bb73f065d 100644 --- a/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch +++ b/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch @@ -4,17 +4,21 @@ Date: Wed, 14 Feb 2024 11:03:01 +0100 Subject: [PATCH] unset GOFIPS when running the Go toolchain --- - src/cmd/go/internal/gofips/gofips.go | 32 ++++++++++++++++++++++++++++ - src/cmd/go/main.go | 5 +++++ - 2 files changed, 37 insertions(+) + src/cmd/go/internal/gofips/gofips.go | 36 ++++++++++++++++++++++++++++ + src/cmd/go/main.go | 5 ++++ + 2 files changed, 41 insertions(+) create mode 100644 src/cmd/go/internal/gofips/gofips.go diff --git a/src/cmd/go/internal/gofips/gofips.go b/src/cmd/go/internal/gofips/gofips.go new file mode 100644 -index 00000000000000..009eece5b6c080 +index 00000000000000..1f3549cf1b4ab5 --- /dev/null +++ b/src/cmd/go/internal/gofips/gofips.go -@@ -0,0 +1,32 @@ +@@ -0,0 +1,36 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ +// gofips is a package that, when imported, unsets the GOFIPS environment variable +// and stores it for later use. +// @@ -48,10 +52,10 @@ index 00000000000000..009eece5b6c080 + return gofips, gofipsSet +} diff --git a/src/cmd/go/main.go b/src/cmd/go/main.go -index d380aae489436f..fe619a8aadd2ae 100644 +index f2e4d890d3d61b..fd1f733f7018a1 100644 --- a/src/cmd/go/main.go +++ b/src/cmd/go/main.go -@@ -29,6 +29,7 @@ import ( +@@ -27,6 +27,7 @@ import ( "cmd/go/internal/fix" "cmd/go/internal/fmtcmd" "cmd/go/internal/generate" @@ -59,7 +63,7 @@ index d380aae489436f..fe619a8aadd2ae 100644 "cmd/go/internal/help" "cmd/go/internal/list" "cmd/go/internal/modcmd" -@@ -223,6 +224,10 @@ func invoke(cmd *base.Command, args []string) { +@@ -301,6 +302,10 @@ func invoke(cmd *base.Command, args []string) { // but in practice there might be skew // This makes sure we all agree. cfg.OrigEnv = toolchain.FilterEnv(os.Environ()) diff --git a/patches/0011-add-support-for-logging-used-Windows-APIs.patch b/patches/0011-add-support-for-logging-used-Windows-APIs.patch index f156f655ae4..7c26330910b 100644 --- a/patches/0011-add-support-for-logging-used-Windows-APIs.patch +++ b/patches/0011-add-support-for-logging-used-Windows-APIs.patch @@ -6,21 +6,21 @@ Subject: [PATCH] add support for logging used Windows APIs --- src/runtime/os_windows.go | 1 + src/runtime/syscall_windows.go | 1 + - src/runtime/syscalltrace_generate_windows.go | 46 +++++++ - src/runtime/syscalltrace_windows.go | 127 +++++++++++++++++++ - src/runtime/syscalltrace_windows_test.go | 77 +++++++++++ + src/runtime/syscalltrace_generate_windows.go | 50 +++++++ + src/runtime/syscalltrace_windows.go | 131 +++++++++++++++++++ + src/runtime/syscalltrace_windows_test.go | 81 ++++++++++++ src/runtime/zsyscalltrace_windows.go | 60 +++++++++ - 6 files changed, 312 insertions(+) + 6 files changed, 324 insertions(+) create mode 100644 src/runtime/syscalltrace_generate_windows.go create mode 100644 src/runtime/syscalltrace_windows.go create mode 100644 src/runtime/syscalltrace_windows_test.go create mode 100644 src/runtime/zsyscalltrace_windows.go diff --git a/src/runtime/os_windows.go b/src/runtime/os_windows.go -index 4aabc29644e6f9..fc7296f28ab12f 100644 +index 7183e79f7df093..2b382202bf7e49 100644 --- a/src/runtime/os_windows.go +++ b/src/runtime/os_windows.go -@@ -222,6 +222,7 @@ func windowsFindfunc(lib uintptr, name []byte) stdFunction { +@@ -223,6 +223,7 @@ func windowsFindfunc(lib uintptr, name []byte) stdFunction { if name[len(name)-1] != 0 { throw("usage") } @@ -29,7 +29,7 @@ index 4aabc29644e6f9..fc7296f28ab12f 100644 return stdFunction(unsafe.Pointer(f)) } diff --git a/src/runtime/syscall_windows.go b/src/runtime/syscall_windows.go -index 69d720a395c48d..2772c019a15af2 100644 +index 85b1b8c9024a73..384be25350726e 100644 --- a/src/runtime/syscall_windows.go +++ b/src/runtime/syscall_windows.go @@ -443,6 +443,7 @@ func syscall_loadlibrary(filename *uint16) (handle, err uintptr) { @@ -42,10 +42,14 @@ index 69d720a395c48d..2772c019a15af2 100644 if outhandle != 0 { diff --git a/src/runtime/syscalltrace_generate_windows.go b/src/runtime/syscalltrace_generate_windows.go new file mode 100644 -index 00000000000000..e3bbe376f43ce9 +index 00000000000000..17fb696be88776 --- /dev/null +++ b/src/runtime/syscalltrace_generate_windows.go -@@ -0,0 +1,46 @@ +@@ -0,0 +1,50 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ +//go:build ignore + +package main @@ -94,10 +98,14 @@ index 00000000000000..e3bbe376f43ce9 +} diff --git a/src/runtime/syscalltrace_windows.go b/src/runtime/syscalltrace_windows.go new file mode 100644 -index 00000000000000..15245e4414c0b8 +index 00000000000000..ed9161b797c4f9 --- /dev/null +++ b/src/runtime/syscalltrace_windows.go -@@ -0,0 +1,127 @@ +@@ -0,0 +1,131 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ +//go:generate go run syscalltrace_generate_windows.go -output zsyscalltrace_windows.go os_windows syscalltrace_windows + +package runtime @@ -227,10 +235,14 @@ index 00000000000000..15245e4414c0b8 +} diff --git a/src/runtime/syscalltrace_windows_test.go b/src/runtime/syscalltrace_windows_test.go new file mode 100644 -index 00000000000000..31d1fc18bb8640 +index 00000000000000..626c5e98f7eae4 --- /dev/null +++ b/src/runtime/syscalltrace_windows_test.go -@@ -0,0 +1,77 @@ +@@ -0,0 +1,81 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ +package runtime_test + +import ( From 885ae5db5ab2a5273e7d5fd69a1916ffc5903952 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 11:00:28 +0100 Subject: [PATCH 143/887] upgrade backends and fix signatures --- .../0002-Add-crypto-backend-foundation.patch | 46 +- .../0003-Add-BoringSSL-crypto-backend.patch | 9 +- patches/0004-Add-OpenSSL-crypto-backend.patch | 27 +- patches/0005-Add-CNG-crypto-backend.patch | 31 +- patches/0006-Vendor-crypto-backends.patch | 724 ++++++++++-------- 5 files changed, 462 insertions(+), 375 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index b8461a103da..4b635481f20 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -26,7 +26,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/internal/backend/bbig/big.go | 17 ++ src/crypto/internal/backend/common.go | 92 ++++++++ src/crypto/internal/backend/isrequirefips.go | 9 + - src/crypto/internal/backend/nobackend.go | 224 +++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 223 +++++++++++++++++++ src/crypto/internal/backend/norequirefips.go | 9 + src/crypto/internal/backend/stub.s | 10 + src/crypto/md5/md5.go | 7 + @@ -53,8 +53,8 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_client.go | 25 ++- src/crypto/tls/handshake_server.go | 25 ++- src/crypto/tls/handshake_server_tls13.go | 10 + - src/crypto/tls/key_schedule.go | 18 +- - src/crypto/tls/prf.go | 77 +++++-- + src/crypto/tls/key_schedule.go | 23 ++- + src/crypto/tls/prf.go | 77 ++++--- src/crypto/tls/prf_test.go | 12 +- src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + @@ -63,7 +63,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1145 insertions(+), 106 deletions(-) + 59 files changed, 1144 insertions(+), 106 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -269,7 +269,7 @@ index 00000000000000..3be888a0104809 + } +} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..f8e20be38a3794 100644 +index 4524bd492feba0..19f3a125017b61 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go @@ -18,7 +18,12 @@ import ( @@ -290,7 +290,7 @@ index 4524bd492feba0..f8e20be38a3794 100644 } + if boring.Enabled && boring.SupportsDSA(L, N) { -+ p, q, g, err := boring.GenerateDSAParameters(L, N) ++ p, q, g, err := boring.GenerateParametersDSA(L, N) + if err != nil { + return err + } @@ -938,7 +938,7 @@ new file mode 100644 index 00000000000000..5a1f8da56d4fed --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,224 @@ +@@ -0,0 +1,223 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -953,7 +953,6 @@ index 00000000000000..5a1f8da56d4fed + "crypto" + "crypto/cipher" + "hash" -+ "io" +) + +const Enabled = false @@ -1064,7 +1063,7 @@ index 00000000000000..5a1f8da56d4fed + +func SupportsHKDF() bool { panic("cryptobackend: not available") } + -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { + panic("cryptobackend: not available") +} + @@ -1137,7 +1136,7 @@ index 00000000000000..5a1f8da56d4fed + panic("cryptobackend: not available") +} + -+func GenerateDSAParameters(l, n int) (p, q, g BigInt, err error) { ++func GenerateParametersDSA(l, n int) (p, q, g BigInt, err error) { + panic("cryptobackend: not available") +} + @@ -1984,28 +1983,33 @@ index b8cf4c3fa50b24..bc5d32a29c50c4 100644 } state, err := marshaler.MarshalBinary() diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go -index 1636baf79e7288..c9a5877d3d504f 100644 +index 1636baf79e7288..747c3c0883230c 100644 --- a/src/crypto/tls/key_schedule.go +++ b/src/crypto/tls/key_schedule.go -@@ -61,7 +61,16 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by +@@ -60,10 +60,18 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by + // significantly more confusing to users. panic(fmt.Errorf("failed to construct HKDF label: %s", err)) } - out := make([]byte, length) +- out := make([]byte, length) - n, err := hkdf.Expand(c.hash.New, secret, hkdfLabelBytes).Read(out) -+ var r io.Reader +- if err != nil || n != length { +- panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ var out []byte + if boring.Enabled && boring.SupportsHKDF() { -+ r, err = boring.ExpandHKDF(c.hash.New, secret, hkdfLabelBytes) ++ out, err = boring.ExpandHKDF(c.hash.New, secret, hkdfLabelBytes, length) + if err != nil { + panic(fmt.Errorf("tls: HKDF-Expand-Label invocation failed unexpectedly: %s", err)) + } + } else { -+ r = hkdf.Expand(c.hash.New, secret, hkdfLabelBytes) -+ } -+ n, err := r.Read(out) - if err != nil || n != length { - panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ out = make([]byte, length) ++ n, err := hkdf.Expand(c.hash.New, secret, hkdfLabelBytes).Read(out) ++ if err != nil || n != length { ++ panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ } } -@@ -81,6 +90,13 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { + return out + } +@@ -81,6 +89,13 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { if newSecret == nil { newSecret = make([]byte, c.hash.Size()) } diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 7c8331b25d4..a9449fa8184 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 258 ++++++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 257 ++++++++++++++++++ 2 files changed, 270 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go @@ -33,7 +33,7 @@ new file mode 100644 index 00000000000000..31e57a8dffd4c3 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,258 @@ +@@ -0,0 +1,257 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -50,7 +50,6 @@ index 00000000000000..31e57a8dffd4c3 + "crypto/cipher" + "crypto/internal/boring" + "hash" -+ "io" +) + +const Enabled = true @@ -187,7 +186,7 @@ index 00000000000000..31e57a8dffd4c3 + +func SupportsHKDF() bool { return false } + -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { + panic("cryptobackend: not available") +} + @@ -266,7 +265,7 @@ index 00000000000000..31e57a8dffd4c3 + return false +} + -+func GenerateDSAParameters(l, n int) (p, q, g boring.BigInt, err error) { ++func GenerateParametersDSA(l, n int) (p, q, g boring.BigInt, err error) { + panic("cryptobackend: not available") +} + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index fd0ae950b7e..83172d6a85a 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 377 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 376 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 462 insertions(+), 25 deletions(-) + 36 files changed, 461 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -196,7 +196,7 @@ new file mode 100644 index 00000000000000..85856d3c900eb8 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,377 @@ +@@ -0,0 +1,376 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -214,7 +214,6 @@ index 00000000000000..85856d3c900eb8 + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" + "hash" -+ "io" + "syscall" + + "github.com/golang-fips/openssl/v2" @@ -454,8 +453,8 @@ index 00000000000000..85856d3c900eb8 + return openssl.SupportsHKDF() +} + -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -+ return openssl.ExpandHKDF(h, pseudorandomKey, info) ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ return openssl.ExpandHKDFOneShot(h, pseudorandomKey, info, keyLength) +} + +func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { @@ -530,8 +529,8 @@ index 00000000000000..85856d3c900eb8 + return openssl.SupportsDSA() +} + -+func GenerateDSAParameters(l, n int) (p, q, g openssl.BigInt, err error) { -+ params, err := openssl.GenerateDSAParameters(l, n) ++func GenerateParametersDSA(l, n int) (p, q, g openssl.BigInt, err error) { ++ params, err := openssl.GenerateParametersDSA(l, n) + return params.P, params.Q, params.G, err +} + @@ -706,7 +705,7 @@ index f8485dc3ca1c29..9c1d3d279c472f 100644 package fipsonly diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go -index c9a5877d3d504f..952eadd09e38ab 100644 +index 747c3c0883230c..ee9274bb63b9b4 100644 --- a/src/crypto/tls/key_schedule.go +++ b/src/crypto/tls/key_schedule.go @@ -7,6 +7,7 @@ package tls @@ -770,24 +769,24 @@ index c83a7272c9f01f..a0548a7f9179c5 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index df27f25e789f05..12d8c8f4f97321 100644 +index df27f25e789f05..30e45951c763fa 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std go 1.24 require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index b4efd6d3c50c11..4c3ca847c21cd2 100644 +index b4efd6d3c50c11..fd8881e46df76e 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index a8076bcb13d..cc435b0a0ee 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 323 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 322 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 418 insertions(+), 27 deletions(-) + 36 files changed, 417 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -186,7 +186,7 @@ new file mode 100644 index 00000000000000..e6feb6256e4a0d --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,323 @@ +@@ -0,0 +1,322 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -204,7 +204,6 @@ index 00000000000000..e6feb6256e4a0d + "crypto/internal/boring/fipstls" + "crypto/internal/boring/sig" + "hash" -+ "io" + _ "unsafe" + + "github.com/microsoft/go-crypto-winnative/cng" @@ -394,8 +393,8 @@ index 00000000000000..e6feb6256e4a0d + return cng.SupportsHKDF() +} + -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -+ return cng.ExpandHKDF(h, pseudorandomKey, info) ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ return cng.ExpandHKDF(h, pseudorandomKey, info, keyLength) +} + +func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { @@ -478,8 +477,8 @@ index 00000000000000..e6feb6256e4a0d + return n == 160 || n == 256 +} + -+func GenerateDSAParameters(l, n int) (p, q, g cng.BigInt, err error) { -+ params, err := cng.GenerateDSAParameters(l) ++func GenerateParametersDSA(l, n int) (p, q, g cng.BigInt, err error) { ++ params, err := cng.GenerateParametersDSA(l) + if err != nil { + return nil, nil, nil, err + } @@ -734,26 +733,26 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 12d8c8f4f97321..8a95b6f65c63ef 100644 +index 30e45951c763fa..0209eeb6b8642c 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d + github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf ++ github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 4c3ca847c21cd2..54c859b46edd1c 100644 +index fd8881e46df76e..1d0d5a1b7845bb 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 h1:fMAxrMWT19/kkIZIuB9cjqW8SqRxCH2+2ZiZr5qrpuI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 43db9981ab9..eafa5600be4 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -15,21 +15,21 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../golang-fips/openssl/v2/cgo_go124.go | 18 + .../golang-fips/openssl/v2/cipher.go | 569 +++++++++ .../github.com/golang-fips/openssl/v2/des.go | 114 ++ - .../github.com/golang-fips/openssl/v2/dsa.go | 324 +++++ - .../github.com/golang-fips/openssl/v2/ec.go | 51 + - .../github.com/golang-fips/openssl/v2/ecdh.go | 313 +++++ - .../golang-fips/openssl/v2/ecdsa.go | 211 ++++ - .../golang-fips/openssl/v2/ed25519.go | 221 ++++ - .../github.com/golang-fips/openssl/v2/evp.go | 519 ++++++++ - .../golang-fips/openssl/v2/goopenssl.c | 240 ++++ - .../golang-fips/openssl/v2/goopenssl.h | 259 ++++ + .../github.com/golang-fips/openssl/v2/dsa.go | 323 +++++ + .../github.com/golang-fips/openssl/v2/ec.go | 68 ++ + .../github.com/golang-fips/openssl/v2/ecdh.go | 303 +++++ + .../golang-fips/openssl/v2/ecdsa.go | 208 ++++ + .../golang-fips/openssl/v2/ed25519.go | 218 ++++ + .../github.com/golang-fips/openssl/v2/evp.go | 569 +++++++++ + .../golang-fips/openssl/v2/goopenssl.c | 248 ++++ + .../golang-fips/openssl/v2/goopenssl.h | 262 +++++ .../github.com/golang-fips/openssl/v2/hash.go | 1041 +++++++++++++++++ - .../github.com/golang-fips/openssl/v2/hkdf.go | 285 +++++ + .../github.com/golang-fips/openssl/v2/hkdf.go | 322 +++++ .../github.com/golang-fips/openssl/v2/hmac.go | 274 +++++ .../github.com/golang-fips/openssl/v2/init.go | 64 + .../golang-fips/openssl/v2/init_unix.go | 31 + .../golang-fips/openssl/v2/init_windows.go | 36 + - .../golang-fips/openssl/v2/openssl.go | 462 ++++++++ + .../golang-fips/openssl/v2/openssl.go | 469 ++++++++ .../golang-fips/openssl/v2/params.go | 210 ++++ .../golang-fips/openssl/v2/pbkdf2.go | 62 + .../golang-fips/openssl/v2/port_dsa.c | 85 ++ @@ -37,7 +37,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../github.com/golang-fips/openssl/v2/rand.go | 20 + .../github.com/golang-fips/openssl/v2/rc4.go | 66 ++ .../github.com/golang-fips/openssl/v2/rsa.go | 408 +++++++ - .../github.com/golang-fips/openssl/v2/shims.h | 401 +++++++ + .../github.com/golang-fips/openssl/v2/shims.h | 416 +++++++ .../golang-fips/openssl/v2/thread_setup.go | 14 + .../golang-fips/openssl/v2/thread_setup.h | 4 + .../openssl/v2/thread_setup_unix.c | 64 + @@ -51,24 +51,24 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../go-crypto-winnative/cng/cipher.go | 52 + .../microsoft/go-crypto-winnative/cng/cng.go | 131 +++ .../microsoft/go-crypto-winnative/cng/des.go | 106 ++ - .../microsoft/go-crypto-winnative/cng/dsa.go | 469 ++++++++ + .../microsoft/go-crypto-winnative/cng/dsa.go | 465 ++++++++ .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 ++++ .../go-crypto-winnative/cng/ecdsa.go | 169 +++ .../microsoft/go-crypto-winnative/cng/hash.go | 306 +++++ - .../microsoft/go-crypto-winnative/cng/hkdf.go | 180 +++ + .../microsoft/go-crypto-winnative/cng/hkdf.go | 124 ++ .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ .../go-crypto-winnative/cng/pbkdf2.go | 70 ++ .../microsoft/go-crypto-winnative/cng/rand.go | 28 + .../microsoft/go-crypto-winnative/cng/rc4.go | 65 + - .../microsoft/go-crypto-winnative/cng/rsa.go | 370 ++++++ + .../microsoft/go-crypto-winnative/cng/rsa.go | 396 +++++++ .../go-crypto-winnative/cng/tls1prf.go | 88 ++ .../internal/bcrypt/bcrypt_windows.go | 359 ++++++ .../internal/bcrypt/zsyscall_windows.go | 389 ++++++ .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 63 files changed, 10958 insertions(+) + 63 files changed, 11044 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -1187,10 +1187,10 @@ index 00000000000000..cd006544b5111b +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/dsa.go b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go new file mode 100644 -index 00000000000000..c56071f577f4f2 +index 00000000000000..384424c215dcf1 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/dsa.go -@@ -0,0 +1,324 @@ +@@ -0,0 +1,323 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1253,8 +1253,8 @@ index 00000000000000..c56071f577f4f2 + return f(k._pkey) +} + -+// GenerateDSAParameters generates a set of DSA parameters. -+func GenerateDSAParameters(l, n int) (DSAParameters, error) { ++// GenerateParametersDSA generates a set of DSA parameters. ++func GenerateParametersDSA(l, n int) (DSAParameters, error) { + // The DSA parameters are generated by creating a new DSA key and + // extracting the domain parameters from it. + @@ -1340,35 +1340,34 @@ index 00000000000000..c56071f577f4f2 +} + +// GenerateKeyDSA generates a new private DSA key using the given parameters. -+func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) { ++func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { + pkey, err := newDSA(params, nil, nil) + if err != nil { -+ return nil, err ++ return nil, nil, err + } -+ var x, y C.GO_BIGNUM_PTR ++ defer C.go_openssl_EVP_PKEY_free(pkey) ++ var bx, by C.GO_BIGNUM_PTR + switch vMajor { + case 1: + dsa := getDSA(pkey) + if vMinor == 0 { -+ C.go_openssl_DSA_get0_key_backport(dsa, &y, &x) ++ C.go_openssl_DSA_get0_key_backport(dsa, &by, &bx) + } else { -+ C.go_openssl_DSA_get0_key(dsa, &y, &x) ++ C.go_openssl_DSA_get0_key(dsa, &by, &bx) + } + case 3: + defer func() { -+ C.go_openssl_BN_clear_free(x) -+ C.go_openssl_BN_free(y) ++ C.go_openssl_BN_clear_free(bx) ++ C.go_openssl_BN_free(by) + }() -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY, &y) != 1 || -+ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &x) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_get_bn_param") ++ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PUB_KEY, &by) != 1 || ++ C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &bx) != 1 { ++ return nil, nil, newOpenSSLError("EVP_PKEY_get_bn_param") + } + default: + panic(errUnsupportedVersion()) + } -+ k := &PrivateKeyDSA{params, bnToBig(x), bnToBig(y), pkey} -+ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) -+ return k, nil ++ return bnToBig(bx), bnToBig(by), nil +} + +// SignDSA signs a hash (which should be the result of hashing a larger message). @@ -1517,10 +1516,10 @@ index 00000000000000..c56071f577f4f2 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ec.go b/src/vendor/github.com/golang-fips/openssl/v2/ec.go new file mode 100644 -index 00000000000000..03c51e5a74cf1a +index 00000000000000..734c14b9bc1e3e --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ec.go -@@ -0,0 +1,51 @@ +@@ -0,0 +1,68 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1528,18 +1527,35 @@ index 00000000000000..03c51e5a74cf1a +// #include "goopenssl.h" +import "C" + -+func curveNID(curve string) (C.int, error) { ++func curveNID(curve string) C.int { + switch curve { + case "P-224": -+ return C.GO_NID_secp224r1, nil ++ return C.GO_NID_secp224r1 + case "P-256": -+ return C.GO_NID_X9_62_prime256v1, nil ++ return C.GO_NID_X9_62_prime256v1 + case "P-384": -+ return C.GO_NID_secp384r1, nil ++ return C.GO_NID_secp384r1 + case "P-521": -+ return C.GO_NID_secp521r1, nil ++ return C.GO_NID_secp521r1 ++ default: ++ panic("openssl: unknown curve " + curve) ++ } ++} ++ ++// curveSize returns the size of the curve in bytes. ++func curveSize(curve string) int { ++ switch curve { ++ case "P-224": ++ return 224 / 8 ++ case "P-256": ++ return 256 / 8 ++ case "P-384": ++ return 384 / 8 ++ case "P-521": ++ return (521 + 7) / 8 ++ default: ++ panic("openssl: unknown curve " + curve) + } -+ return 0, errUnknownCurve +} + +// encodeEcPoint encodes pt. @@ -1574,10 +1590,10 @@ index 00000000000000..03c51e5a74cf1a +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go new file mode 100644 -index 00000000000000..5b146749350bf5 +index 00000000000000..ad392dca1ced82 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdh.go -@@ -0,0 +1,313 @@ +@@ -0,0 +1,303 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -1587,6 +1603,7 @@ index 00000000000000..5b146749350bf5 +import ( + "errors" + "runtime" ++ "slices" + "unsafe" +) + @@ -1600,9 +1617,8 @@ index 00000000000000..5b146749350bf5 +} + +type PrivateKeyECDH struct { -+ _pkey C.GO_EVP_PKEY_PTR -+ curve string -+ hasPublicKey bool ++ _pkey C.GO_EVP_PKEY_PTR ++ curve string +} + +func (k *PrivateKeyECDH) finalize() { @@ -1610,14 +1626,14 @@ index 00000000000000..5b146749350bf5 +} + +func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { -+ if len(bytes) < 1 { -+ return nil, errors.New("NewPublicKeyECDH: missing key") ++ if len(bytes) != 1+2*curveSize(curve) { ++ return nil, errors.New("NewPublicKeyECDH: wrong key length") + } + pkey, err := newECDHPkey(curve, bytes, false) + if err != nil { + return nil, err + } -+ k := &PublicKeyECDH{pkey, append([]byte(nil), bytes...)} ++ k := &PublicKeyECDH{pkey, slices.Clone(bytes)} + runtime.SetFinalizer(k, (*PublicKeyECDH).finalize) + return k, nil +} @@ -1625,24 +1641,20 @@ index 00000000000000..5b146749350bf5 +func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } + +func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) { ++ if len(bytes) != curveSize(curve) { ++ return nil, errors.New("NewPrivateKeyECDH: wrong key length") ++ } + pkey, err := newECDHPkey(curve, bytes, true) + if err != nil { + return nil, err + } -+ k := &PrivateKeyECDH{pkey, curve, false} ++ k := &PrivateKeyECDH{pkey, curve} + runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) + return k, nil +} + +func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { + defer runtime.KeepAlive(k) -+ if !k.hasPublicKey { -+ err := deriveEcdhPublicKey(k._pkey, k.curve) -+ if err != nil { -+ return nil, err -+ } -+ k.hasPublicKey = true -+ } + var pkey C.GO_EVP_PKEY_PTR + defer func() { + C.go_openssl_EVP_PKEY_free(pkey) @@ -1692,10 +1704,7 @@ index 00000000000000..5b146749350bf5 +} + +func newECDHPkey(curve string, bytes []byte, isPrivate bool) (C.GO_EVP_PKEY_PTR, error) { -+ nid, err := curveNID(curve) -+ if err != nil { -+ return nil, err -+ } ++ nid := curveNID(curve) + switch vMajor { + case 1: + return newECDHPkey1(nid, bytes, isPrivate) @@ -1718,6 +1727,7 @@ index 00000000000000..5b146749350bf5 + C.go_openssl_EC_KEY_free(key) + } + }() ++ group := C.go_openssl_EC_KEY_get0_group(key) + if isPrivate { + priv := C.go_openssl_BN_bin2bn(base(bytes), C.int(len(bytes)), nil) + if priv == nil { @@ -1727,8 +1737,15 @@ index 00000000000000..5b146749350bf5 + if C.go_openssl_EC_KEY_set_private_key(key, priv) != 1 { + return nil, newOpenSSLError("EC_KEY_set_private_key") + } ++ pub, err := pointMult(group, priv) ++ if err != nil { ++ return nil, err ++ } ++ defer C.go_openssl_EC_POINT_free(pub) ++ if C.go_openssl_EC_KEY_set_public_key(key, pub) != 1 { ++ return nil, newOpenSSLError("EC_KEY_set_public_key") ++ } + } else { -+ group := C.go_openssl_EC_KEY_get0_group(key) + pub := C.go_openssl_EC_POINT_new(group) + if pub == nil { + return nil, newOpenSSLError("EC_POINT_new") @@ -1741,6 +1758,14 @@ index 00000000000000..5b146749350bf5 + return nil, newOpenSSLError("EC_KEY_set_public_key") + } + } ++ if C.go_openssl_EC_KEY_check_key(key) != 1 { ++ // Match upstream error message. ++ if isPrivate { ++ return nil, errors.New("crypto/ecdh: invalid private key") ++ } else { ++ return nil, errors.New("crypto/ecdh: invalid public key") ++ } ++ } + return newEVPPKEY(key) +} + @@ -1755,7 +1780,19 @@ index 00000000000000..5b146749350bf5 + bld.addUTF8String(_OSSL_PKEY_PARAM_GROUP_NAME, C.go_openssl_OBJ_nid2sn(nid), 0) + var selection C.int + if isPrivate { -+ bld.addBin(_OSSL_PKEY_PARAM_PRIV_KEY, bytes, true) ++ priv := C.go_openssl_BN_bin2bn(base(bytes), C.int(len(bytes)), nil) ++ if priv == nil { ++ return nil, newOpenSSLError("BN_bin2bn") ++ } ++ defer C.go_openssl_BN_clear_free(priv) ++ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group C.GO_EC_GROUP_PTR) (C.GO_EC_POINT_PTR, error) { ++ return pointMult(group, priv) ++ }) ++ if err != nil { ++ return nil, err ++ } ++ bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, pubBytes) ++ bld.addBN(_OSSL_PKEY_PARAM_PRIV_KEY, priv) + selection = C.GO_EVP_PKEY_KEYPAIR + } else { + bld.addOctetString(_OSSL_PKEY_PARAM_PUB_KEY, bytes) @@ -1767,62 +1804,31 @@ index 00000000000000..5b146749350bf5 + return nil, err + } + defer C.go_openssl_OSSL_PARAM_free(params) -+ return newEvpFromParams(C.GO_EVP_PKEY_EC, selection, params) ++ pkey, err := newEvpFromParams(C.GO_EVP_PKEY_EC, selection, params) ++ if err != nil { ++ return nil, err ++ } ++ ++ if err := checkPkey(pkey, isPrivate); err != nil { ++ C.go_openssl_EVP_PKEY_free(pkey) ++ return nil, errors.New("crypto/ecdh: " + err.Error()) ++ } ++ return pkey, nil +} + -+// deriveEcdhPublicKey sets the raw public key of pkey by deriving it from -+// the raw private key. -+func deriveEcdhPublicKey(pkey C.GO_EVP_PKEY_PTR, curve string) error { -+ derive := func(group C.GO_EC_GROUP_PTR, priv C.GO_BIGNUM_PTR) (C.GO_EC_POINT_PTR, error) { -+ // OpenSSL does not expose any method to generate the public -+ // key from the private key [1], so we have to calculate it here. -+ // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 -+ pt := C.go_openssl_EC_POINT_new(group) -+ if pt == nil { -+ return nil, newOpenSSLError("EC_POINT_new") -+ } -+ if C.go_openssl_EC_POINT_mul(group, pt, priv, nil, nil, nil) == 0 { -+ C.go_openssl_EC_POINT_free(pt) -+ return nil, newOpenSSLError("EC_POINT_mul") -+ } -+ return pt, nil ++func pointMult(group C.GO_EC_GROUP_PTR, priv C.GO_BIGNUM_PTR) (C.GO_EC_POINT_PTR, error) { ++ // OpenSSL does not expose any method to generate the public ++ // key from the private key [1], so we have to calculate it here. ++ // [1] https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206 ++ pt := C.go_openssl_EC_POINT_new(group) ++ if pt == nil { ++ return nil, newOpenSSLError("EC_POINT_new") + } -+ switch vMajor { -+ case 1: -+ key := getECKey(pkey) -+ priv := C.go_openssl_EC_KEY_get0_private_key(key) -+ if priv == nil { -+ return newOpenSSLError("EC_KEY_get0_private_key") -+ } -+ group := C.go_openssl_EC_KEY_get0_group(key) -+ pub, err := derive(group, priv) -+ if err != nil { -+ return err -+ } -+ defer C.go_openssl_EC_POINT_free(pub) -+ if C.go_openssl_EC_KEY_set_public_key(key, pub) != 1 { -+ return newOpenSSLError("EC_KEY_set_public_key") -+ } -+ case 3: -+ var priv C.GO_BIGNUM_PTR -+ if C.go_openssl_EVP_PKEY_get_bn_param(pkey, _OSSL_PKEY_PARAM_PRIV_KEY, &priv) != 1 { -+ return newOpenSSLError("EVP_PKEY_get_bn_param") -+ } -+ defer C.go_openssl_BN_clear_free(priv) -+ nid, _ := curveNID(curve) -+ pubBytes, err := generateAndEncodeEcPublicKey(nid, func(group C.GO_EC_GROUP_PTR) (C.GO_EC_POINT_PTR, error) { -+ return derive(group, priv) -+ }) -+ if err != nil { -+ return err -+ } -+ if C.go_openssl_EVP_PKEY_set1_encoded_public_key(pkey, base(pubBytes), C.size_t(len(pubBytes))) != 1 { -+ return newOpenSSLError("EVP_PKEY_set1_encoded_public_key") -+ } -+ default: -+ panic(errUnsupportedVersion()) ++ if C.go_openssl_EC_POINT_mul(group, pt, priv, nil, nil, nil) == 0 { ++ C.go_openssl_EC_POINT_free(pt) ++ return nil, newOpenSSLError("EC_POINT_mul") + } -+ return nil ++ return pt, nil +} + +func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { @@ -1887,16 +1893,16 @@ index 00000000000000..5b146749350bf5 + if err := bnToBinPad(priv, bytes); err != nil { + return nil, nil, err + } -+ k = &PrivateKeyECDH{pkey, curve, true} ++ k = &PrivateKeyECDH{pkey, curve} + runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) + return k, bytes, nil +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go new file mode 100644 -index 00000000000000..f85782a6e92268 +index 00000000000000..bc5f1117fd4355 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ecdsa.go -@@ -0,0 +1,211 @@ +@@ -0,0 +1,208 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2021,10 +2027,7 @@ index 00000000000000..f85782a6e92268 +} + +func newECDSAKey(curve string, x, y, d BigInt) (C.GO_EVP_PKEY_PTR, error) { -+ nid, err := curveNID(curve) -+ if err != nil { -+ return nil, err -+ } ++ nid := curveNID(curve) + var bx, by, bd C.GO_BIGNUM_PTR + defer func() { + C.go_openssl_BN_free(bx) @@ -2110,10 +2113,10 @@ index 00000000000000..f85782a6e92268 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go new file mode 100644 -index 00000000000000..77ccbf590d87b5 +index 00000000000000..cd237025109997 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,221 @@ +@@ -0,0 +1,218 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2125,7 +2128,6 @@ index 00000000000000..77ccbf590d87b5 + "runtime" + "strconv" + "sync" -+ "unsafe" +) + +const ( @@ -2153,9 +2155,7 @@ index 00000000000000..77ccbf590d87b5 + } + } + case 3: -+ name := C.CString("ED25519") -+ defer C.free(unsafe.Pointer(name)) -+ sig := C.go_openssl_EVP_SIGNATURE_fetch(nil, name, nil) ++ sig := C.go_openssl_EVP_SIGNATURE_fetch(nil, keyTypeED25519, nil) + if sig != nil { + C.go_openssl_EVP_SIGNATURE_free(sig) + return true @@ -2337,10 +2337,10 @@ index 00000000000000..77ccbf590d87b5 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go new file mode 100644 -index 00000000000000..91296a93f72d55 +index 00000000000000..ef68bbfb8fb065 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -@@ -0,0 +1,519 @@ +@@ -0,0 +1,569 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2356,6 +2356,12 @@ index 00000000000000..91296a93f72d55 + "unsafe" +) + ++var ( ++ keyTypeRSA = C.CString("RSA") ++ keyTypeEC = C.CString("EC") ++ keyTypeED25519 = C.CString("ED25519") ++) ++ +// cacheMD is a cache of crypto.Hash to GO_EVP_MD_PTR. +var cacheMD sync.Map + @@ -2500,36 +2506,53 @@ index 00000000000000..91296a93f72d55 + return nil +} + ++// generateEVPPKey generates a new EVP_PKEY with the given id and properties. +func generateEVPPKey(id C.int, bits int, curve string) (C.GO_EVP_PKEY_PTR, error) { + if bits != 0 && curve != "" { + return nil, fail("incorrect generateEVPPKey parameters") + } -+ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(id, nil) -+ if ctx == nil { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_new_id failed") -+ } -+ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) -+ if C.go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_keygen_init failed") -+ } -+ if bits != 0 { -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, C.GO_EVP_PKEY_CTRL_RSA_KEYGEN_BITS, C.int(bits), nil) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") ++ var pkey C.GO_EVP_PKEY_PTR ++ switch vMajor { ++ case 1: ++ ctx := C.go_openssl_EVP_PKEY_CTX_new_id(id, nil) ++ if ctx == nil { ++ return nil, newOpenSSLError("EVP_PKEY_CTX_new_id") + } -+ } -+ if curve != "" { -+ nid, err := curveNID(curve) -+ if err != nil { -+ return nil, err ++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ if C.go_openssl_EVP_PKEY_keygen_init(ctx) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_keygen_init") + } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, C.GO_EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, nil) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") ++ if bits != 0 { ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, C.GO_EVP_PKEY_CTRL_RSA_KEYGEN_BITS, C.int(bits), nil) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl") ++ } + } ++ if curve != "" { ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, id, -1, C.GO_EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, curveNID(curve), nil) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl") ++ } ++ } ++ if C.go_openssl_EVP_PKEY_keygen(ctx, &pkey) != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_keygen") ++ } ++ case 3: ++ switch id { ++ case C.GO_EVP_PKEY_RSA: ++ pkey = C.go_openssl_EVP_PKEY_Q_keygen_RSA(nil, nil, keyTypeRSA, C.size_t(bits)) ++ case C.GO_EVP_PKEY_EC: ++ pkey = C.go_openssl_EVP_PKEY_Q_keygen_EC(nil, nil, keyTypeEC, C.go_openssl_OBJ_nid2sn(curveNID(curve))) ++ case C.GO_EVP_PKEY_ED25519: ++ pkey = C.go_openssl_EVP_PKEY_Q_keygen(nil, nil, keyTypeED25519) ++ default: ++ panic("unsupported key type '" + strconv.Itoa(int(id)) + "'") ++ } ++ if pkey == nil { ++ return nil, newOpenSSLError("EVP_PKEY_Q_keygen") ++ } ++ default: ++ panic(errUnsupportedVersion()) + } -+ var pkey C.GO_EVP_PKEY_PTR -+ if C.go_openssl_EVP_PKEY_keygen(ctx, &pkey) != 1 { -+ return nil, newOpenSSLError("EVP_PKEY_keygen failed") -+ } ++ + return pkey, nil +} + @@ -2856,16 +2879,43 @@ index 00000000000000..91296a93f72d55 + } + var pkey C.GO_EVP_PKEY_PTR + if C.go_openssl_EVP_PKEY_fromdata(ctx, &pkey, selection, params) != 1 { ++ if vMajor == 3 && vMinor <= 2 { ++ // OpenSSL 3.0.1 and 3.0.2 have a bug where EVP_PKEY_fromdata ++ // does not free the internally allocated EVP_PKEY on error. ++ // See https://github.com/openssl/openssl/issues/17407. ++ C.go_openssl_EVP_PKEY_free(pkey) ++ } + return nil, newOpenSSLError("EVP_PKEY_fromdata") + } + return pkey, nil +} ++ ++func checkPkey(pkey C.GO_EVP_PKEY_PTR, isPrivate bool) error { ++ ctx := C.go_openssl_EVP_PKEY_CTX_new(pkey, nil) ++ if ctx == nil { ++ return newOpenSSLError("EVP_PKEY_CTX_new") ++ } ++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ if isPrivate { ++ if C.go_openssl_EVP_PKEY_private_check(ctx) != 1 { ++ // Match upstream error message. ++ return errors.New("invalid private key") ++ } ++ } else { ++ // Upstream Go does a partial check here, so do we. ++ if C.go_openssl_EVP_PKEY_public_check_quick(ctx) != 1 { ++ // Match upstream error message. ++ return errors.New("invalid public key") ++ } ++ } ++ return nil ++} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.c b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.c new file mode 100644 -index 00000000000000..c3385b9d0186c6 +index 00000000000000..626f184badc53d --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.c -@@ -0,0 +1,240 @@ +@@ -0,0 +1,248 @@ +//go:build unix || windows + +#include "goopenssl.h" @@ -2890,6 +2940,7 @@ index 00000000000000..c3385b9d0186c6 +#define DEFINEFUNC_3_0(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall) +#define DEFINEFUNC_RENAMED_1_1(ret, func, oldfunc, args, argscall) DEFINEFUNC(ret, func, args, argscall) +#define DEFINEFUNC_RENAMED_3_0(ret, func, oldfunc, args, argscall) DEFINEFUNC(ret, func, args, argscall) ++#define DEFINEFUNC_VARIADIC_3_0(ret, func, newname, args, argscall) DEFINEFUNC(ret, newname, args, argscall) + +FOR_ALL_OPENSSL_FUNCTIONS + @@ -2902,6 +2953,7 @@ index 00000000000000..c3385b9d0186c6 +#undef DEFINEFUNC_3_0 +#undef DEFINEFUNC_RENAMED_1_1 +#undef DEFINEFUNC_RENAMED_3_0 ++#undef DEFINEFUNC_VARIADIC_3_0 + +// go_openssl_fips_enabled returns 1 if FIPS mode is enabled, 0 otherwise. +// As a special case, it returns -1 if it cannot determine if FIPS mode is enabled. @@ -3008,6 +3060,11 @@ index 00000000000000..c3385b9d0186c6 + { \ + DEFINEFUNC_INTERNAL(func, #func) \ + } ++#define DEFINEFUNC_VARIADIC_3_0(ret, func, newname, args, argscall) \ ++ if (major == 3) \ ++ { \ ++ DEFINEFUNC_INTERNAL(newname, #func) \ ++ } + +FOR_ALL_OPENSSL_FUNCTIONS + @@ -3020,6 +3077,7 @@ index 00000000000000..c3385b9d0186c6 +#undef DEFINEFUNC_3_0 +#undef DEFINEFUNC_RENAMED_1_1 +#undef DEFINEFUNC_RENAMED_3_0 ++#undef DEFINEFUNC_VARIADIC_3_0 +} + +static unsigned long @@ -3108,10 +3166,10 @@ index 00000000000000..c3385b9d0186c6 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h new file mode 100644 -index 00000000000000..a50caa3d82312c +index 00000000000000..1165f99157c663 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h -@@ -0,0 +1,259 @@ +@@ -0,0 +1,262 @@ +// This header file describes the OpenSSL ABI as built for use in Go. + +#include // size_t @@ -3173,6 +3231,8 @@ index 00000000000000..a50caa3d82312c + DEFINEFUNC(ret, func, args, argscall) +#define DEFINEFUNC_RENAMED_3_0(ret, func, oldfunc, args, argscall) \ + DEFINEFUNC(ret, func, args, argscall) ++#define DEFINEFUNC_VARIADIC_3_0(ret, func, newname, args, argscall) \ ++ DEFINEFUNC(ret, newname, args, argscall) + +FOR_ALL_OPENSSL_FUNCTIONS + @@ -3185,6 +3245,7 @@ index 00000000000000..a50caa3d82312c +#undef DEFINEFUNC_3_0 +#undef DEFINEFUNC_RENAMED_1_1 +#undef DEFINEFUNC_RENAMED_3_0 ++#undef DEFINEFUNC_VARIADIC_3_0 + +// go_hash_sum copies ctx into ctx2 and calls EVP_DigestFinal using ctx2. +// This is necessary because Go hash.Hash mandates that Sum has no effect @@ -4421,10 +4482,10 @@ index 00000000000000..6fd3a518906004 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go new file mode 100644 -index 00000000000000..f2ff598de65b2d +index 00000000000000..d4f8aa6a92a6fb --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,285 @@ +@@ -0,0 +1,322 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -4578,6 +4639,43 @@ index 00000000000000..f2ff598de65b2d + } +} + ++// ExpandHKDFOneShot derives a key from the given hash, key, and optional context info. ++func ExpandHKDFOneShot(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ if !SupportsHKDF() { ++ return nil, errUnsupportedVersion() ++ } ++ ++ md, err := hashFuncToMD(h) ++ if err != nil { ++ return nil, err ++ } ++ ++ out := make([]byte, keyLength) ++ switch vMajor { ++ case 1: ++ ctx, err := newHKDFCtx1(md, C.GO_EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx) ++ if C.go_openssl_EVP_PKEY_derive_wrapper(ctx, base(out), C.size_t(keyLength)).result != 1 { ++ return nil, newOpenSSLError("EVP_PKEY_derive") ++ } ++ case 3: ++ ctx, err := newHKDFCtx3(md, C.GO_EVP_KDF_HKDF_MODE_EXPAND_ONLY, nil, nil, pseudorandomKey, info) ++ if err != nil { ++ return nil, err ++ } ++ defer C.go_openssl_EVP_KDF_CTX_free(ctx) ++ if C.go_openssl_EVP_KDF_derive(ctx, base(out), C.size_t(keyLength), nil) != 1 { ++ return nil, newOpenSSLError("EVP_KDF_derive") ++ } ++ default: ++ panic(errUnsupportedVersion()) ++ } ++ return out, nil ++} ++ +func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { + if !SupportsHKDF() { + return nil, errUnsupportedVersion() @@ -5141,10 +5239,10 @@ index 00000000000000..3778e21227abb9 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go new file mode 100644 -index 00000000000000..f8b3f6ee140ace +index 00000000000000..145b082f1b771c --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,462 @@ +@@ -0,0 +1,469 @@ +//go:build !cmd_go_bootstrap + +// Package openssl provides access to OpenSSL cryptographic functions. @@ -5250,6 +5348,7 @@ index 00000000000000..f8b3f6ee140ace + providerNameFips = C.CString("fips") + providerNameDefault = C.CString("default") + propFIPS = C.CString("fips=yes") ++ propNoFIPS = C.CString("-fips") + + algorithmSHA256 = C.CString("SHA2-256") +) @@ -5274,12 +5373,7 @@ index 00000000000000..f8b3f6ee140ace + // but that is highly unlikely because SHA-256 is one of the most common algorithms and fundamental to many cryptographic operations. + // It also has a small chance of false positive if the FIPS provider implements the SHA-256 algorithm but not the other algorithms + // used by the caller application, but that is also unlikely because the FIPS provider should provide all common algorithms. -+ md := C.go_openssl_EVP_MD_fetch(nil, algorithmSHA256, nil) -+ if md == nil { -+ return false -+ } -+ C.go_openssl_EVP_MD_free(md) -+ return true ++ return proveSHA256(nil) + default: + panic(errUnsupportedVersion()) + } @@ -5288,6 +5382,9 @@ index 00000000000000..f8b3f6ee140ace +// isProviderAvailable checks if the provider with the given name is available. +// This function is used in export_test.go, but must be defined here as test files can't access C functions. +func isProviderAvailable(name string) bool { ++ if vMajor == 1 { ++ return false ++ } + providerName := C.CString(name) + defer C.free(unsafe.Pointer(providerName)) + return C.go_openssl_OSSL_PROVIDER_available(nil, providerName) == 1 @@ -5295,11 +5392,15 @@ index 00000000000000..f8b3f6ee140ace + +// SetFIPS enables or disables FIPS mode. +// -+// For OpenSSL 3, the `fips` provider is loaded if enabled is true, -+// else the `default` provider is loaded. -+func SetFIPS(enabled bool) error { ++// For OpenSSL 3, if there is no provider available that supports FIPS mode, ++// SetFIPS will try to load a built-in provider that supports FIPS mode. ++func SetFIPS(enable bool) error { ++ if FIPS() == enable { ++ // Already in the desired state. ++ return nil ++ } + var mode C.int -+ if enabled { ++ if enable { + mode = C.int(1) + } else { + mode = C.int(0) @@ -5311,31 +5412,23 @@ index 00000000000000..f8b3f6ee140ace + } + return nil + case 3: -+ var provName *C.char -+ if enabled { ++ var shaProps, provName *C.char ++ if enable { ++ shaProps = propFIPS + provName = providerNameFips + } else { ++ shaProps = propNoFIPS + provName = providerNameDefault + } -+ // Try to load the provider, but don't fail if it's not loaded. -+ // The built-in provider might not be present in the system. -+ // We don't need the built-in provider if third-party providers are being used: they are already loaded. -+ // If the system is not well-configured and has no FIPS capability, this will be detected by the next steps. -+ C.go_openssl_OSSL_PROVIDER_try_load(nil, provName, 1) -+ C.go_openssl_ERR_clear_error() -+ -+ // See FIPS() for the rationale behind this check. -+ md := C.go_openssl_EVP_MD_fetch(nil, algorithmSHA256, propFIPS) -+ if md == nil { -+ // Don't enable FIPS mode if there is no provider that supports it. -+ // This makes it easier for callers to call SetFIPS(true) to do a -+ // best-effort attempt to enable FIPS mode, but not fail if it's not possible. -+ C.go_openssl_ERR_clear_error() -+ return errors.New("openssl: FIPS mode not supported by any provider") ++ if !proveSHA256(shaProps) { ++ // There is no provider available that supports the desired FIPS mode. ++ // Try to load the built-in provider associated with the given mode. ++ if C.go_openssl_OSSL_PROVIDER_try_load(nil, provName, 1) == nil { ++ // The built-in provider was not loaded successfully, we can't enable FIPS mode. ++ C.go_openssl_ERR_clear_error() ++ return errors.New("openssl: FIPS mode not supported by any provider") ++ } + } -+ C.go_openssl_EVP_MD_free(md) -+ -+ // Enable FIPS mode in the default properties. + if C.go_openssl_EVP_default_properties_enable_fips(nil, mode) != 1 { + return newOpenSSLError("EVP_default_properties_enable_fips") + } @@ -5345,6 +5438,18 @@ index 00000000000000..f8b3f6ee140ace + } +} + ++// proveSHA256 checks if the SHA-256 algorithm is available ++// using the given properties. ++func proveSHA256(props *C.char) bool { ++ md := C.go_openssl_EVP_MD_fetch(nil, algorithmSHA256, props) ++ if md == nil { ++ C.go_openssl_ERR_clear_error() ++ return false ++ } ++ C.go_openssl_EVP_MD_free(md) ++ return true ++} ++ +// noescape hides a pointer from escape analysis. noescape is +// the identity function but escape analysis doesn't think the +// output depends on the input. noescape is inlined and currently @@ -6215,7 +6320,7 @@ index 00000000000000..f1cd3647fb9753 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rsa.go b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go new file mode 100644 -index 00000000000000..cd5b3b8e2a9a85 +index 00000000000000..da5c7636173775 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/rsa.go @@ -0,0 +1,408 @@ @@ -6459,7 +6564,7 @@ index 00000000000000..cd5b3b8e2a9a85 + // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject + // it, and lengths < -2, before we convert to the OpenSSL sentinel values. + if saltLen <= -2 { -+ return 0, errors.New("crypto/rsa: PSSOptions.SaltLength cannot be negative") ++ return 0, errors.New("crypto/rsa: invalid PSS salt length") + } + // OpenSSL uses sentinel salt length values like Go crypto does, + // but the values don't fully match for rsa.PSSSaltLengthAuto (0). @@ -6629,10 +6734,10 @@ index 00000000000000..cd5b3b8e2a9a85 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/shims.h new file mode 100644 -index 00000000000000..156d8e8ada678c +index 00000000000000..c8f599f71c0b20 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/shims.h -@@ -0,0 +1,401 @@ +@@ -0,0 +1,416 @@ +#include // size_t +#include // uint64_t + @@ -6792,6 +6897,15 @@ index 00000000000000..156d8e8ada678c +// DEFINEFUNC_RENAMED_3_0 acts like DEFINEFUNC but tries to load the function using the new name when using >= 3.x +// and the old name when using 1.x. In both cases the function will have the new name. +// ++// DEFINEFUNC_VARIADIC_3_0 acts like DEFINEFUNC but creates an alias with a more specific signature. ++// This is necessary to call variadic functions (functions that accept a variable number of arguments) ++// because variadic functions are not directly compatible with cgo. By defining a cgo-compatible alias ++// for each desired signature, the C compiler handles the variadic arguments rather than cgo. ++// Variadic functions are the only known incompatibility of this kind. ++// If you use this macro for a different reason, consider renaming it to something more general first. ++// See https://github.com/golang/go/issues/975. ++// The process is aborted if the function can't be loaded when using 3.0.0 or higher. ++// +// #include +// #include +// #include @@ -6933,6 +7047,9 @@ index 00000000000000..156d8e8ada678c +DEFINEFUNC(int, EVP_PKEY_paramgen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \ +DEFINEFUNC(int, EVP_PKEY_keygen_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ +DEFINEFUNC(int, EVP_PKEY_keygen, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR *ppkey), (ctx, ppkey)) \ ++DEFINEFUNC_VARIADIC_3_0(GO_EVP_PKEY_PTR, EVP_PKEY_Q_keygen, EVP_PKEY_Q_keygen, (GO_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type), (ctx, propq, type)) \ ++DEFINEFUNC_VARIADIC_3_0(GO_EVP_PKEY_PTR, EVP_PKEY_Q_keygen, EVP_PKEY_Q_keygen_RSA, (GO_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, size_t arg1), (ctx, propq, type, arg1)) \ ++DEFINEFUNC_VARIADIC_3_0(GO_EVP_PKEY_PTR, EVP_PKEY_Q_keygen, EVP_PKEY_Q_keygen_EC, (GO_OSSL_LIB_CTX_PTR ctx, const char *propq, const char *type, const char *arg1), (ctx, propq, type, arg1)) \ +DEFINEFUNC(void, EVP_PKEY_CTX_free, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \ +DEFINEFUNC(int, EVP_PKEY_CTX_ctrl, (GO_EVP_PKEY_CTX_PTR ctx, int keytype, int optype, int cmd, int p1, void *p2), (ctx, keytype, optype, cmd, p1, p2)) \ +DEFINEFUNC(int, EVP_PKEY_decrypt, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \ @@ -6945,6 +7062,8 @@ index 00000000000000..156d8e8ada678c +DEFINEFUNC(int, EVP_PKEY_derive_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ +DEFINEFUNC(int, EVP_PKEY_derive_set_peer, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR peer), (ctx, peer)) \ +DEFINEFUNC(int, EVP_PKEY_derive, (GO_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen), (ctx, key, keylen)) \ ++DEFINEFUNC_3_0(int, EVP_PKEY_public_check_quick, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ ++DEFINEFUNC_3_0(int, EVP_PKEY_private_check, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \ +DEFINEFUNC_LEGACY_1_0(void*, EVP_PKEY_get0, (GO_EVP_PKEY_PTR pkey), (pkey)) \ +DEFINEFUNC_LEGACY_1_1(GO_EC_KEY_PTR, EVP_PKEY_get0_EC_KEY, (GO_EVP_PKEY_PTR pkey), (pkey)) \ +DEFINEFUNC_LEGACY_1_1(GO_DSA_PTR, EVP_PKEY_get0_DSA, (GO_EVP_PKEY_PTR pkey), (pkey)) \ @@ -6980,6 +7099,7 @@ index 00000000000000..156d8e8ada678c +DEFINEFUNC_LEGACY_1(const GO_EC_POINT_PTR, EC_KEY_get0_public_key, (const GO_EC_KEY_PTR arg0), (arg0)) \ +DEFINEFUNC_LEGACY_1(GO_EC_KEY_PTR, EC_KEY_new_by_curve_name, (int arg0), (arg0)) \ +DEFINEFUNC_LEGACY_1(int, EC_KEY_set_private_key, (GO_EC_KEY_PTR arg0, const GO_BIGNUM_PTR arg1), (arg0, arg1)) \ ++DEFINEFUNC_LEGACY_1(int, EC_KEY_check_key, (const GO_EC_KEY_PTR key), (key)) \ +DEFINEFUNC(GO_EC_POINT_PTR, EC_POINT_new, (const GO_EC_GROUP_PTR arg0), (arg0)) \ +DEFINEFUNC(void, EC_POINT_free, (GO_EC_POINT_PTR arg0), (arg0)) \ +DEFINEFUNC(int, EC_POINT_mul, (const GO_EC_GROUP_PTR group, GO_EC_POINT_PTR r, const GO_BIGNUM_PTR n, const GO_EC_POINT_PTR q, const GO_BIGNUM_PTR m, GO_BN_CTX_PTR ctx), (group, r, n, q, m, ctx)) \ @@ -8270,10 +8390,10 @@ index 00000000000000..de3f05b84f1d82 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go new file mode 100644 -index 00000000000000..5d4d3974d0c52c +index 00000000000000..7ab5ac38921d82 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/dsa.go -@@ -0,0 +1,469 @@ +@@ -0,0 +1,465 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8337,11 +8457,11 @@ index 00000000000000..5d4d3974d0c52c + return uint32(len(p.Q)) +} + -+// GenerateDSAParameters generates a set of DSA parameters for a key of size L bytes. ++// GenerateParametersDSA generates a set of DSA parameters for a key of size L bytes. +// If L is less than or equal to 1024, the parameters are generated according to FIPS 186-2. +// If L is greater than 1024, the parameters are generated according to FIPS 186-3. +// The returned parameters are suitable for use in GenerateKey. -+func GenerateDSAParameters(L int) (params DSAParameters, err error) { ++func GenerateParametersDSA(L int) (params DSAParameters, err error) { + h, err := loadDSA() + if err != nil { + return DSAParameters{}, err @@ -8389,35 +8509,31 @@ index 00000000000000..5d4d3974d0c52c +} + +// GenerateKeyDSA generates a new private DSA key using the given parameters. -+func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) { ++func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) { + h, err := loadDSA() + if err != nil { -+ return nil, err ++ return nil, nil, err + } + keySize := params.keySize() + if !keyIsAllowed(h.allowedKeyLengths, keySize*8) { -+ return nil, errors.New("crypto/dsa: invalid key size") ++ return nil, nil, errors.New("crypto/dsa: invalid key size") + } + var hkey bcrypt.KEY_HANDLE + if err := bcrypt.GenerateKeyPair(h.handle, &hkey, keySize*8, 0); err != nil { -+ return nil, err ++ return nil, nil, err + } ++ defer bcrypt.DestroyKey(hkey) + if err := setDSAParameter(hkey, params); err != nil { -+ bcrypt.DestroyKey(hkey) -+ return nil, err ++ return nil, nil, err + } + if err := bcrypt.FinalizeKeyPair(hkey, 0); err != nil { -+ bcrypt.DestroyKey(hkey) -+ return nil, err ++ return nil, nil, err + } -+ _, x, y, err := decodeDSAKey(hkey, true) ++ _, x, y, err = decodeDSAKey(hkey, true) + if err != nil { -+ bcrypt.DestroyKey(hkey) -+ return nil, err ++ return nil, nil, err + } -+ k := &PrivateKeyDSA{params, x, y, hkey} -+ runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize) -+ return k, nil ++ return x, y, nil +} + +// NewPrivateKeyDSA creates a new DSA private key from the given parameters. @@ -9493,10 +9609,10 @@ index 00000000000000..87b1c95dc7f911 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go new file mode 100644 -index 00000000000000..5338fb5c7b187c +index 00000000000000..20bcc79a46ba0d --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -@@ -0,0 +1,180 @@ +@@ -0,0 +1,124 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9509,7 +9625,6 @@ index 00000000000000..5338fb5c7b187c + "encoding/binary" + "errors" + "hash" -+ "io" + "runtime" + "unsafe" + @@ -9527,99 +9642,23 @@ index 00000000000000..5338fb5c7b187c + }) +} + -+type hkdf struct { -+ hkey bcrypt.KEY_HANDLE -+ info []byte -+ -+ hashLen int -+ n int // count of bytes requested from Read -+ // buf contains the derived data. -+ // len(buf) can be larger than n, as Read may derive -+ // more data than requested and cache it in buf. -+ buf []byte -+} -+ -+func (c *hkdf) finalize() { -+ bcrypt.DestroyKey(c.hkey) -+} -+ -+func hkdfDerive(hkey bcrypt.KEY_HANDLE, info, out []byte) (int, error) { -+ var params *bcrypt.BufferDesc -+ if len(info) > 0 { -+ params = &bcrypt.BufferDesc{ -+ Count: 1, -+ Buffers: &bcrypt.Buffer{ -+ Length: uint32(len(info)), -+ Type: bcrypt.KDF_HKDF_INFO, -+ Data: uintptr(unsafe.Pointer(&info[0])), -+ }, -+ } -+ defer runtime.KeepAlive(params) -+ } -+ var n uint32 -+ err := bcrypt.KeyDerivation(hkey, params, out, &n, 0) -+ return int(n), err -+} -+ -+func (c *hkdf) Read(p []byte) (int, error) { -+ // KeyDerivation doesn't support incremental output, each call -+ // derives the key from scratch and returns the requested bytes. -+ // To implement io.Reader, we need to ask for len(c.buf) + len(p) -+ // bytes and copy the last derived len(p) bytes to p. -+ maxDerived := 255 * c.hashLen -+ totalDerived := c.n + len(p) -+ // Check whether enough data can be derived. -+ if totalDerived > maxDerived { -+ return 0, errors.New("hkdf: entropy limit reached") -+ } -+ // Check whether c.buf already contains enough derived data, -+ // otherwise derive more data. -+ if bytesNeeded := totalDerived - len(c.buf); bytesNeeded > 0 { -+ // It is common to derive multiple equally sized keys from the same HKDF instance. -+ // Optimize this case by allocating a buffer large enough to hold -+ // at least 3 of such keys each time there is not enough data. -+ // Round up to the next multiple of hashLen. -+ blocks := (bytesNeeded-1)/c.hashLen + 1 -+ const minBlocks = 3 -+ if blocks < minBlocks { -+ blocks = minBlocks -+ } -+ alloc := blocks * c.hashLen -+ if len(c.buf)+alloc > maxDerived { -+ // The buffer can't grow beyond maxDerived. -+ alloc = maxDerived - len(c.buf) -+ } -+ c.buf = append(c.buf, make([]byte, alloc)...) -+ n, err := hkdfDerive(c.hkey, c.info, c.buf) -+ if err != nil { -+ c.buf = c.buf[:c.n] -+ return 0, err -+ } -+ // Adjust totalDerived to the actual number of bytes derived. -+ totalDerived = n -+ } -+ n := copy(p, c.buf[c.n:totalDerived]) -+ c.n += n -+ return n, nil -+} -+ -+func newHKDF(h func() hash.Hash, secret, salt []byte, info []byte) (*hkdf, error) { ++func newHKDF(h func() hash.Hash, secret, salt []byte, info []byte) (bcrypt.KEY_HANDLE, error) { + ch := h() + hashID := hashToID(ch) + if hashID == "" { -+ return nil, errors.New("cng: unsupported hash function") ++ return 0, errors.New("cng: unsupported hash function") + } + alg, err := loadHKDF() + if err != nil { -+ return nil, err ++ return 0, err + } + var kh bcrypt.KEY_HANDLE + if err := bcrypt.GenerateSymmetricKey(alg, &kh, nil, secret, 0); err != nil { -+ return nil, err ++ return 0, err + } + if err := setString(bcrypt.HANDLE(kh), bcrypt.HKDF_HASH_ALGORITHM, hashID); err != nil { + bcrypt.DestroyKey(kh) -+ return nil, err ++ return 0, err + } + if salt != nil { + // Used for Extract. @@ -9630,11 +9669,9 @@ index 00000000000000..5338fb5c7b187c + } + if err != nil { + bcrypt.DestroyKey(kh) -+ return nil, err ++ return 0, err + } -+ k := &hkdf{kh, info, ch.Size(), 0, nil} -+ runtime.SetFinalizer(k, (*hkdf).finalize) -+ return k, nil ++ return kh, nil +} + +func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { @@ -9646,11 +9683,11 @@ index 00000000000000..5338fb5c7b187c + if err != nil { + return nil, err + } -+ hdr, blob, err := exportKeyData(kh.hkey) ++ defer bcrypt.DestroyKey(kh) ++ hdr, blob, err := exportKeyData(kh) + if err != nil { + return nil, err + } -+ runtime.KeepAlive(kh) + if hdr.Version != bcrypt.KEY_DATA_BLOB_VERSION1 { + return nil, errors.New("cng: unknown key data blob version") + } @@ -9670,12 +9707,35 @@ index 00000000000000..5338fb5c7b187c + return blob[cbHashName:], nil +} + -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { ++// ExpandHKDF derives a key from the given hash, key, and optional context info. ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { + kh, err := newHKDF(h, pseudorandomKey, nil, info) + if err != nil { + return nil, err + } -+ return kh, nil ++ defer bcrypt.DestroyKey(kh) ++ out := make([]byte, keyLength) ++ var params *bcrypt.BufferDesc ++ if len(info) > 0 { ++ params = &bcrypt.BufferDesc{ ++ Count: 1, ++ Buffers: &bcrypt.Buffer{ ++ Length: uint32(len(info)), ++ Type: bcrypt.KDF_HKDF_INFO, ++ Data: uintptr(unsafe.Pointer(&info[0])), ++ }, ++ } ++ defer runtime.KeepAlive(params) ++ } ++ var n uint32 ++ err = bcrypt.KeyDerivation(kh, params, out, &n, 0) ++ if err != nil { ++ return nil, err ++ } ++ if int(n) != keyLength { ++ return nil, errors.New("cng: key derivation returned unexpected length") ++ } ++ return out, err +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hmac.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hmac.go new file mode 100644 @@ -10127,10 +10187,10 @@ index 00000000000000..f484a3e2211e04 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go new file mode 100644 -index 00000000000000..e9e2a09083a05c +index 00000000000000..0269f9cf86539e --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go -@@ -0,0 +1,370 @@ +@@ -0,0 +1,396 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -10365,18 +10425,36 @@ index 00000000000000..e9e2a09083a05c + return keyVerify(pub.hkey, unsafe.Pointer(&info), hashed, sig, bcrypt.PAD_PSS) +} + -+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++// SignRSAPKCS1v15 calculates the signature of hashed using ++// RSASSA-PKCS1-V1_5-SIGN from RSA PKCS #1 v1.5. Note that hashed must ++// be the result of hashing the input message using the given hash ++// function. If hash is zero, hashed is signed directly. ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, hash crypto.Hash, hashed []byte) ([]byte, error) { + defer runtime.KeepAlive(priv) -+ info, err := newPKCS1_PADDING_INFO(h) ++ if hash != crypto.Hash(0) { ++ if len(hashed) != hash.Size() { ++ return nil, errors.New("crypto/rsa: input must be hashed message") ++ } ++ } ++ info, err := newPKCS1_PADDING_INFO(hash) + if err != nil { + return nil, err + } + return keySign(priv.hkey, unsafe.Pointer(&info), hashed, bcrypt.PAD_PKCS1) +} + -+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++// VerifyPKCS1v15 verifies an RSA PKCS #1 v1.5 signature. ++// hashed is the result of hashing the input message using the given hash ++// function and sig is the signature. A valid signature is indicated by ++// returning a nil error. If hash is zero then hashed is used directly. ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, hash crypto.Hash, hashed, sig []byte) error { + defer runtime.KeepAlive(pub) -+ info, err := newPKCS1_PADDING_INFO(h) ++ if hash != crypto.Hash(0) { ++ if len(hashed) != hash.Size() { ++ return errors.New("crypto/rsa: input must be hashed message") ++ } ++ } ++ info, err := newPKCS1_PADDING_INFO(hash) + if err != nil { + return err + } @@ -10448,7 +10526,7 @@ index 00000000000000..e9e2a09083a05c + + // A salt length of -1 and 0 are valid Go sentinel values. + if saltLen <= -2 { -+ return info, errors.New("crypto/rsa: PSSOptions.SaltLength cannot be negative") ++ return info, errors.New("crypto/rsa: invalid PSS salt length") + } + // CNG does not support salt length special cases like Go crypto does, + // so we do a best-effort to resolve them. @@ -10474,16 +10552,24 @@ index 00000000000000..e9e2a09083a05c + return +} + -+func newPKCS1_PADDING_INFO(h crypto.Hash) (info bcrypt.PKCS1_PADDING_INFO, err error) { -+ if h != 0 { ++func newPKCS1_PADDING_INFO(h crypto.Hash) (bcrypt.PKCS1_PADDING_INFO, error) { ++ var alg *uint16 ++ switch h { ++ case 0: ++ // Unpadded RSA signatures, no need to set the hash algorithm. ++ case crypto.MD5SHA1: ++ // The MD5SHA1 hash is not supported by CNG, but the AlgId field ++ // is only used to pad the signature with the hash OID, and ++ // PKCS1 has historically used a null OID for MD5SHA1. ++ // This is a special case for compatibility with TLS 1.0/1.1. ++ default: + hashID := cryptoHashToID(h) + if hashID == "" { -+ err = errors.New("crypto/rsa: unsupported hash function") -+ } else { -+ info.AlgId = utf16PtrFromString(hashID) ++ return bcrypt.PKCS1_PADDING_INFO{}, errors.New("crypto/rsa: unsupported hash function") + } ++ alg = utf16PtrFromString(hashID) + } -+ return ++ return bcrypt.PKCS1_PADDING_INFO{AlgId: alg}, nil +} + +func cryptoHashToID(ch crypto.Hash) string { @@ -11455,15 +11541,15 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index cf5c0b83c9eeef..7c9bf41ea0bc87 100644 +index cf5c0b83c9eeef..e116e36e2473fd 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d ++# github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From bea526dc93d503fe5c61cca2054d89307eb97095 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 12:18:04 +0100 Subject: [PATCH 144/887] skip TestInvalidPSSSaltLength --- .../0002-Add-crypto-backend-foundation.patch | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 4b635481f20..33b66759f14 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -40,6 +40,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/pkcs1v15.go | 10 +- src/crypto/rsa/pkcs1v15_test.go | 5 + src/crypto/rsa/pss.go | 8 +- + src/crypto/rsa/pss_test.go | 3 + src/crypto/rsa/rsa.go | 21 +- src/crypto/rsa/rsa_test.go | 12 +- src/crypto/sha1/sha1.go | 2 +- @@ -63,7 +64,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1144 insertions(+), 106 deletions(-) + 60 files changed, 1148 insertions(+), 106 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -1507,6 +1508,20 @@ index 5716c464ca0a33..4aac87d7952081 100644 bkey, err := boringPublicKey(pub) if err != nil { return err +diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go +index 637d07e18cff2e..2c82f50adf38b8 100644 +--- a/src/crypto/rsa/pss_test.go ++++ b/src/crypto/rsa/pss_test.go +@@ -296,6 +296,9 @@ func TestInvalidPSSSaltLength(t *testing.T) { + SaltLength: -2, + Hash: crypto.SHA256, + }); err.Error() != InvalidSaltLenErr.Error() { ++ // The OpenSSL and CNG backend returns the error required in Go tip. ++ // This change will conflict with the upstream sync PR, where we will be able to remove this. ++ t.Skip("TODO: unskip when upstream sync PR is merged") + t.Fatalf("SignPSS unexpected error: got %v, want %v", err, InvalidSaltLenErr) + } + diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 4d78d1eaaa6be0..a016c4f8362cf5 100644 --- a/src/crypto/rsa/rsa.go From 8b9c63ddf9b6ab48169118604d338a9d151c37a2 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 16:43:48 +0100 Subject: [PATCH 145/887] fix dsa signatures --- patches/0004-Add-OpenSSL-crypto-backend.patch | 15 +++++---------- patches/0005-Add-CNG-crypto-backend.patch | 17 ++++++----------- 2 files changed, 11 insertions(+), 21 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 83172d6a85a..6e8bf27cac4 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 376 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 371 ++++++++++++++++++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/boring.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 461 insertions(+), 25 deletions(-) + 36 files changed, 456 insertions(+), 25 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -193,10 +193,10 @@ index 00000000000000..e6695dd66b1d02 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..85856d3c900eb8 +index 00000000000000..57af729e1458f5 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,376 @@ +@@ -0,0 +1,371 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -535,12 +535,7 @@ index 00000000000000..85856d3c900eb8 +} + +func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) { -+ generatedKey, err := openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}) -+ if err != nil { -+ return nil, nil, err -+ } -+ -+ return generatedKey.X, generatedKey.Y, nil ++ return openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}) +} + +func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index cc435b0a0ee..8f454e0bd65 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -13,7 +13,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 322 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 317 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- @@ -40,7 +40,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 417 insertions(+), 27 deletions(-) + 36 files changed, 412 insertions(+), 27 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -183,10 +183,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..e6feb6256e4a0d +index 00000000000000..543b5ed1b5d15c --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,322 @@ +@@ -0,0 +1,317 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -486,12 +486,7 @@ index 00000000000000..e6feb6256e4a0d +} + +func GenerateKeyDSA(p, q, g cng.BigInt) (x, y cng.BigInt, err error) { -+ generatedKey, err := cng.GenerateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}) -+ if err != nil { -+ return nil, nil, err -+ } -+ -+ return generatedKey.X, generatedKey.Y, nil ++ return cng.GenerateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}) +} + +func NewPrivateKeyDSA(p, q, g, x, y cng.BigInt) (*cng.PrivateKeyDSA, error) { @@ -616,7 +611,7 @@ index 4aac87d7952081..010ee1467501c3 100644 if err != nil { return err diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index 637d07e18cff2e..21435b86b52dad 100644 +index 2c82f50adf38b8..33630f14dcc8d4 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go @@ -284,7 +284,7 @@ func fromHex(hexStr string) []byte { From fa08c88fbf04fbdafc8837cc3ce7708ca958303e Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 12:03:03 +0100 Subject: [PATCH 146/887] minimize TLS PRF upstream diffs --- .../0002-Add-crypto-backend-foundation.patch | 376 ++++-------------- 1 file changed, 73 insertions(+), 303 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 33b66759f14..607660e7419 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -51,12 +51,11 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/sha512/sha512_test.go | 20 +- src/crypto/tls/boring_test.go | 5 + src/crypto/tls/cipher_suites.go | 2 +- - src/crypto/tls/handshake_client.go | 25 ++- - src/crypto/tls/handshake_server.go | 25 ++- + src/crypto/tls/handshake_client.go | 10 +- + src/crypto/tls/handshake_server.go | 10 +- src/crypto/tls/handshake_server_tls13.go | 10 + - src/crypto/tls/key_schedule.go | 23 ++- - src/crypto/tls/prf.go | 77 ++++--- - src/crypto/tls/prf_test.go | 12 +- + src/crypto/tls/key_schedule.go | 23 +- + src/crypto/tls/prf.go | 36 ++++ src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + src/hash/boring_test.go | 9 + @@ -64,7 +63,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 60 files changed, 1148 insertions(+), 106 deletions(-) + 59 files changed, 1098 insertions(+), 73 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -1846,129 +1845,47 @@ index 917a1eff42d34f..f6f57130b64f41 100644 "crypto/sha1" "crypto/sha256" diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 760e827f467f15..99b44d259e1e02 100644 +index 760e827f467f15..393c59ba8f1183 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go -@@ -770,12 +770,16 @@ func (hs *clientHandshakeState) doFullHandshake() error { - - if hs.serverHello.extendedMasterSecret { - c.extMasterSecret = true -- hs.masterSecret = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, -+ hs.masterSecret, err = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, - hs.finishedHash.Sum()) - } else { -- hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, -+ hs.masterSecret, err = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, - hs.hello.random, hs.serverHello.random) - } -+ if err != nil { -+ c.sendAlert(alertInternalError) -+ return err -+ } - if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.hello.random, hs.masterSecret); err != nil { - c.sendAlert(alertInternalError) - return errors.New("tls: failed to write to key log: " + err.Error()) -@@ -836,8 +840,12 @@ func (hs *clientHandshakeState) doFullHandshake() error { - func (hs *clientHandshakeState) establishKeys() error { - c := hs.c +@@ -541,7 +541,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { -- clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV := -+ clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV, err := - keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.random, hs.serverHello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) -+ if err != nil { -+ c.sendAlert(alertInternalError) -+ return err -+ } - var clientCipher, serverCipher any - var clientHash, serverHash hash.Hash - if hs.suite.cipher != nil { -@@ -977,7 +985,11 @@ func (hs *clientHandshakeState) readFinished(out []byte) error { - return unexpectedMessageError(serverFinished, msg) - } - -- verify := hs.finishedHash.serverSum(hs.masterSecret) -+ verify, err := hs.finishedHash.serverSum(hs.masterSecret) -+ if err != nil { -+ c.sendAlert(alertHandshakeFailure) -+ return err -+ } - if len(verify) != len(serverFinished.verifyData) || - subtle.ConstantTimeCompare(verify, serverFinished.verifyData) != 1 { - c.sendAlert(alertHandshakeFailure) -@@ -1045,7 +1057,10 @@ func (hs *clientHandshakeState) sendFinished(out []byte) error { - } + // Does the handshake, either a full one or resumes old session. Requires hs.c, + // hs.hello, hs.serverHello, and, optionally, hs.session to be set. +-func (hs *clientHandshakeState) handshake() error { ++func (hs *clientHandshakeState) handshake() (err error) { ++ defer func() { ++ if err == nil { ++ err = recoverFromBoringPRFError() ++ if err != nil { ++ hs.c.sendAlert(alertInternalError) ++ } ++ } ++ }() + c := hs.c - finished := new(finishedMsg) -- finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) -+ var err error -+ if finished.verifyData, err = hs.finishedHash.clientSum(hs.masterSecret); err != nil { -+ return err -+ } - if _, err := hs.c.writeHandshakeRecord(finished, &hs.finishedHash); err != nil { - return err - } + isResume, err := hs.processServerHello() diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go -index bc4e51ba364cf1..8b4fc36e49fdf8 100644 +index bc4e51ba364cf1..0933837161573e 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go -@@ -686,12 +686,16 @@ func (hs *serverHandshakeState) doFullHandshake() error { - } - if hs.hello.extendedMasterSecret { - c.extMasterSecret = true -- hs.masterSecret = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, -+ hs.masterSecret, err = extMasterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, - hs.finishedHash.Sum()) - } else { -- hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, -+ hs.masterSecret, err = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, - hs.clientHello.random, hs.hello.random) - } -+ if err != nil { -+ c.sendAlert(alertInternalError) -+ return err -+ } - if err := c.config.writeKeyLog(keyLogLabelTLS12, hs.clientHello.random, hs.masterSecret); err != nil { - c.sendAlert(alertInternalError) - return err -@@ -755,8 +759,12 @@ func (hs *serverHandshakeState) doFullHandshake() error { - func (hs *serverHandshakeState) establishKeys() error { - c := hs.c - -- clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV := -+ clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV, err := - keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) -+ if err != nil { -+ c.sendAlert(alertInternalError) -+ return err -+ } - - var clientCipher, serverCipher any - var clientHash, serverHash hash.Hash -@@ -797,7 +805,11 @@ func (hs *serverHandshakeState) readFinished(out []byte) error { - return unexpectedMessageError(clientFinished, msg) - } +@@ -62,7 +62,15 @@ func (c *Conn) serverHandshake(ctx context.Context) error { + return hs.handshake() + } -- verify := hs.finishedHash.clientSum(hs.masterSecret) -+ verify, err := hs.finishedHash.clientSum(hs.masterSecret) -+ if err != nil { -+ c.sendAlert(alertHandshakeFailure) -+ return err -+ } - if len(verify) != len(clientFinished.verifyData) || - subtle.ConstantTimeCompare(verify, clientFinished.verifyData) != 1 { - c.sendAlert(alertHandshakeFailure) -@@ -859,7 +871,10 @@ func (hs *serverHandshakeState) sendFinished(out []byte) error { - } +-func (hs *serverHandshakeState) handshake() error { ++func (hs *serverHandshakeState) handshake() (err error) { ++ defer func() { ++ if err == nil { ++ err = recoverFromBoringPRFError() ++ if err != nil { ++ hs.c.sendAlert(alertInternalError) ++ } ++ } ++ }() + c := hs.c - finished := new(finishedMsg) -- finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) -+ var err error -+ if finished.verifyData, err = hs.finishedHash.serverSum(hs.masterSecret); err != nil { -+ return err -+ } - if _, err := hs.c.writeHandshakeRecord(finished, &hs.finishedHash); err != nil { - return err - } + if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go index b8cf4c3fa50b24..bc5d32a29c50c4 100644 --- a/src/crypto/tls/handshake_server_tls13.go @@ -2039,7 +1956,7 @@ index 1636baf79e7288..747c3c0883230c 100644 } diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go -index a7fa3370e66c82..3470372b567eba 100644 +index a7fa3370e66c82..e63daa3ed9f894 100644 --- a/src/crypto/tls/prf.go +++ b/src/crypto/tls/prf.go @@ -7,6 +7,7 @@ package tls @@ -2050,204 +1967,57 @@ index a7fa3370e66c82..3470372b567eba 100644 "crypto/md5" "crypto/sha1" "crypto/sha256" -@@ -45,7 +46,13 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { +@@ -44,8 +45,37 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { + } } ++type boringPRFError struct { ++ err error ++} ++ ++func (e *boringPRFError) Error() string { ++ return e.err.Error() ++} ++ ++// recoverFromBoringPRFError recovers from a panic caused by the boring backend. ++// It returns the error if it was a boringPRFError, or panics if the panic was ++// caused by something else. ++func recoverFromBoringPRFError() error { ++ if p := recover(); p != nil { ++ if err, ok := p.(boringPRFError); ok { ++ // Could happen, for example, if the seed is too large. The Go implementation doesn't limit the seed size, ++ // as RFC 5705 doesn't specify a limit, but stock OpenSSL restrict it to 1024 and CNG to 256. ++ return err.err ++ } ++ panic(p) ++ } ++ return nil ++} ++ // prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. --func prf10(result, secret, label, seed []byte) { -+func prf10(result, secret, label, seed []byte) error { -+ if boring.Enabled && boring.SupportsTLS1PRF() && boring.SupportsHash(crypto.MD5SHA1) { + func prf10(result, secret, label, seed []byte) { ++ if boring.Enabled && boring.SupportsTLS1PRF() { + if err := boring.TLS1PRF(result, secret, label, seed, nil); err != nil { -+ return fmt.Errorf("crypto/tls: prf10: %v", err) ++ panic(boringPRFError{fmt.Errorf("crypto/tls: prf10: %v", err)}) + } -+ return nil ++ return + } hashSHA1 := sha1.New hashMD5 := md5.New -@@ -61,16 +68,24 @@ func prf10(result, secret, label, seed []byte) { - for i, b := range result2 { - result[i] ^= b - } -+ return nil - } - +@@ -66,6 +96,12 @@ func prf10(result, secret, label, seed []byte) { // prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. --func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { -- return func(result, secret, label, seed []byte) { -+func prf12(h crypto.Hash, hashFunc func() hash.Hash) func(result, secret, label, seed []byte) error { -+ return func(result, secret, label, seed []byte) error { -+ if boring.Enabled && boring.SupportsTLS1PRF() && boring.SupportsHash(h) { + func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { + return func(result, secret, label, seed []byte) { ++ if boring.Enabled && boring.SupportsTLS1PRF() { + if err := boring.TLS1PRF(result, secret, label, seed, hashFunc); err != nil { -+ return fmt.Errorf("crypto/tls: prf12: %v", err) ++ panic(boringPRFError{fmt.Errorf("crypto/tls: prf12: %v", err)}) + } -+ return nil ++ return + } labelAndSeed := make([]byte, len(label)+len(seed)) copy(labelAndSeed, label) copy(labelAndSeed[len(label):], seed) - - pHash(result, secret, labelAndSeed, hashFunc) -+ return nil - } - } - -@@ -85,56 +100,64 @@ var keyExpansionLabel = []byte("key expansion") - var clientFinishedLabel = []byte("client finished") - var serverFinishedLabel = []byte("server finished") - --func prfAndHashForVersion(version uint16, suite *cipherSuite) (func(result, secret, label, seed []byte), crypto.Hash) { -+func prfAndHashForVersion(version uint16, suite *cipherSuite) (func(result, secret, label, seed []byte) error, crypto.Hash) { - switch version { - case VersionTLS10, VersionTLS11: - return prf10, crypto.Hash(0) - case VersionTLS12: - if suite.flags&suiteSHA384 != 0 { -- return prf12(sha512.New384), crypto.SHA384 -+ h := crypto.SHA384 -+ return prf12(h, sha512.New384), h - } -- return prf12(sha256.New), crypto.SHA256 -+ h := crypto.SHA256 -+ return prf12(h, sha256.New), h - default: - panic("unknown version") - } - } - --func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) { -+func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) error { - prf, _ := prfAndHashForVersion(version, suite) - return prf - } - - // masterFromPreMasterSecret generates the master secret from the pre-master - // secret. See RFC 5246, Section 8.1. --func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte { -+func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) ([]byte, error) { - seed := make([]byte, 0, len(clientRandom)+len(serverRandom)) - seed = append(seed, clientRandom...) - seed = append(seed, serverRandom...) - - masterSecret := make([]byte, masterSecretLength) -- prfForVersion(version, suite)(masterSecret, preMasterSecret, masterSecretLabel, seed) -- return masterSecret -+ if err := prfForVersion(version, suite)(masterSecret, preMasterSecret, masterSecretLabel, seed); err != nil { -+ return nil, err -+ } -+ return masterSecret, nil - } - - // extMasterFromPreMasterSecret generates the extended master secret from the - // pre-master secret. See RFC 7627. --func extMasterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, transcript []byte) []byte { -+func extMasterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, transcript []byte) ([]byte, error) { - masterSecret := make([]byte, masterSecretLength) -- prfForVersion(version, suite)(masterSecret, preMasterSecret, extendedMasterSecretLabel, transcript) -- return masterSecret -+ if err := prfForVersion(version, suite)(masterSecret, preMasterSecret, extendedMasterSecretLabel, transcript); err != nil { -+ return nil, err -+ } -+ return masterSecret, nil - } - - // keysFromMasterSecret generates the connection keys from the master - // secret, given the lengths of the MAC key, cipher key and IV, as defined in - // RFC 2246, Section 6.3. --func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { -+func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte, err error) { - seed := make([]byte, 0, len(serverRandom)+len(clientRandom)) - seed = append(seed, serverRandom...) - seed = append(seed, clientRandom...) - - n := 2*macLen + 2*keyLen + 2*ivLen - keyMaterial := make([]byte, n) -- prfForVersion(version, suite)(keyMaterial, masterSecret, keyExpansionLabel, seed) -+ if err = prfForVersion(version, suite)(keyMaterial, masterSecret, keyExpansionLabel, seed); err != nil { -+ return -+ } - clientMAC = keyMaterial[:macLen] - keyMaterial = keyMaterial[macLen:] - serverMAC = keyMaterial[:macLen] -@@ -177,7 +200,7 @@ type finishedHash struct { - buffer []byte - - version uint16 -- prf func(result, secret, label, seed []byte) -+ prf func(result, secret, label, seed []byte) error - } - - func (h *finishedHash) Write(msg []byte) (n int, err error) { -@@ -208,18 +231,22 @@ func (h finishedHash) Sum() []byte { - - // clientSum returns the contents of the verify_data member of a client's - // Finished message. --func (h finishedHash) clientSum(masterSecret []byte) []byte { -+func (h finishedHash) clientSum(masterSecret []byte) ([]byte, error) { - out := make([]byte, finishedVerifyLength) -- h.prf(out, masterSecret, clientFinishedLabel, h.Sum()) -- return out -+ if err := h.prf(out, masterSecret, clientFinishedLabel, h.Sum()); err != nil { -+ return nil, err -+ } -+ return out, nil - } - - // serverSum returns the contents of the verify_data member of a server's - // Finished message. --func (h finishedHash) serverSum(masterSecret []byte) []byte { -+func (h finishedHash) serverSum(masterSecret []byte) ([]byte, error) { - out := make([]byte, finishedVerifyLength) -- h.prf(out, masterSecret, serverFinishedLabel, h.Sum()) -- return out -+ if err := h.prf(out, masterSecret, serverFinishedLabel, h.Sum()); err != nil { -+ return nil, err -+ } -+ return out, nil - } - - // hashForClientCertificate returns the handshake messages so far, pre-hashed if -@@ -293,7 +320,11 @@ func ekmFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clien - } - - keyMaterial := make([]byte, length) -- prfForVersion(version, suite)(keyMaterial, masterSecret, []byte(label), seed) -+ if err := prfForVersion(version, suite)(keyMaterial, masterSecret, []byte(label), seed); err != nil { -+ // Could happen if the seed is too large. The Go implementation doesn't limit the seed size, -+ // as RFC 5705 doesn't specify a limit, but stock OpenSSL restrict it to 1024 and CNG to 256. -+ return nil, err -+ } - return keyMaterial, nil - } - } -diff --git a/src/crypto/tls/prf_test.go b/src/crypto/tls/prf_test.go -index 8233985a62bd22..f46d4636557714 100644 ---- a/src/crypto/tls/prf_test.go -+++ b/src/crypto/tls/prf_test.go -@@ -51,13 +51,21 @@ func TestKeysFromPreMasterSecret(t *testing.T) { - clientRandom, _ := hex.DecodeString(test.clientRandom) - serverRandom, _ := hex.DecodeString(test.serverRandom) - -- masterSecret := masterFromPreMasterSecret(test.version, test.suite, in, clientRandom, serverRandom) -+ masterSecret, err := masterFromPreMasterSecret(test.version, test.suite, in, clientRandom, serverRandom) -+ if err != nil { -+ t.Errorf("#%d: masterFromPreMasterSecret failed: %s", i, err) -+ continue -+ } - if s := hex.EncodeToString(masterSecret); s != test.masterSecret { - t.Errorf("#%d: bad master secret %s, want %s", i, s, test.masterSecret) - continue - } - -- clientMAC, serverMAC, clientKey, serverKey, _, _ := keysFromMasterSecret(test.version, test.suite, masterSecret, clientRandom, serverRandom, test.macLen, test.keyLen, 0) -+ clientMAC, serverMAC, clientKey, serverKey, _, _, err := keysFromMasterSecret(test.version, test.suite, masterSecret, clientRandom, serverRandom, test.macLen, test.keyLen, 0) -+ if err != nil { -+ t.Errorf("#%d: keysFromMasterSecret failed: %s", i, err) -+ continue -+ } - clientMACString := hex.EncodeToString(clientMAC) - serverMACString := hex.EncodeToString(serverMAC) - clientKeyString := hex.EncodeToString(clientKey) diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go index 319ac61f49c994..1b2454dbaab264 100644 --- a/src/crypto/x509/boring_test.go From 5fce898d79dfb35178cd1e6e4abda55b61940664 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 13 Dec 2024 09:20:23 +0100 Subject: [PATCH 147/887] add panicBoringPRFError --- .../0002-Add-crypto-backend-foundation.patch | 22 +++++++++++-------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 607660e7419..d9ad171966a 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -55,7 +55,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_server.go | 10 +- src/crypto/tls/handshake_server_tls13.go | 10 + src/crypto/tls/key_schedule.go | 23 +- - src/crypto/tls/prf.go | 36 ++++ + src/crypto/tls/prf.go | 40 ++++ src/crypto/x509/boring_test.go | 5 + src/go/build/deps_test.go | 4 + src/hash/boring_test.go | 9 + @@ -63,7 +63,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1098 insertions(+), 73 deletions(-) + 59 files changed, 1107 insertions(+), 76 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -269,7 +269,7 @@ index 00000000000000..3be888a0104809 + } +} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..19f3a125017b61 100644 +index 4524bd492feba0..ff890b1d06aea2 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go @@ -18,7 +18,12 @@ import ( @@ -935,7 +935,7 @@ index 00000000000000..e5d7570d6d4363 +const isRequireFIPS = true diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..5a1f8da56d4fed +index 00000000000000..ffa8d38e5d490f --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,223 @@ @@ -1956,7 +1956,7 @@ index 1636baf79e7288..747c3c0883230c 100644 } diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go -index a7fa3370e66c82..e63daa3ed9f894 100644 +index a7fa3370e66c82..d34cd41f0891db 100644 --- a/src/crypto/tls/prf.go +++ b/src/crypto/tls/prf.go @@ -7,6 +7,7 @@ package tls @@ -1967,7 +1967,7 @@ index a7fa3370e66c82..e63daa3ed9f894 100644 "crypto/md5" "crypto/sha1" "crypto/sha256" -@@ -44,8 +45,37 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { +@@ -44,8 +45,41 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { } } @@ -1993,25 +1993,29 @@ index a7fa3370e66c82..e63daa3ed9f894 100644 + } + return nil +} ++ ++func panicBoringPRFError(err error) { ++ panic(boringPRFError{err}) ++} + // prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. func prf10(result, secret, label, seed []byte) { + if boring.Enabled && boring.SupportsTLS1PRF() { + if err := boring.TLS1PRF(result, secret, label, seed, nil); err != nil { -+ panic(boringPRFError{fmt.Errorf("crypto/tls: prf10: %v", err)}) ++ panicBoringPRFError(fmt.Errorf("crypto/tls: prf10: %v", err)) + } + return + } hashSHA1 := sha1.New hashMD5 := md5.New -@@ -66,6 +96,12 @@ func prf10(result, secret, label, seed []byte) { +@@ -66,6 +100,12 @@ func prf10(result, secret, label, seed []byte) { // prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { return func(result, secret, label, seed []byte) { + if boring.Enabled && boring.SupportsTLS1PRF() { + if err := boring.TLS1PRF(result, secret, label, seed, hashFunc); err != nil { -+ panic(boringPRFError{fmt.Errorf("crypto/tls: prf12: %v", err)}) ++ panicBoringPRFError(fmt.Errorf("crypto/tls: prf12: %v", err)) + } + return + } From cceccb2f72147bc338e39a5b85b3bf75ddabccb6 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 13 Dec 2024 12:38:17 +0100 Subject: [PATCH 148/887] consistently use systemcrypto as a build tag --- .../0002-Add-crypto-backend-foundation.patch | 257 ++++++++++++++-- patches/0004-Add-OpenSSL-crypto-backend.patch | 282 +----------------- patches/0005-Add-CNG-crypto-backend.patch | 282 +----------------- 3 files changed, 232 insertions(+), 589 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index d9ad171966a..c78c2535d0a 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -4,18 +4,20 @@ Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation --- + src/cmd/api/boring_test.go | 2 +- + src/cmd/go/go_boring_test.go | 2 +- src/crypto/aes/cipher.go | 2 +- src/crypto/aes/cipher_asm.go | 2 +- - src/crypto/boring/boring.go | 2 +- + src/crypto/boring/boring.go | 4 +- src/crypto/des/cipher.go | 7 + src/crypto/dsa/boring.go | 113 ++++++++++ src/crypto/dsa/dsa.go | 88 ++++++++ src/crypto/dsa/notboring.go | 16 ++ src/crypto/ecdh/ecdh.go | 2 +- src/crypto/ecdh/nist.go | 2 +- - src/crypto/ecdsa/boring.go | 4 +- + src/crypto/ecdsa/boring.go | 6 +- src/crypto/ecdsa/ecdsa.go | 4 +- - src/crypto/ecdsa/notboring.go | 2 +- + src/crypto/ecdsa/notboring.go | 4 +- src/crypto/ed25519/boring.go | 71 ++++++ src/crypto/ed25519/ed25519.go | 75 ++++++- src/crypto/ed25519/ed25519_test.go | 2 +- @@ -29,14 +31,17 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/internal/backend/nobackend.go | 223 +++++++++++++++++++ src/crypto/internal/backend/norequirefips.go | 9 + src/crypto/internal/backend/stub.s | 10 + + src/crypto/internal/boring/fipstls/stub.s | 2 +- + src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/md5/md5.go | 7 + src/crypto/md5/md5_test.go | 14 ++ src/crypto/purego_test.go | 2 +- src/crypto/rand/rand.go | 2 +- src/crypto/rand/rand_test.go | 2 +- src/crypto/rc4/rc4.go | 18 ++ - src/crypto/rsa/boring.go | 4 +- - src/crypto/rsa/notboring.go | 2 +- + src/crypto/rsa/boring.go | 6 +- + src/crypto/rsa/boring_test.go | 2 +- + src/crypto/rsa/notboring.go | 4 +- src/crypto/rsa/pkcs1v15.go | 10 +- src/crypto/rsa/pkcs1v15_test.go | 5 + src/crypto/rsa/pss.go | 8 +- @@ -49,21 +54,27 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/sha256/sha256_test.go | 20 +- src/crypto/sha512/sha512.go | 2 +- src/crypto/sha512/sha512_test.go | 20 +- - src/crypto/tls/boring_test.go | 5 + + src/crypto/tls/boring.go | 2 +- + src/crypto/tls/boring_test.go | 7 +- src/crypto/tls/cipher_suites.go | 2 +- + src/crypto/tls/fipsonly/fipsonly.go | 2 +- + src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- src/crypto/tls/handshake_client.go | 10 +- src/crypto/tls/handshake_server.go | 10 +- src/crypto/tls/handshake_server_tls13.go | 10 + src/crypto/tls/key_schedule.go | 23 +- + src/crypto/tls/notboring.go | 2 +- src/crypto/tls/prf.go | 40 ++++ - src/crypto/x509/boring_test.go | 5 + + src/crypto/x509/boring.go | 2 +- + src/crypto/x509/boring_test.go | 7 +- + src/crypto/x509/notboring.go | 2 +- src/go/build/deps_test.go | 4 + src/hash/boring_test.go | 9 + src/hash/marshal_test.go | 5 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 59 files changed, 1107 insertions(+), 76 deletions(-) + 70 files changed, 1125 insertions(+), 94 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -78,6 +89,32 @@ Subject: [PATCH] Add crypto backend foundation create mode 100644 src/hash/boring_test.go create mode 100644 src/hash/notboring_test.go +diff --git a/src/cmd/api/boring_test.go b/src/cmd/api/boring_test.go +index f0e3575637c62a..9eab3b4e66e60b 100644 +--- a/src/cmd/api/boring_test.go ++++ b/src/cmd/api/boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package main + +diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go +index ed0fbf3d53d75b..06478963f4be44 100644 +--- a/src/cmd/go/go_boring_test.go ++++ b/src/cmd/go/go_boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package main_test + diff --git a/src/crypto/aes/cipher.go b/src/crypto/aes/cipher.go index cde2e45d2ca559..cf47a4fc57d8e2 100644 --- a/src/crypto/aes/cipher.go @@ -105,9 +142,18 @@ index 3e5f589c2cdd0b..e9d3c0be11ef61 100644 "internal/goarch" ) diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go -index 097c37e343fdb8..1cf43edba40359 100644 +index 097c37e343fdb8..a5d603896d3890 100644 --- a/src/crypto/boring/boring.go +++ b/src/crypto/boring/boring.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Package boring exposes functions that are only available when building with + // Go+BoringCrypto. This package is available on all targets as long as the @@ -13,7 +13,7 @@ // is satisfied, so that applications can tag files that use this package. package boring @@ -151,7 +197,7 @@ index 04b73e7d3bf758..0891652a4566fb 100644 c.cipher1.generateSubkeys(key[:8]) diff --git a/src/crypto/dsa/boring.go b/src/crypto/dsa/boring.go new file mode 100644 -index 00000000000000..3be888a0104809 +index 00000000000000..7ea0c8c423e9ee --- /dev/null +++ b/src/crypto/dsa/boring.go @@ -0,0 +1,113 @@ @@ -159,7 +205,7 @@ index 00000000000000..3be888a0104809 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto ++//go:build goexperiment.systemcrypto + +package dsa + @@ -402,7 +448,7 @@ index 4524bd492feba0..ff890b1d06aea2 100644 +} diff --git a/src/crypto/dsa/notboring.go b/src/crypto/dsa/notboring.go new file mode 100644 -index 00000000000000..f8771d0189f990 +index 00000000000000..cd02ff5a00c3dc --- /dev/null +++ b/src/crypto/dsa/notboring.go @@ -0,0 +1,16 @@ @@ -410,7 +456,7 @@ index 00000000000000..f8771d0189f990 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto ++//go:build !goexperiment.systemcrypto + +package dsa + @@ -449,10 +495,16 @@ index b91e8f38a5a78e..2bb8f3486c8249 100644 "crypto/internal/randutil" "errors" diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go -index 275c60b4de49eb..61e70f981db4eb 100644 +index 275c60b4de49eb..ff8bddf28c4545 100644 --- a/src/crypto/ecdsa/boring.go +++ b/src/crypto/ecdsa/boring.go -@@ -7,8 +7,8 @@ +@@ -2,13 +2,13 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + package ecdsa import ( @@ -480,10 +532,15 @@ index 2179b01e8e3db5..9eb763cecfe687 100644 "crypto/internal/randutil" "crypto/sha512" diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go -index 039bd82ed21f9f..19188518e85e65 100644 +index 039bd82ed21f9f..69a97d9bf250be 100644 --- a/src/crypto/ecdsa/notboring.go +++ b/src/crypto/ecdsa/notboring.go -@@ -6,7 +6,7 @@ +@@ -2,11 +2,11 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto package ecdsa @@ -799,7 +856,7 @@ index 00000000000000..c2c06d3bff8c74 +} diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go new file mode 100644 -index 00000000000000..85bd3ed083f5b2 +index 00000000000000..20251a290dc2e0 --- /dev/null +++ b/src/crypto/internal/backend/bbig/big.go @@ -0,0 +1,17 @@ @@ -807,7 +864,7 @@ index 00000000000000..85bd3ed083f5b2 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto + +package bbig + @@ -1193,6 +1250,32 @@ index 00000000000000..5e4b436554d44d +// Having this assembly file keeps the go command +// from complaining about the missing body +// (because the implementation might be here). +diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s +index f2e5a503eaacb6..35cf7532625efb 100644 +--- a/src/crypto/internal/boring/fipstls/stub.s ++++ b/src/crypto/internal/boring/fipstls/stub.s +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // runtime_arg0 is declared in tls.go without a body. + // It's provided by package runtime, +diff --git a/src/crypto/internal/boring/fipstls/tls.go b/src/crypto/internal/boring/fipstls/tls.go +index b51f142fde8311..0ea6593743349b 100644 +--- a/src/crypto/internal/boring/fipstls/tls.go ++++ b/src/crypto/internal/boring/fipstls/tls.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. + // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go index c984c3f4968598..229dd457f8d53c 100644 --- a/src/crypto/md5/md5.go @@ -1368,10 +1451,16 @@ index 67452ec39f0fd4..47726d0ebe38d9 100644 return } diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go -index b9f9d3154f2589..ecb43aaf264743 100644 +index b9f9d3154f2589..d52faddef45549 100644 --- a/src/crypto/rsa/boring.go +++ b/src/crypto/rsa/boring.go -@@ -7,8 +7,8 @@ +@@ -2,13 +2,13 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + package rsa import ( @@ -1382,11 +1471,29 @@ index b9f9d3154f2589..ecb43aaf264743 100644 "crypto/internal/boring/bcache" "math/big" ) +diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go +index 2234d079f0d9e7..94ce18b2338416 100644 +--- a/src/crypto/rsa/boring_test.go ++++ b/src/crypto/rsa/boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Note: Can run these tests against the non-BoringCrypto + // version of the code by using "CGO_ENABLED=0 go test". diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go -index 2abc0436405f8a..34c22c8fbba7da 100644 +index 2abc0436405f8a..3e4d6f3eef61e6 100644 --- a/src/crypto/rsa/notboring.go +++ b/src/crypto/rsa/notboring.go -@@ -6,7 +6,7 @@ +@@ -2,11 +2,11 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto package rsa @@ -1815,10 +1922,32 @@ index fdad37b1863ae8..cf6e4c395cd4fb 100644 for i, test := range largeUnmarshalTests { h := New() +diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go +index c44ae92f2528f3..ddfec0c438265e 100644 +--- a/src/crypto/tls/boring.go ++++ b/src/crypto/tls/boring.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package tls + diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 56050421985927..dcbd33167e4499 100644 +index 56050421985927..863ad8d1faf810 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package tls + @@ -25,6 +25,11 @@ import ( "time" ) @@ -1844,6 +1973,32 @@ index 917a1eff42d34f..f6f57130b64f41 100644 "crypto/rc4" "crypto/sha1" "crypto/sha256" +diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go +index e5e47835e2f48d..7dccbc7c3d748a 100644 +--- a/src/crypto/tls/fipsonly/fipsonly.go ++++ b/src/crypto/tls/fipsonly/fipsonly.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Package fipsonly restricts all TLS configuration to FIPS-approved settings. + // +diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go +index f8485dc3ca1c29..d4915031340480 100644 +--- a/src/crypto/tls/fipsonly/fipsonly_test.go ++++ b/src/crypto/tls/fipsonly/fipsonly_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package fipsonly + diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go index 760e827f467f15..393c59ba8f1183 100644 --- a/src/crypto/tls/handshake_client.go @@ -1955,6 +2110,19 @@ index 1636baf79e7288..747c3c0883230c 100644 return hkdf.Extract(c.hash.New, newSecret, currentSecret) } +diff --git a/src/crypto/tls/notboring.go b/src/crypto/tls/notboring.go +index bdbc32e05b35dd..3bfe4096471910 100644 +--- a/src/crypto/tls/notboring.go ++++ b/src/crypto/tls/notboring.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto + + package tls + diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go index a7fa3370e66c82..d34cd41f0891db 100644 --- a/src/crypto/tls/prf.go @@ -2022,10 +2190,32 @@ index a7fa3370e66c82..d34cd41f0891db 100644 labelAndSeed := make([]byte, len(label)+len(seed)) copy(labelAndSeed, label) copy(labelAndSeed[len(label):], seed) +diff --git a/src/crypto/x509/boring.go b/src/crypto/x509/boring.go +index 095b58c31590d4..6b32417ea85657 100644 +--- a/src/crypto/x509/boring.go ++++ b/src/crypto/x509/boring.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package x509 + diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index 319ac61f49c994..1b2454dbaab264 100644 +index 319ac61f49c994..b5f52252fb3e37 100644 --- a/src/crypto/x509/boring_test.go +++ b/src/crypto/x509/boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package x509 + @@ -26,6 +26,11 @@ const ( boringCertFIPSOK = 0x80 ) @@ -2038,6 +2228,19 @@ index 319ac61f49c994..1b2454dbaab264 100644 func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey { t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) +diff --git a/src/crypto/x509/notboring.go b/src/crypto/x509/notboring.go +index c83a7272c9f01f..7f6e574dc0c2dc 100644 +--- a/src/crypto/x509/notboring.go ++++ b/src/crypto/x509/notboring.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto + + package x509 + diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index c6a2518f62ff3a..578b4d6f68504c 100644 --- a/src/go/build/deps_test.go @@ -2070,7 +2273,7 @@ index c6a2518f62ff3a..578b4d6f68504c 100644 < crypto/ed25519 diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go new file mode 100644 -index 00000000000000..b4cb21f3580737 +index 00000000000000..52748c44698076 --- /dev/null +++ b/src/hash/boring_test.go @@ -0,0 +1,9 @@ @@ -2078,7 +2281,7 @@ index 00000000000000..b4cb21f3580737 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.boringcrypto ++//go:build goexperiment.systemcrypto + +package hash_test + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 6e8bf27cac4..b113bd72f46 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -4,61 +4,28 @@ Date: Thu, 30 Jun 2022 10:06:19 +0200 Subject: [PATCH] Add OpenSSL crypto backend --- - src/cmd/api/boring_test.go | 2 +- src/cmd/dist/test.go | 3 +- - src/cmd/go/go_boring_test.go | 2 +- .../go/testdata/script/gopath_std_vendor.txt | 9 + src/cmd/link/internal/ld/lib.go | 1 + - src/crypto/boring/boring.go | 2 +- - src/crypto/ecdsa/boring.go | 2 +- - src/crypto/ecdsa/notboring.go | 2 +- - src/crypto/internal/backend/bbig/big.go | 2 +- .../internal/backend/bbig/big_openssl.go | 12 + src/crypto/internal/backend/openssl_linux.go | 371 ++++++++++++++++++ - src/crypto/internal/boring/fipstls/stub.s | 2 +- - src/crypto/internal/boring/fipstls/tls.go | 2 +- - src/crypto/rsa/boring.go | 2 +- - src/crypto/rsa/boring_test.go | 2 +- - src/crypto/rsa/notboring.go | 2 +- src/crypto/rsa/rsa_test.go | 3 + - src/crypto/tls/boring.go | 2 +- - src/crypto/tls/boring_test.go | 2 +- - src/crypto/tls/fipsonly/fipsonly.go | 2 +- - src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- src/crypto/tls/key_schedule.go | 1 + - src/crypto/tls/notboring.go | 2 +- - src/crypto/x509/boring.go | 2 +- - src/crypto/x509/boring_test.go | 2 +- - src/crypto/x509/notboring.go | 2 +- src/go.mod | 1 + src/go.sum | 2 + src/go/build/deps_test.go | 7 +- src/go/build/vendor_test.go | 1 + - src/hash/boring_test.go | 2 +- src/hash/notboring_test.go | 2 +- .../goexperiment/exp_opensslcrypto_off.go | 9 + .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 36 files changed, 456 insertions(+), 25 deletions(-) + 16 files changed, 436 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go -diff --git a/src/cmd/api/boring_test.go b/src/cmd/api/boring_test.go -index f0e3575637c62a..0e9aceeb832d3b 100644 ---- a/src/cmd/api/boring_test.go -+++ b/src/cmd/api/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package main - diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go index 0facfb579cb196..223472e20d24a5 100644 --- a/src/cmd/dist/test.go @@ -77,19 +44,6 @@ index 0facfb579cb196..223472e20d24a5 100644 // Static linking tests if goos != "android" && p != "netbsd/arm" { // TODO(#56629): Why does this fail on netbsd-arm? -diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go -index ed0fbf3d53d75b..5376227f74cfaa 100644 ---- a/src/cmd/go/go_boring_test.go -+++ b/src/cmd/go/go_boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package main_test - diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 --- a/src/cmd/go/testdata/script/gopath_std_vendor.txt @@ -121,58 +75,6 @@ index 0c37a1dc1f8c15..faf8a1874d5f28 100644 "crypto/internal/boring", "crypto/internal/boring/syso", "crypto/x509", -diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go -index 1cf43edba40359..7b04f14ebdd618 100644 ---- a/src/crypto/boring/boring.go -+++ b/src/crypto/boring/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - // Package boring exposes functions that are only available when building with - // Go+BoringCrypto. This package is available on all targets as long as the -diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go -index 61e70f981db4eb..602cb894e20d39 100644 ---- a/src/crypto/ecdsa/boring.go -+++ b/src/crypto/ecdsa/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package ecdsa - -diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go -index 19188518e85e65..3cc16ecab567a0 100644 ---- a/src/crypto/ecdsa/notboring.go -+++ b/src/crypto/ecdsa/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto - - package ecdsa - -diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go -index 85bd3ed083f5b2..51bc3c68048d51 100644 ---- a/src/crypto/internal/backend/bbig/big.go -+++ b/src/crypto/internal/backend/bbig/big.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto - - package bbig - diff --git a/src/crypto/internal/backend/bbig/big_openssl.go b/src/crypto/internal/backend/bbig/big_openssl.go new file mode 100644 index 00000000000000..e6695dd66b1d02 @@ -568,71 +470,6 @@ index 00000000000000..57af729e1458f5 + + return openssl.VerifyDSA(pub, hashed, sig) +} -diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s -index f2e5a503eaacb6..1dc7116efdff2e 100644 ---- a/src/crypto/internal/boring/fipstls/stub.s -+++ b/src/crypto/internal/boring/fipstls/stub.s -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - // runtime_arg0 is declared in tls.go without a body. - // It's provided by package runtime, -diff --git a/src/crypto/internal/boring/fipstls/tls.go b/src/crypto/internal/boring/fipstls/tls.go -index b51f142fde8311..f5b4827c688f3b 100644 ---- a/src/crypto/internal/boring/fipstls/tls.go -+++ b/src/crypto/internal/boring/fipstls/tls.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. - // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent -diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go -index ecb43aaf264743..220f8c05c3d94b 100644 ---- a/src/crypto/rsa/boring.go -+++ b/src/crypto/rsa/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package rsa - -diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go -index 2234d079f0d9e7..82a9d220e139af 100644 ---- a/src/crypto/rsa/boring_test.go -+++ b/src/crypto/rsa/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - // Note: Can run these tests against the non-BoringCrypto - // version of the code by using "CGO_ENABLED=0 go test". -diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go -index 34c22c8fbba7da..933ac569e034a8 100644 ---- a/src/crypto/rsa/notboring.go -+++ b/src/crypto/rsa/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto - - package rsa - diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go index c6294694521c69..ab99b176ac9540 100644 --- a/src/crypto/rsa/rsa_test.go @@ -647,58 +484,6 @@ index c6294694521c69..ab99b176ac9540 100644 random := rand.Reader msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} -diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go -index c44ae92f2528f3..698efc6751e12c 100644 ---- a/src/crypto/tls/boring.go -+++ b/src/crypto/tls/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package tls - -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index dcbd33167e4499..1f577fd1d4d9ec 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package tls - -diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go -index e5e47835e2f48d..1a94656dfee6dd 100644 ---- a/src/crypto/tls/fipsonly/fipsonly.go -+++ b/src/crypto/tls/fipsonly/fipsonly.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - // Package fipsonly restricts all TLS configuration to FIPS-approved settings. - // -diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go -index f8485dc3ca1c29..9c1d3d279c472f 100644 ---- a/src/crypto/tls/fipsonly/fipsonly_test.go -+++ b/src/crypto/tls/fipsonly/fipsonly_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package fipsonly - diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go index 747c3c0883230c..ee9274bb63b9b4 100644 --- a/src/crypto/tls/key_schedule.go @@ -711,58 +496,6 @@ index 747c3c0883230c..ee9274bb63b9b4 100644 "crypto/internal/mlkem768" "errors" "fmt" -diff --git a/src/crypto/tls/notboring.go b/src/crypto/tls/notboring.go -index bdbc32e05b35dd..36b4ceab0046c6 100644 ---- a/src/crypto/tls/notboring.go -+++ b/src/crypto/tls/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto - - package tls - -diff --git a/src/crypto/x509/boring.go b/src/crypto/x509/boring.go -index 095b58c31590d4..9aec21dbcd3bff 100644 ---- a/src/crypto/x509/boring.go -+++ b/src/crypto/x509/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package x509 - -diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index 1b2454dbaab264..8cfc61049d0a08 100644 ---- a/src/crypto/x509/boring_test.go -+++ b/src/crypto/x509/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto - - package x509 - -diff --git a/src/crypto/x509/notboring.go b/src/crypto/x509/notboring.go -index c83a7272c9f01f..a0548a7f9179c5 100644 ---- a/src/crypto/x509/notboring.go -+++ b/src/crypto/x509/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto - - package x509 - diff --git a/src/go.mod b/src/go.mod index df27f25e789f05..30e45951c763fa 100644 --- a/src/go.mod @@ -836,19 +569,6 @@ index 7f6237ffd59c11..7c821ae4bc5727 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go -index b4cb21f3580737..ff24d12966e22f 100644 ---- a/src/hash/boring_test.go -+++ b/src/hash/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build goexperiment.boringcrypto -+//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto - - package hash_test - diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go index 0f289915be6daa..bd935326bf7305 100644 --- a/src/hash/notboring_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 8f454e0bd65..71389724783 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -4,88 +4,29 @@ Date: Tue, 19 Jul 2022 15:58:02 +0200 Subject: [PATCH] Add CNG crypto backend --- - src/cmd/api/boring_test.go | 2 +- - src/cmd/go/go_boring_test.go | 2 +- - src/crypto/boring/boring.go | 2 +- src/crypto/ecdsa/badlinkname.go | 17 + - src/crypto/ecdsa/boring.go | 2 +- - src/crypto/ecdsa/notboring.go | 2 +- src/crypto/internal/backend/backend_test.go | 4 +- - src/crypto/internal/backend/bbig/big.go | 2 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + src/crypto/internal/backend/cng_windows.go | 317 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- - src/crypto/internal/boring/fipstls/stub.s | 2 +- - src/crypto/internal/boring/fipstls/tls.go | 2 +- - src/crypto/rsa/boring.go | 2 +- - src/crypto/rsa/boring_test.go | 2 +- - src/crypto/rsa/notboring.go | 2 +- src/crypto/rsa/pss.go | 2 +- src/crypto/rsa/pss_test.go | 2 +- - src/crypto/tls/boring.go | 2 +- - src/crypto/tls/boring_test.go | 2 +- - src/crypto/tls/fipsonly/fipsonly.go | 2 +- - src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- - src/crypto/tls/notboring.go | 2 +- - src/crypto/x509/boring.go | 2 +- - src/crypto/x509/boring_test.go | 2 +- - src/crypto/x509/notboring.go | 2 +- src/go.mod | 1 + src/go.sum | 2 + src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + - src/hash/boring_test.go | 2 +- src/hash/example_test.go | 2 + src/hash/notboring_test.go | 2 +- .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 36 files changed, 412 insertions(+), 27 deletions(-) + 16 files changed, 392 insertions(+), 7 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go create mode 100644 src/internal/goexperiment/exp_cngcrypto_off.go create mode 100644 src/internal/goexperiment/exp_cngcrypto_on.go -diff --git a/src/cmd/api/boring_test.go b/src/cmd/api/boring_test.go -index 0e9aceeb832d3b..aecf81b09c8ad3 100644 ---- a/src/cmd/api/boring_test.go -+++ b/src/cmd/api/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package main - -diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go -index 5376227f74cfaa..492ccf79d66b45 100644 ---- a/src/cmd/go/go_boring_test.go -+++ b/src/cmd/go/go_boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package main_test - -diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go -index 7b04f14ebdd618..8bdafb72f2c51a 100644 ---- a/src/crypto/boring/boring.go -+++ b/src/crypto/boring/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - // Package boring exposes functions that are only available when building with - // Go+BoringCrypto. This package is available on all targets as long as the diff --git a/src/crypto/ecdsa/badlinkname.go b/src/crypto/ecdsa/badlinkname.go new file mode 100644 index 00000000000000..0d00b7bb3a7fc8 @@ -109,32 +50,6 @@ index 00000000000000..0d00b7bb3a7fc8 +// This supplements other linknames that are already added by +// https://github.com/golang/go/commit/41aab30bd260297ad8ddad47e98fdf8390a9a67e +// See that commit for more information. -diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go -index 602cb894e20d39..bf9e77e06599f0 100644 ---- a/src/crypto/ecdsa/boring.go -+++ b/src/crypto/ecdsa/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package ecdsa - -diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go -index 3cc16ecab567a0..dbbc6e3897e153 100644 ---- a/src/crypto/ecdsa/notboring.go -+++ b/src/crypto/ecdsa/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto && !goexperiment.opensslcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto - - package ecdsa - diff --git a/src/crypto/internal/backend/backend_test.go b/src/crypto/internal/backend/backend_test.go index c2c06d3bff8c74..837cff477e257e 100644 --- a/src/crypto/internal/backend/backend_test.go @@ -150,19 +65,6 @@ index c2c06d3bff8c74..837cff477e257e 100644 // Test that Unreachable panics. func TestUnreachable(t *testing.T) { -diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go -index 51bc3c68048d51..15f9833c9fcd20 100644 ---- a/src/crypto/internal/backend/bbig/big.go -+++ b/src/crypto/internal/backend/bbig/big.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto && !goexperiment.opensslcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto - - package bbig - diff --git a/src/crypto/internal/backend/bbig/big_cng.go b/src/crypto/internal/backend/bbig/big_cng.go new file mode 100644 index 00000000000000..92623031fd87d0 @@ -532,71 +434,6 @@ index bc595e91024f11..7766d674f5cfaf 100644 + } + return true +} -diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s -index 1dc7116efdff2e..b4c321d1d2babb 100644 ---- a/src/crypto/internal/boring/fipstls/stub.s -+++ b/src/crypto/internal/boring/fipstls/stub.s -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - // runtime_arg0 is declared in tls.go without a body. - // It's provided by package runtime, -diff --git a/src/crypto/internal/boring/fipstls/tls.go b/src/crypto/internal/boring/fipstls/tls.go -index f5b4827c688f3b..12df96069f6b83 100644 ---- a/src/crypto/internal/boring/fipstls/tls.go -+++ b/src/crypto/internal/boring/fipstls/tls.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. - // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent -diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go -index 220f8c05c3d94b..dd20b4af2e0472 100644 ---- a/src/crypto/rsa/boring.go -+++ b/src/crypto/rsa/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package rsa - -diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go -index 82a9d220e139af..c3860f8d698bc3 100644 ---- a/src/crypto/rsa/boring_test.go -+++ b/src/crypto/rsa/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - // Note: Can run these tests against the non-BoringCrypto - // version of the code by using "CGO_ENABLED=0 go test". -diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go -index 933ac569e034a8..0f152b210fdd84 100644 ---- a/src/crypto/rsa/notboring.go -+++ b/src/crypto/rsa/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto && !goexperiment.opensslcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto - - package rsa - diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go index 4aac87d7952081..010ee1467501c3 100644 --- a/src/crypto/rsa/pss.go @@ -623,110 +460,6 @@ index 2c82f50adf38b8..33630f14dcc8d4 100644 if err != nil { t.Fatal(err) } -diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go -index 698efc6751e12c..575d51b02298c8 100644 ---- a/src/crypto/tls/boring.go -+++ b/src/crypto/tls/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package tls - -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 1f577fd1d4d9ec..3cdde9780352a4 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package tls - -diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go -index 1a94656dfee6dd..d7d1441ed319be 100644 ---- a/src/crypto/tls/fipsonly/fipsonly.go -+++ b/src/crypto/tls/fipsonly/fipsonly.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - // Package fipsonly restricts all TLS configuration to FIPS-approved settings. - // -diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go -index 9c1d3d279c472f..0ca7a863b73690 100644 ---- a/src/crypto/tls/fipsonly/fipsonly_test.go -+++ b/src/crypto/tls/fipsonly/fipsonly_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package fipsonly - -diff --git a/src/crypto/tls/notboring.go b/src/crypto/tls/notboring.go -index 36b4ceab0046c6..c87df4ad695f1b 100644 ---- a/src/crypto/tls/notboring.go -+++ b/src/crypto/tls/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto && !goexperiment.opensslcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto - - package tls - -diff --git a/src/crypto/x509/boring.go b/src/crypto/x509/boring.go -index 9aec21dbcd3bff..05324f731bedc4 100644 ---- a/src/crypto/x509/boring.go -+++ b/src/crypto/x509/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package x509 - -diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index 8cfc61049d0a08..8948d51dfabd20 100644 ---- a/src/crypto/x509/boring_test.go -+++ b/src/crypto/x509/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto || goexperiment.opensslcrypto -+//go:build boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package x509 - -diff --git a/src/crypto/x509/notboring.go b/src/crypto/x509/notboring.go -index a0548a7f9179c5..ae6117a1554b7f 100644 ---- a/src/crypto/x509/notboring.go -+++ b/src/crypto/x509/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto && !goexperiment.opensslcrypto -+//go:build !boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto - - package x509 - diff --git a/src/go.mod b/src/go.mod index 30e45951c763fa..0209eeb6b8642c 100644 --- a/src/go.mod @@ -786,19 +519,6 @@ index 7c821ae4bc5727..1d0b9b20e9b1d4 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go -index ff24d12966e22f..a5242cca089049 100644 ---- a/src/hash/boring_test.go -+++ b/src/hash/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto -+//go:build goexperiment.boringcrypto || goexperiment.opensslcrypto || goexperiment.cngcrypto - - package hash_test - diff --git a/src/hash/example_test.go b/src/hash/example_test.go index f07b9aaa2c4898..2ff6c4827391c0 100644 --- a/src/hash/example_test.go From 8db686641ac868e8b936722005847f7ece870f3a Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 13 Dec 2024 12:53:40 +0100 Subject: [PATCH 149/887] remove missed translation --- patches/0002-Add-crypto-backend-foundation.patch | 4 ++-- patches/0004-Add-OpenSSL-crypto-backend.patch | 16 +--------------- patches/0005-Add-CNG-crypto-backend.patch | 16 +--------------- 3 files changed, 4 insertions(+), 32 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index c78c2535d0a..0b7aae1354b 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -2304,7 +2304,7 @@ index 3091f7a67acede..fead8cc4bec73a 100644 diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go new file mode 100644 -index 00000000000000..0f289915be6daa +index 00000000000000..11dc691600b110 --- /dev/null +++ b/src/hash/notboring_test.go @@ -0,0 +1,9 @@ @@ -2312,7 +2312,7 @@ index 00000000000000..0f289915be6daa +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build !goexperiment.boringcrypto ++//go:build !goexperiment.systemcrypto + +package hash_test + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index b113bd72f46..a704ba4ee88 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -15,12 +15,11 @@ Subject: [PATCH] Add OpenSSL crypto backend src/go.sum | 2 + src/go/build/deps_test.go | 7 +- src/go/build/vendor_test.go | 1 + - src/hash/notboring_test.go | 2 +- .../goexperiment/exp_opensslcrypto_off.go | 9 + .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 16 files changed, 436 insertions(+), 5 deletions(-) + 15 files changed, 435 insertions(+), 4 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go @@ -569,19 +568,6 @@ index 7f6237ffd59c11..7c821ae4bc5727 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go -index 0f289915be6daa..bd935326bf7305 100644 ---- a/src/hash/notboring_test.go -+++ b/src/hash/notboring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !goexperiment.boringcrypto -+//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto - - package hash_test - diff --git a/src/internal/goexperiment/exp_opensslcrypto_off.go b/src/internal/goexperiment/exp_opensslcrypto_off.go new file mode 100644 index 00000000000000..62033547c6143a diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 71389724783..efed82b61f2 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -16,11 +16,10 @@ Subject: [PATCH] Add CNG crypto backend src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + src/hash/example_test.go | 2 + - src/hash/notboring_test.go | 2 +- .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 16 files changed, 392 insertions(+), 7 deletions(-) + 15 files changed, 391 insertions(+), 6 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -532,19 +531,6 @@ index f07b9aaa2c4898..2ff6c4827391c0 100644 package hash_test import ( -diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go -index bd935326bf7305..40c84700690612 100644 ---- a/src/hash/notboring_test.go -+++ b/src/hash/notboring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto -+//go:build !goexperiment.boringcrypto && !goexperiment.opensslcrypto && !goexperiment.cngcrypto - - package hash_test - diff --git a/src/internal/goexperiment/exp_cngcrypto_off.go b/src/internal/goexperiment/exp_cngcrypto_off.go new file mode 100644 index 00000000000000..831460053281e2 From 2500b7f416565750fd00874036e2970800b0d2e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Dec 2024 11:10:46 -0800 Subject: [PATCH 150/887] build(deps): bump github/codeql-action from 3.27.7 to 3.27.9 (#1442) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.7 to 3.27.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/babb554ede22fd5605947329c4d04d8e7a0b8155...df409f7d9260372bd5f19e5b04e83cb3c43714ae) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b73ed2b0374..c74a170d4ac 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 + uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 + uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@babb554ede22fd5605947329c4d04d8e7a0b8155 # v3.27.7 + uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: category: /language:go From 38107822fac61872d7e6f216834c304f4a272b23 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 12 Dec 2024 13:40:12 +0100 Subject: [PATCH 151/887] move FIPS enabled logic to its own package --- .../0002-Add-crypto-backend-foundation.patch | 221 +++++++++++++----- .../0003-Add-BoringSSL-crypto-backend.patch | 21 +- patches/0004-Add-OpenSSL-crypto-backend.patch | 139 +++++------ patches/0005-Add-CNG-crypto-backend.patch | 75 ++++-- 4 files changed, 303 insertions(+), 153 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 0b7aae1354b..461bc71c991 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -26,13 +26,15 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/hmac/hmac_test.go | 2 +- src/crypto/internal/backend/backend_test.go | 30 +++ src/crypto/internal/backend/bbig/big.go | 17 ++ - src/crypto/internal/backend/common.go | 92 ++++++++ - src/crypto/internal/backend/isrequirefips.go | 9 + + src/crypto/internal/backend/common.go | 68 ++++++ + .../backend/fips140/fips140.go | 55 +++++ + .../backend/fips140/isrequirefips.go | 9 + + .../backend/fips140/norequirefips.go | 9 + + .../backend/fips140/nosystemcrypto.go | 11 + src/crypto/internal/backend/nobackend.go | 223 +++++++++++++++++++ - src/crypto/internal/backend/norequirefips.go | 9 + src/crypto/internal/backend/stub.s | 10 + src/crypto/internal/boring/fipstls/stub.s | 2 +- - src/crypto/internal/boring/fipstls/tls.go | 2 +- + src/crypto/internal/boring/fipstls/tls.go | 7 +- src/crypto/md5/md5.go | 7 + src/crypto/md5/md5_test.go | 14 ++ src/crypto/purego_test.go | 2 +- @@ -68,13 +70,13 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/x509/boring.go | 2 +- src/crypto/x509/boring_test.go | 7 +- src/crypto/x509/notboring.go | 2 +- - src/go/build/deps_test.go | 4 + + src/go/build/deps_test.go | 11 +- src/hash/boring_test.go | 9 + src/hash/marshal_test.go | 5 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 +++--- src/runtime/runtime_boring.go | 5 + - 70 files changed, 1125 insertions(+), 94 deletions(-) + 73 files changed, 1180 insertions(+), 95 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -82,9 +84,11 @@ Subject: [PATCH] Add crypto backend foundation create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/bbig/big.go create mode 100644 src/crypto/internal/backend/common.go - create mode 100644 src/crypto/internal/backend/isrequirefips.go + create mode 100644 src/crypto/internal/backend/fips140/fips140.go + create mode 100644 src/crypto/internal/backend/fips140/isrequirefips.go + create mode 100644 src/crypto/internal/backend/fips140/norequirefips.go + create mode 100644 src/crypto/internal/backend/fips140/nosystemcrypto.go create mode 100644 src/crypto/internal/backend/nobackend.go - create mode 100644 src/crypto/internal/backend/norequirefips.go create mode 100644 src/crypto/internal/backend/stub.s create mode 100644 src/hash/boring_test.go create mode 100644 src/hash/notboring_test.go @@ -879,10 +883,10 @@ index 00000000000000..20251a290dc2e0 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..bc595e91024f11 +index 00000000000000..07d965bf8b467c --- /dev/null +++ b/src/crypto/internal/backend/common.go -@@ -0,0 +1,92 @@ +@@ -0,0 +1,68 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -890,47 +894,23 @@ index 00000000000000..bc595e91024f11 +package backend + +import ( ++ "crypto/internal/backend/fips140" + "crypto/internal/boring/sig" + "internal/goexperiment" + "runtime" -+ "syscall" +) + +func init() { -+ if v, r, ok := envGoFIPS(); ok && v == "1" { ++ if fips140.Enabled() { + if !Enabled { + if runtime.GOOS != "linux" && runtime.GOOS != "windows" { -+ panic("FIPS mode requested (" + r + ") but no crypto backend is supported on " + runtime.GOOS) ++ panic("FIPS mode requested (" + fips140.Message + ") but no crypto backend is supported on " + runtime.GOOS) + } -+ panic("FIPS mode requested (" + r + ") but no supported crypto backend is enabled") ++ panic("FIPS mode requested (" + fips140.Message + ") but no supported crypto backend is enabled") + } + } +} + -+func envGoFIPS() (value string, reason string, ok bool) { -+ // TODO: Decide which environment variable to use. -+ // See https://github.com/microsoft/go/issues/397. -+ var varName string -+ if value, ok = syscall.Getenv("GOFIPS"); ok { -+ varName = "GOFIPS" -+ } else if value, ok = syscall.Getenv("GOLANG_FIPS"); ok { -+ varName = "GOLANG_FIPS" -+ } -+ if isRequireFIPS { -+ if ok && value != "1" { -+ panic("the 'requirefips' build tag is enabled, but it conflicts " + -+ "with the detected env variable " + -+ varName + "=" + value + -+ " which would disable FIPS mode") -+ } -+ return "1", "requirefips tag set", true -+ } -+ if ok { -+ return value, "environment variable " + varName + "=1", true -+ } -+ return "", "", false -+} -+ +// Unreachable marks code that should be unreachable +// when backend is in use. +func Unreachable() { @@ -975,21 +955,117 @@ index 00000000000000..bc595e91024f11 + // Given the above reasons, we only support 2-prime RSA keys. + return primes == 2 +} -diff --git a/src/crypto/internal/backend/isrequirefips.go b/src/crypto/internal/backend/isrequirefips.go +diff --git a/src/crypto/internal/backend/fips140/fips140.go b/src/crypto/internal/backend/fips140/fips140.go +new file mode 100644 +index 00000000000000..f54d39970319af +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/fips140.go +@@ -0,0 +1,55 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package fips140 ++ ++import "syscall" ++ ++// Enabled reports whether FIPS 140 mode is enabled by using GOFIPS=1, GOLANG_FIPS=1, ++// the 'requirefips' build tag, or any other platform-specific mechanism. ++func Enabled() bool { ++ return enabled ++} ++ ++var enabled bool ++ ++// Disabled reports whether FIPS 140 mode is disabled by using GOFIPS=0 or GOLANG_FIPS=0. ++func Disabled() bool { ++ return disabled ++} ++ ++var disabled bool ++ ++// Message is a human-readable message about how [Enabled] was set. ++var Message string ++ ++func init() { ++ // TODO: Decide which environment variable to use. ++ // See https://github.com/microsoft/go/issues/397. ++ var value string ++ var ok bool ++ if value, ok = syscall.Getenv("GOFIPS"); ok { ++ Message = "environment variable GOFIPS" ++ } else if value, ok = syscall.Getenv("GOLANG_FIPS"); ok { ++ Message = "environment variable GOLANG_FIPS" ++ } else if systemFIPSMode() { ++ Message = "system FIPS mode" ++ value = "1" ++ } ++ if value == "1" { ++ enabled = true ++ } else if value == "0" { ++ disabled = true ++ } ++ if isRequireFIPS { ++ if disabled { ++ panic("the 'requirefips' build tag is enabled, but it conflicts " + ++ "with the " + Message + "=" + value + ++ " which would disable FIPS mode") ++ } ++ Message = "requirefips tag set" ++ enabled = true ++ return ++ } ++} +\ No newline at end of file +diff --git a/src/crypto/internal/backend/fips140/isrequirefips.go b/src/crypto/internal/backend/fips140/isrequirefips.go new file mode 100644 -index 00000000000000..e5d7570d6d4363 +index 00000000000000..b33d08c84e2dae --- /dev/null -+++ b/src/crypto/internal/backend/isrequirefips.go ++++ b/src/crypto/internal/backend/fips140/isrequirefips.go @@ -0,0 +1,9 @@ -+// Copyright 2022 The Go Authors. All rights reserved. ++// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build requirefips + -+package backend ++package fips140 + +const isRequireFIPS = true +\ No newline at end of file +diff --git a/src/crypto/internal/backend/fips140/norequirefips.go b/src/crypto/internal/backend/fips140/norequirefips.go +new file mode 100644 +index 00000000000000..6f01b9a3524dee +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/norequirefips.go +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !requirefips ++ ++package fips140 ++ ++const isRequireFIPS = false +\ No newline at end of file +diff --git a/src/crypto/internal/backend/fips140/nosystemcrypto.go b/src/crypto/internal/backend/fips140/nosystemcrypto.go +new file mode 100644 +index 00000000000000..83691d7dd42d51 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/nosystemcrypto.go +@@ -0,0 +1,11 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !goexperiment.systemcrypto ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 index 00000000000000..ffa8d38e5d490f @@ -1219,21 +1295,6 @@ index 00000000000000..ffa8d38e5d490f +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt, encodeSignature func(r, s BigInt) ([]byte, error)) bool { + panic("cryptobackend: not available") +} -diff --git a/src/crypto/internal/backend/norequirefips.go b/src/crypto/internal/backend/norequirefips.go -new file mode 100644 -index 00000000000000..26bfb5f6a643f3 ---- /dev/null -+++ b/src/crypto/internal/backend/norequirefips.go -@@ -0,0 +1,9 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !requirefips -+ -+package backend -+ -+const isRequireFIPS = false diff --git a/src/crypto/internal/backend/stub.s b/src/crypto/internal/backend/stub.s new file mode 100644 index 00000000000000..5e4b436554d44d @@ -1264,7 +1325,7 @@ index f2e5a503eaacb6..35cf7532625efb 100644 // runtime_arg0 is declared in tls.go without a body. // It's provided by package runtime, diff --git a/src/crypto/internal/boring/fipstls/tls.go b/src/crypto/internal/boring/fipstls/tls.go -index b51f142fde8311..0ea6593743349b 100644 +index b51f142fde8311..108b52d9d8fcb7 100644 --- a/src/crypto/internal/boring/fipstls/tls.go +++ b/src/crypto/internal/boring/fipstls/tls.go @@ -2,7 +2,7 @@ @@ -1276,6 +1337,26 @@ index b51f142fde8311..0ea6593743349b 100644 // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent +@@ -10,12 +10,19 @@ + package fipstls + + import ( ++ "crypto/internal/backend/fips140" + "internal/stringslite" + "sync/atomic" + ) + + var required atomic.Bool + ++func init() { ++ if fips140.Enabled() { ++ Force() ++ } ++} ++ + // Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings. + // By design, this call is impossible to undo (except in tests). + // diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go index c984c3f4968598..229dd457f8d53c 100644 --- a/src/crypto/md5/md5.go @@ -2242,10 +2323,22 @@ index c83a7272c9f01f..7f6e574dc0c2dc 100644 package x509 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index c6a2518f62ff3a..578b4d6f68504c 100644 +index c6a2518f62ff3a..6c7229b41c825e 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -464,7 +464,9 @@ var depsRules = ` +@@ -457,14 +457,20 @@ var depsRules = ` + < crypto/internal/fips/hmac + < FIPS; + ++ syscall < crypto/internal/backend/fips140; ++ + NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; +- sync/atomic < crypto/internal/boring/bcache, crypto/internal/boring/fipstls; ++ sync/atomic, ++ crypto/internal/backend/fips140 ++ < crypto/internal/boring/bcache, crypto/internal/boring/fipstls; + crypto/internal/boring/sig, crypto/internal/boring/fipstls < crypto/tls/fipsonly; + # CRYPTO is core crypto algorithms - no cgo, fmt, net. FIPS, crypto/internal/boring/sig, @@ -2255,15 +2348,17 @@ index c6a2518f62ff3a..578b4d6f68504c 100644 golang.org/x/sys/cpu, hash, embed < crypto -@@ -475,6 +477,7 @@ var depsRules = ` +@@ -474,7 +480,9 @@ var depsRules = ` + crypto/cipher, crypto/internal/boring/bcache ++ crypto/internal/backend/fips140 < crypto/internal/boring + < crypto/internal/backend < crypto/boring; crypto/internal/alias, math/rand/v2 -@@ -512,6 +515,7 @@ var depsRules = ` +@@ -512,6 +520,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index a9449fa8184..8a7c0aaa2df 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -6,9 +6,11 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + src/crypto/internal/backend/boring_linux.go | 257 ++++++++++++++++++ - 2 files changed, 270 insertions(+) + src/crypto/internal/backend/fips140/boring.go | 11 + + 3 files changed, 281 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go + create mode 100644 src/crypto/internal/backend/fips140/boring.go diff --git a/src/crypto/internal/backend/bbig/big_boring.go b/src/crypto/internal/backend/bbig/big_boring.go new file mode 100644 @@ -291,3 +293,20 @@ index 00000000000000..31e57a8dffd4c3 +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt, encodeSignature func(r, s boring.BigInt) ([]byte, error)) bool { + panic("cryptobackend: not available") +} +diff --git a/src/crypto/internal/backend/fips140/boring.go b/src/crypto/internal/backend/fips140/boring.go +new file mode 100644 +index 00000000000000..3b583dc0eb0235 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/boring.go +@@ -0,0 +1,11 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.boringcrypto ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index a704ba4ee88..20b7b606716 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -8,19 +8,20 @@ Subject: [PATCH] Add OpenSSL crypto backend .../go/testdata/script/gopath_std_vendor.txt | 9 + src/cmd/link/internal/ld/lib.go | 1 + .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/openssl_linux.go | 371 ++++++++++++++++++ - src/crypto/rsa/rsa_test.go | 3 + + .../internal/backend/fips140/openssl.go | 41 +++ + src/crypto/internal/backend/openssl_linux.go | 323 ++++++++++++++++++ src/crypto/tls/key_schedule.go | 1 + src/go.mod | 1 + src/go.sum | 2 + - src/go/build/deps_test.go | 7 +- + src/go/build/deps_test.go | 9 +- src/go/build/vendor_test.go | 1 + .../goexperiment/exp_opensslcrypto_off.go | 9 + .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 15 files changed, 435 insertions(+), 4 deletions(-) + 16 files changed, 429 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go + create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go @@ -92,12 +93,59 @@ index 00000000000000..e6695dd66b1d02 + +var Enc = bbig.Enc +var Dec = bbig.Dec +diff --git a/src/crypto/internal/backend/fips140/openssl.go b/src/crypto/internal/backend/fips140/openssl.go +new file mode 100644 +index 00000000000000..118efa3a492a7d +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/openssl.go +@@ -0,0 +1,41 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto ++ ++package fips140 ++ ++import "syscall" ++ ++func systemFIPSMode() bool { ++ var fd int ++ for { ++ var err error ++ fd, err = syscall.Open("/proc/sys/crypto/fips_enabled", syscall.O_RDONLY, 0) ++ if err == nil { ++ break ++ } ++ switch err { ++ case syscall.EINTR: ++ continue ++ case syscall.ENOENT: ++ return false ++ default: ++ // If there is an error reading we could either panic or assume FIPS is not enabled. ++ // Panicking would be too disruptive for apps that don't require FIPS. ++ // If an app wants to be 100% sure that is running in FIPS mode ++ // it should use boring.Enabled() or GOFIPS=1. ++ return false ++ } ++ } ++ defer syscall.Close(fd) ++ var tmp [1]byte ++ n, err := syscall.Read(fd, tmp[:]) ++ if n != 1 || err != nil { ++ // We return false instead of panicing for the same reason as before. ++ return false ++ } ++ // fips_enabled can be either '0' or '1'. ++ return tmp[0] == '1' ++} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..57af729e1458f5 +index 00000000000000..bccf529a4bcfac --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,371 @@ +@@ -0,0 +1,323 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -112,7 +160,7 @@ index 00000000000000..57af729e1458f5 +import ( + "crypto" + "crypto/cipher" -+ "crypto/internal/boring/fipstls" ++ "crypto/internal/backend/fips140" + "crypto/internal/boring/sig" + "hash" + "syscall" @@ -163,68 +211,20 @@ index 00000000000000..57af729e1458f5 + if err := openssl.Init(lcrypto); err != nil { + panic("opensslcrypto: can't initialize OpenSSL " + lcrypto + ": " + err.Error()) + } -+ // 0: FIPS opt-out: abort the process if it is enabled and can't be disabled. -+ // 1: FIPS required: abort the process if it is not enabled and can't be enabled. -+ // other values: do not override OpenSSL configured FIPS mode. -+ var fips string -+ if v, _, ok := envGoFIPS(); ok { -+ fips = v -+ } else if systemFIPSMode() { -+ // System configuration can only force FIPS mode. -+ fips = "1" -+ } -+ switch fips { -+ case "0": -+ if openssl.FIPS() { -+ if err := openssl.SetFIPS(false); err != nil { -+ panic("opensslcrypto: can't disable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) -+ } -+ } -+ case "1": ++ if fips140.Enabled() { + if !openssl.FIPS() { + if err := openssl.SetFIPS(true); err != nil { + panic("opensslcrypto: can't enable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) + } + } -+ } -+ if openssl.FIPS() { -+ // FIPS mode is enabled, -+ // so force FIPS mode for crypto/tls and crypto/x509. -+ fipstls.Force() -+ } -+ sig.BoringCrypto() -+} -+ -+func systemFIPSMode() bool { -+ var fd int -+ for { -+ var err error -+ fd, err = syscall.Open("/proc/sys/crypto/fips_enabled", syscall.O_RDONLY, 0) -+ if err == nil { -+ break -+ } -+ switch err { -+ case syscall.EINTR: -+ continue -+ case syscall.ENOENT: -+ return false -+ default: -+ // If there is an error reading we could either panic or assume FIPS is not enabled. -+ // Panicking would be too disruptive for apps that don't require FIPS. -+ // If an app wants to be 100% sure that is running in FIPS mode -+ // it should use boring.Enabled() or GOFIPS=1. -+ return false ++ } else if fips140.Disabled() { ++ if openssl.FIPS() { ++ if err := openssl.SetFIPS(false); err != nil { ++ panic("opensslcrypto: can't disable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) ++ } + } + } -+ defer syscall.Close(fd) -+ var tmp [1]byte -+ n, err := syscall.Read(fd, tmp[:]) -+ if n != 1 || err != nil { -+ // We return false instead of panicing for the same reason as before. -+ return false -+ } -+ // fips_enabled can be either '0' or '1'. -+ return tmp[0] == '1' ++ sig.BoringCrypto() +} + +const RandReader = openssl.RandReader @@ -518,19 +518,22 @@ index b4efd6d3c50c11..fd8881e46df76e 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 578b4d6f68504c..80a14d54739524 100644 +index 6c7229b41c825e..6504a23ce5d51f 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -476,6 +476,8 @@ var depsRules = ` +@@ -479,8 +479,10 @@ var depsRules = ` + < crypto/cipher; crypto/cipher, - crypto/internal/boring/bcache +- crypto/internal/boring/bcache ++ crypto/internal/boring/bcache, + crypto/internal/backend/fips140 + < github.com/golang-fips/openssl/v2/internal/subtle + < github.com/golang-fips/openssl/v2 < crypto/internal/boring < crypto/internal/backend < crypto/boring; -@@ -514,6 +516,7 @@ var depsRules = ` +@@ -519,6 +521,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -538,7 +541,7 @@ index 578b4d6f68504c..80a14d54739524 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -812,7 +815,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -817,7 +820,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -547,7 +550,7 @@ index 578b4d6f68504c..80a14d54739524 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -822,7 +825,7 @@ func findImports(pkg string) ([]string, error) { +@@ -827,7 +830,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index efed82b61f2..800988bdf27 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -7,8 +7,11 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/ecdsa/badlinkname.go | 17 + src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 317 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 310 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- + src/crypto/internal/backend/fips140/cng.go | 30 ++ + src/crypto/internal/boring/fipstls/stub.s | 2 +- + src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/pss.go | 2 +- src/crypto/rsa/pss_test.go | 2 +- src/go.mod | 1 + @@ -19,10 +22,11 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 15 files changed, 391 insertions(+), 6 deletions(-) + 16 files changed, 417 insertions(+), 6 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go + create mode 100644 src/crypto/internal/backend/fips140/cng.go create mode 100644 src/internal/goexperiment/exp_cngcrypto_off.go create mode 100644 src/internal/goexperiment/exp_cngcrypto_on.go @@ -84,10 +88,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..543b5ed1b5d15c +index 00000000000000..7fb68218e56e9f --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,317 @@ +@@ -0,0 +1,310 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -102,7 +106,7 @@ index 00000000000000..543b5ed1b5d15c +import ( + "crypto" + "crypto/cipher" -+ "crypto/internal/boring/fipstls" ++ "crypto/internal/backend/fips140" + "crypto/internal/boring/sig" + "hash" + _ "unsafe" @@ -116,9 +120,7 @@ index 00000000000000..543b5ed1b5d15c +type BigInt = cng.BigInt + +func init() { -+ // 1: FIPS required: abort the process if the system is not in FIPS mode. -+ // other values: continue regardless of system-configured FIPS mode. -+ if v, _, ok := envGoFIPS(); ok && v == "1" { ++ if fips140.Enabled() { + enabled, err := cng.FIPS() + if err != nil { + panic("cngcrypto: unknown FIPS mode: " + err.Error()) @@ -127,11 +129,6 @@ index 00000000000000..543b5ed1b5d15c + panic("cngcrypto: not in FIPS mode") + } + } -+ if enabled, _ := cng.FIPS(); enabled { -+ // FIPS mode is enabled, -+ // so force FIPS mode for crypto/tls and crypto/x509. -+ fipstls.Force() -+ } + sig.BoringCrypto() +} + @@ -406,10 +403,10 @@ index 00000000000000..543b5ed1b5d15c + return cng.VerifyDSA(pub, hashed, r, s) +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index bc595e91024f11..7766d674f5cfaf 100644 +index 07d965bf8b467c..91223c0ef0f810 100644 --- a/src/crypto/internal/backend/common.go +++ b/src/crypto/internal/backend/common.go -@@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool { +@@ -44,7 +44,11 @@ func hasSuffix(s, t string) bool { // UnreachableExceptTests marks code that should be unreachable // when backend is in use. It panics. func UnreachableExceptTests() { @@ -422,7 +419,7 @@ index bc595e91024f11..7766d674f5cfaf 100644 name := runtime_arg0() // If ran on Windows we'd need to allow _test.exe and .test.exe as well. if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { -@@ -90,3 +94,10 @@ func IsRSAKeySupported(primes int) bool { +@@ -66,3 +70,10 @@ func IsRSAKeySupported(primes int) bool { // Given the above reasons, we only support 2-prime RSA keys. return primes == 2 } @@ -433,6 +430,42 @@ index bc595e91024f11..7766d674f5cfaf 100644 + } + return true +} +diff --git a/src/crypto/internal/backend/fips140/cng.go b/src/crypto/internal/backend/fips140/cng.go +new file mode 100644 +index 00000000000000..22e4197bbb3ba5 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/cng.go +@@ -0,0 +1,30 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.cngcrypto ++ ++package fips140 ++ ++import ( ++ "internal/syscall/windows/sysdll" ++ "syscall" ++ "unsafe" ++) ++ ++// Don't use github.com/microsoft/go-crypto-winnative here. ++// The fips140 package should have minimal dependencies. ++// Also, don't directly query the system FIPS mode from the registry, ++// there are some no-longer documented legacy entries that can enable FIPS mode, ++// and BCryptGetFipsAlgorithmMode supports them all. ++var ( ++ bcrypt = syscall.MustLoadDLL(sysdll.Add("bcrypt.dll")) ++ ++ bcryptGetFipsAlgorithmMode = bcrypt.MustFindProc("BCryptGetFipsAlgorithmMode") ++) ++ ++func systemFIPSMode() bool { ++ var enabled uint32 ++ bcryptGetFipsAlgorithmMode.Call(uintptr(unsafe.Pointer(&enabled))) ++ return enabled != 0 ++} diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go index 4aac87d7952081..010ee1467501c3 100644 --- a/src/crypto/rsa/pss.go @@ -484,13 +517,13 @@ index fd8881e46df76e..1d0d5a1b7845bb 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 80a14d54739524..74e0606b0ac903 100644 +index 6504a23ce5d51f..3b30b0dc249a94 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -476,6 +476,10 @@ var depsRules = ` - +@@ -481,6 +481,10 @@ var depsRules = ` crypto/cipher, - crypto/internal/boring/bcache + crypto/internal/boring/bcache, + crypto/internal/backend/fips140 + < github.com/microsoft/go-crypto-winnative/internal/subtle + < github.com/microsoft/go-crypto-winnative/internal/sysdll + < github.com/microsoft/go-crypto-winnative/internal/bcrypt @@ -498,7 +531,7 @@ index 80a14d54739524..74e0606b0ac903 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -516,6 +520,7 @@ var depsRules = ` +@@ -521,6 +525,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big From 59dc3845fa8438defb8650b1ffcf50235ed9f719 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 16 Dec 2024 09:24:01 +0100 Subject: [PATCH 152/887] handle error value --- patches/0005-Add-CNG-crypto-backend.patch | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 800988bdf27..1f81f0ce1b1 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/bbig/big_cng.go | 12 + src/crypto/internal/backend/cng_windows.go | 310 ++++++++++++++++++ src/crypto/internal/backend/common.go | 13 +- - src/crypto/internal/backend/fips140/cng.go | 30 ++ + src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/internal/boring/fipstls/stub.s | 2 +- src/crypto/internal/boring/fipstls/tls.go | 2 +- src/crypto/rsa/pss.go | 2 +- @@ -22,7 +22,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 16 files changed, 417 insertions(+), 6 deletions(-) + 17 files changed, 417 insertions(+), 6 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -88,7 +88,7 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..7fb68218e56e9f +index 00000000000000..2d7a18eaec2e23 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go @@ -0,0 +1,310 @@ @@ -432,10 +432,10 @@ index 07d965bf8b467c..91223c0ef0f810 100644 +} diff --git a/src/crypto/internal/backend/fips140/cng.go b/src/crypto/internal/backend/fips140/cng.go new file mode 100644 -index 00000000000000..22e4197bbb3ba5 +index 00000000000000..f769d15f94ab05 --- /dev/null +++ b/src/crypto/internal/backend/fips140/cng.go -@@ -0,0 +1,30 @@ +@@ -0,0 +1,33 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -463,7 +463,10 @@ index 00000000000000..22e4197bbb3ba5 + +func systemFIPSMode() bool { + var enabled uint32 -+ bcryptGetFipsAlgorithmMode.Call(uintptr(unsafe.Pointer(&enabled))) ++ ret, _, _ := bcryptGetFipsAlgorithmMode.Call(uintptr(unsafe.Pointer(&enabled))) ++ if ret != 0 { ++ return false ++ } + return enabled != 0 +} diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go From 2ba8745144ae9a48618fdce3ae435b632ded5b90 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 16 Dec 2024 10:37:37 +0100 Subject: [PATCH 153/887] update submodule to 18b5435fc8 --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index b33fc480a25..18b5435fc84 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit b33fc480a25c30d38104a9efaf73326c888e8557 +Subproject commit 18b5435fc84225ca303da7a110c7e8065dc4bbda From d2ea31c3a5f6923accd57486dabaa1a38ec69d88 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 16 Dec 2024 11:21:16 +0100 Subject: [PATCH 154/887] fix upstream conflicts --- .../0002-Add-crypto-backend-foundation.patch | 992 +++++++----------- patches/0004-Add-OpenSSL-crypto-backend.patch | 60 +- patches/0005-Add-CNG-crypto-backend.patch | 62 +- patches/0006-Vendor-crypto-backends.patch | 4 +- ...ternal-go.mod-files-used-for-codegen.patch | 40 +- ...521-when-TLS-fipsonly-mode-is-enable.patch | 52 +- 6 files changed, 488 insertions(+), 722 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 461bc71c991..c8ceedc8b80 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -4,79 +4,73 @@ Date: Thu, 30 Jun 2022 10:03:03 +0200 Subject: [PATCH] Add crypto backend foundation --- - src/cmd/api/boring_test.go | 2 +- - src/cmd/go/go_boring_test.go | 2 +- - src/crypto/aes/cipher.go | 2 +- - src/crypto/aes/cipher_asm.go | 2 +- - src/crypto/boring/boring.go | 4 +- - src/crypto/des/cipher.go | 7 + - src/crypto/dsa/boring.go | 113 ++++++++++ - src/crypto/dsa/dsa.go | 88 ++++++++ - src/crypto/dsa/notboring.go | 16 ++ - src/crypto/ecdh/ecdh.go | 2 +- - src/crypto/ecdh/nist.go | 2 +- - src/crypto/ecdsa/boring.go | 6 +- - src/crypto/ecdsa/ecdsa.go | 4 +- - src/crypto/ecdsa/notboring.go | 4 +- - src/crypto/ed25519/boring.go | 71 ++++++ - src/crypto/ed25519/ed25519.go | 75 ++++++- - src/crypto/ed25519/ed25519_test.go | 2 +- - src/crypto/ed25519/notboring.go | 16 ++ - src/crypto/hmac/hmac.go | 2 +- - src/crypto/hmac/hmac_test.go | 2 +- - src/crypto/internal/backend/backend_test.go | 30 +++ - src/crypto/internal/backend/bbig/big.go | 17 ++ - src/crypto/internal/backend/common.go | 68 ++++++ - .../backend/fips140/fips140.go | 55 +++++ - .../backend/fips140/isrequirefips.go | 9 + - .../backend/fips140/norequirefips.go | 9 + - .../backend/fips140/nosystemcrypto.go | 11 + - src/crypto/internal/backend/nobackend.go | 223 +++++++++++++++++++ - src/crypto/internal/backend/stub.s | 10 + - src/crypto/internal/boring/fipstls/stub.s | 2 +- - src/crypto/internal/boring/fipstls/tls.go | 7 +- - src/crypto/md5/md5.go | 7 + - src/crypto/md5/md5_test.go | 14 ++ - src/crypto/purego_test.go | 2 +- - src/crypto/rand/rand.go | 2 +- - src/crypto/rand/rand_test.go | 2 +- - src/crypto/rc4/rc4.go | 18 ++ - src/crypto/rsa/boring.go | 6 +- - src/crypto/rsa/boring_test.go | 2 +- - src/crypto/rsa/notboring.go | 4 +- - src/crypto/rsa/pkcs1v15.go | 10 +- - src/crypto/rsa/pkcs1v15_test.go | 5 + - src/crypto/rsa/pss.go | 8 +- - src/crypto/rsa/pss_test.go | 3 + - src/crypto/rsa/rsa.go | 21 +- - src/crypto/rsa/rsa_test.go | 12 +- - src/crypto/sha1/sha1.go | 2 +- - src/crypto/sha1/sha1_test.go | 12 +- - src/crypto/sha256/sha256.go | 6 +- - src/crypto/sha256/sha256_test.go | 20 +- - src/crypto/sha512/sha512.go | 2 +- - src/crypto/sha512/sha512_test.go | 20 +- - src/crypto/tls/boring.go | 2 +- - src/crypto/tls/boring_test.go | 7 +- - src/crypto/tls/cipher_suites.go | 2 +- - src/crypto/tls/fipsonly/fipsonly.go | 2 +- - src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- - src/crypto/tls/handshake_client.go | 10 +- - src/crypto/tls/handshake_server.go | 10 +- - src/crypto/tls/handshake_server_tls13.go | 10 + - src/crypto/tls/key_schedule.go | 23 +- - src/crypto/tls/notboring.go | 2 +- - src/crypto/tls/prf.go | 40 ++++ - src/crypto/x509/boring.go | 2 +- - src/crypto/x509/boring_test.go | 7 +- - src/crypto/x509/notboring.go | 2 +- - src/go/build/deps_test.go | 11 +- - src/hash/boring_test.go | 9 + - src/hash/marshal_test.go | 5 + - src/hash/notboring_test.go | 9 + - src/net/smtp/smtp_test.go | 72 +++--- - src/runtime/runtime_boring.go | 5 + - 73 files changed, 1180 insertions(+), 95 deletions(-) + src/cmd/api/boring_test.go | 2 +- + src/cmd/go/go_boring_test.go | 2 +- + src/crypto/aes/aes.go | 2 +- + src/crypto/boring/boring.go | 4 +- + src/crypto/cipher/ctr_aes_test.go | 2 +- + src/crypto/cipher/gcm_test.go | 2 +- + src/crypto/des/cipher.go | 7 + + src/crypto/dsa/boring.go | 113 +++++++++ + src/crypto/dsa/dsa.go | 88 +++++++ + src/crypto/dsa/notboring.go | 16 ++ + src/crypto/ecdh/ecdh.go | 2 +- + src/crypto/ecdh/nist.go | 2 +- + src/crypto/ecdsa/boring.go | 6 +- + src/crypto/ecdsa/ecdsa.go | 4 +- + src/crypto/ecdsa/notboring.go | 4 +- + src/crypto/ed25519/boring.go | 71 ++++++ + src/crypto/ed25519/ed25519.go | 73 ++++++ + src/crypto/ed25519/notboring.go | 16 ++ + src/crypto/hkdf/hkdf_test.go | 2 +- + src/crypto/hmac/hmac.go | 2 +- + src/crypto/hmac/hmac_test.go | 2 +- + src/crypto/internal/backend/backend_test.go | 30 +++ + src/crypto/internal/backend/bbig/big.go | 17 ++ + src/crypto/internal/backend/common.go | 72 ++++++ + .../internal/backend/fips140/fips140.go | 55 +++++ + .../internal/backend/fips140/isrequirefips.go | 9 + + .../internal/backend/fips140/norequirefips.go | 9 + + .../backend/fips140/nosystemcrypto.go | 11 + + src/crypto/internal/backend/nobackend.go | 223 ++++++++++++++++++ + src/crypto/internal/backend/stub.s | 10 + + src/crypto/internal/cryptotest/allocations.go | 2 +- + .../internal/cryptotest/implementations.go | 2 +- + src/crypto/md5/md5.go | 7 + + src/crypto/md5/md5_test.go | 14 ++ + src/crypto/pbkdf2/pbkdf2_test.go | 2 +- + src/crypto/purego_test.go | 2 +- + src/crypto/rand/rand.go | 2 +- + src/crypto/rc4/rc4.go | 18 ++ + src/crypto/rsa/boring.go | 6 +- + src/crypto/rsa/boring_test.go | 2 +- + src/crypto/rsa/fips.go | 10 +- + src/crypto/rsa/notboring.go | 4 +- + src/crypto/rsa/pkcs1v15.go | 6 +- + src/crypto/rsa/pkcs1v15_test.go | 5 + + src/crypto/rsa/rsa.go | 4 +- + src/crypto/rsa/rsa_test.go | 12 +- + src/crypto/sha1/sha1.go | 2 +- + src/crypto/sha1/sha1_test.go | 12 +- + src/crypto/sha256/sha256.go | 6 +- + src/crypto/sha256/sha256_test.go | 19 ++ + src/crypto/sha512/sha512.go | 2 +- + src/crypto/sha512/sha512_test.go | 19 ++ + src/crypto/tls/cipher_suites.go | 2 +- + src/crypto/tls/fipsonly/fipsonly.go | 2 +- + src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- + src/crypto/tls/handshake_client.go | 10 +- + src/crypto/tls/handshake_server.go | 10 +- + src/crypto/tls/handshake_server_tls13.go | 10 + + src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- + src/crypto/tls/prf.go | 41 ++++ + src/go/build/deps_test.go | 8 +- + src/hash/boring_test.go | 9 + + src/hash/marshal_test.go | 5 + + src/hash/notboring_test.go | 9 + + src/net/smtp/smtp_test.go | 72 ++++-- + src/runtime/runtime_boring.go | 5 + + 66 files changed, 1124 insertions(+), 80 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -119,31 +113,18 @@ index ed0fbf3d53d75b..06478963f4be44 100644 package main_test -diff --git a/src/crypto/aes/cipher.go b/src/crypto/aes/cipher.go -index cde2e45d2ca559..cf47a4fc57d8e2 100644 ---- a/src/crypto/aes/cipher.go -+++ b/src/crypto/aes/cipher.go -@@ -7,7 +7,7 @@ package aes - import ( - "crypto/cipher" - "crypto/internal/alias" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "strconv" - ) +diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go +index 5bc2d13d673e0a..b803c77be62a66 100644 +--- a/src/crypto/aes/aes.go ++++ b/src/crypto/aes/aes.go +@@ -15,7 +15,7 @@ package aes -diff --git a/src/crypto/aes/cipher_asm.go b/src/crypto/aes/cipher_asm.go -index 3e5f589c2cdd0b..e9d3c0be11ef61 100644 ---- a/src/crypto/aes/cipher_asm.go -+++ b/src/crypto/aes/cipher_asm.go -@@ -9,7 +9,7 @@ package aes import ( "crypto/cipher" - "crypto/internal/alias" - "crypto/internal/boring" + boring "crypto/internal/backend" - "internal/cpu" - "internal/goarch" + "crypto/internal/fips140/aes" + "strconv" ) diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go index 097c37e343fdb8..a5d603896d3890 100644 @@ -167,19 +148,45 @@ index 097c37e343fdb8..a5d603896d3890 100644 // Enabled reports whether BoringCrypto handles supported crypto operations. func Enabled() bool { +diff --git a/src/crypto/cipher/ctr_aes_test.go b/src/crypto/cipher/ctr_aes_test.go +index 33942467784ad3..0282ffa9fa23c8 100644 +--- a/src/crypto/cipher/ctr_aes_test.go ++++ b/src/crypto/cipher/ctr_aes_test.go +@@ -14,7 +14,7 @@ import ( + "bytes" + "crypto/aes" + "crypto/cipher" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + fipsaes "crypto/internal/fips140/aes" + "encoding/hex" +diff --git a/src/crypto/cipher/gcm_test.go b/src/crypto/cipher/gcm_test.go +index ea2b4e29e2b67f..f884b0d0fbefe7 100644 +--- a/src/crypto/cipher/gcm_test.go ++++ b/src/crypto/cipher/gcm_test.go +@@ -8,7 +8,7 @@ import ( + "bytes" + "crypto/aes" + "crypto/cipher" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "crypto/internal/fips140" + fipsaes "crypto/internal/fips140/aes" diff --git a/src/crypto/des/cipher.go b/src/crypto/des/cipher.go -index 04b73e7d3bf758..0891652a4566fb 100644 +index 21303b384cf757..0d3c4f810cfd8f 100644 --- a/src/crypto/des/cipher.go +++ b/src/crypto/des/cipher.go -@@ -7,6 +7,7 @@ package des +@@ -6,6 +6,7 @@ package des + import ( "crypto/cipher" - "crypto/internal/alias" + boring "crypto/internal/backend" - "internal/byteorder" - "strconv" - ) -@@ -30,6 +31,9 @@ func NewCipher(key []byte) (cipher.Block, error) { + "crypto/internal/fips140/alias" + "crypto/internal/fips140only" + "errors" +@@ -36,6 +37,9 @@ func NewCipher(key []byte) (cipher.Block, error) { if len(key) != 8 { return nil, KeySizeError(len(key)) } @@ -189,7 +196,7 @@ index 04b73e7d3bf758..0891652a4566fb 100644 c := new(desCipher) c.generateSubkeys(key) -@@ -74,6 +78,9 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { +@@ -84,6 +88,9 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { if len(key) != 24 { return nil, KeySizeError(len(key)) } @@ -319,15 +326,16 @@ index 00000000000000..7ea0c8c423e9ee + } +} diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 4524bd492feba0..ff890b1d06aea2 100644 +index 000becc82dfb79..6430bb3ea5e437 100644 --- a/src/crypto/dsa/dsa.go +++ b/src/crypto/dsa/dsa.go -@@ -18,7 +18,12 @@ import ( +@@ -18,8 +18,13 @@ import ( "io" "math/big" + boring "crypto/internal/backend" + "crypto/internal/backend/bbig" + "crypto/internal/fips140only" "crypto/internal/randutil" + + "golang.org/x/crypto/cryptobyte" @@ -335,7 +343,7 @@ index 4524bd492feba0..ff890b1d06aea2 100644 ) // Parameters represents the domain parameters for a key. These parameters can -@@ -86,6 +91,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes +@@ -91,6 +96,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes return errors.New("crypto/dsa: invalid ParameterSizes") } @@ -353,7 +361,7 @@ index 4524bd492feba0..ff890b1d06aea2 100644 qBytes := make([]byte, N/8) pBytes := make([]byte, L/8) -@@ -161,6 +177,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { +@@ -170,6 +186,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { return errors.New("crypto/dsa: parameters not set up before generating key") } @@ -371,7 +379,7 @@ index 4524bd492feba0..ff890b1d06aea2 100644 x := new(big.Int) xBytes := make([]byte, priv.Q.BitLen()/8) -@@ -212,6 +239,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err +@@ -225,6 +252,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err err = ErrInvalidPublicKey return } @@ -390,10 +398,10 @@ index 4524bd492feba0..ff890b1d06aea2 100644 n >>= 3 var attempts int -@@ -271,6 +310,14 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err - // to the byte-length of the subgroup. This function does not perform that - // truncation itself. - func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { +@@ -288,6 +327,14 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { + panic("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode") + } + + if boring.Enabled && boring.SupportsDSA(pub.P.BitLen(), pub.Q.BitLen()) { + bkey, err := boringPublicKey(pub) + if err != nil { @@ -405,7 +413,7 @@ index 4524bd492feba0..ff890b1d06aea2 100644 // FIPS 186-3, section 4.7 if pub.P.Sign() == 0 { -@@ -307,3 +354,44 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { +@@ -324,3 +371,44 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { return v.Cmp(r) == 0 } @@ -473,7 +481,7 @@ index 00000000000000..cd02ff5a00c3dc + panic("boringcrypto: not available") +} diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go -index b7c26f91e57f02..7a12e2bbaaafd1 100644 +index 231f1ea04c1010..cfa113e2345816 100644 --- a/src/crypto/ecdh/ecdh.go +++ b/src/crypto/ecdh/ecdh.go @@ -8,7 +8,7 @@ package ecdh @@ -482,21 +490,21 @@ index b7c26f91e57f02..7a12e2bbaaafd1 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" + "crypto/internal/fips140/ecdh" "crypto/subtle" "errors" - "io" diff --git a/src/crypto/ecdh/nist.go b/src/crypto/ecdh/nist.go -index b91e8f38a5a78e..2bb8f3486c8249 100644 +index acef8298943c2b..ca6171cf775117 100644 --- a/src/crypto/ecdh/nist.go +++ b/src/crypto/ecdh/nist.go -@@ -5,7 +5,7 @@ - package ecdh +@@ -6,7 +6,7 @@ package ecdh import ( + "bytes" - "crypto/internal/boring" + boring "crypto/internal/backend" - "crypto/internal/nistec" - "crypto/internal/randutil" + "crypto/internal/fips140/ecdh" + "crypto/internal/fips140only" "errors" diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go index 275c60b4de49eb..ff8bddf28c4545 100644 @@ -520,21 +528,20 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index 2179b01e8e3db5..9eb763cecfe687 100644 +index 77727aaf96befb..dedaa0fe4100b1 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go -@@ -30,9 +30,9 @@ import ( - "crypto/cipher" +@@ -18,8 +18,8 @@ import ( + "crypto" "crypto/ecdh" "crypto/elliptic" -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/bigmod" - "crypto/internal/boring" - "crypto/internal/boring/bbig" - "crypto/internal/nistec" ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/fips140/ecdsa" + "crypto/internal/fips140only" "crypto/internal/randutil" - "crypto/sha512" diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go index 039bd82ed21f9f..69a97d9bf250be 100644 --- a/src/crypto/ecdsa/notboring.go @@ -631,18 +638,18 @@ index 00000000000000..3a7d7b76c8d8d7 + return key, nil +} diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go -index b75c5a6458a218..303ea08c4b747f 100644 +index c1f8ff784e4a5c..308d814ff6302b 100644 --- a/src/crypto/ed25519/ed25519.go +++ b/src/crypto/ed25519/ed25519.go -@@ -18,6 +18,7 @@ package ed25519 +@@ -17,6 +17,7 @@ package ed25519 + import ( - "bytes" "crypto" + boring "crypto/internal/backend" - "crypto/internal/edwards25519" + "crypto/internal/fips140/ed25519" + "crypto/internal/fips140only" cryptorand "crypto/rand" - "crypto/sha512" -@@ -25,6 +26,7 @@ import ( +@@ -24,6 +25,7 @@ import ( "errors" "io" "strconv" @@ -650,7 +657,7 @@ index b75c5a6458a218..303ea08c4b747f 100644 ) const ( -@@ -142,6 +144,22 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { +@@ -138,6 +140,22 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { if rand == nil { rand = cryptorand.Reader } @@ -673,7 +680,7 @@ index b75c5a6458a218..303ea08c4b747f 100644 seed := make([]byte, SeedSize) if _, err := io.ReadFull(rand, seed); err != nil { -@@ -160,6 +178,17 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { +@@ -154,6 +172,17 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { // with RFC 8032. RFC 8032's private keys correspond to seeds in this // package. func NewKeyFromSeed(seed []byte) PrivateKey { @@ -691,7 +698,7 @@ index b75c5a6458a218..303ea08c4b747f 100644 // Outline the function body so that the returned key can be stack-allocated. privateKey := make([]byte, PrivateKeySize) newKeyFromSeed(privateKey, seed) -@@ -187,6 +216,17 @@ func newKeyFromSeed(privateKey, seed []byte) { +@@ -172,6 +201,17 @@ func newKeyFromSeed(privateKey, seed []byte) { // Sign signs the message with privateKey and returns a signature. It will // panic if len(privateKey) is not [PrivateKeySize]. func Sign(privateKey PrivateKey, message []byte) []byte { @@ -709,18 +716,8 @@ index b75c5a6458a218..303ea08c4b747f 100644 // Outline the function body so that the returned signature can be // stack-allocated. signature := make([]byte, SignatureSize) -@@ -265,9 +305,42 @@ func sign(signature, privateKey, message []byte, domPrefix, context string) { - // The inputs are not considered confidential, and may leak through timing side - // channels, or if an attacker has control of part of the inputs. - func Verify(publicKey PublicKey, message, sig []byte) bool { -+ if boring.Enabled && boring.SupportsEd25519() && testMalleability() { -+ pub, err := boringPublicKey(publicKey) -+ if err != nil { -+ return false -+ } -+ return boring.VerifyEd25519(pub, message, sig) == nil -+ } - return verify(publicKey, message, sig, domPrefixPure, "") +@@ -200,6 +240,32 @@ func Verify(publicKey PublicKey, message, sig []byte) bool { + return VerifyWithOptions(publicKey, message, sig, &Options{Hash: crypto.Hash(0)}) == nil } +// testMalleability returns true if the crypto backend correctly rejects @@ -752,28 +749,20 @@ index b75c5a6458a218..303ea08c4b747f 100644 // VerifyWithOptions reports whether sig is a valid signature of message by // publicKey. A valid signature is indicated by returning a nil error. It will // panic if len(publicKey) is not [PublicKeySize]. -@@ -301,7 +374,7 @@ func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) +@@ -228,6 +294,13 @@ func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) } - return nil + return ed25519.VerifyCtx(k, message, sig, opts.Context) case opts.Hash == crypto.Hash(0): // Ed25519 -- if !verify(publicKey, message, sig, domPrefixPure, "") { -+ if !Verify(publicKey, message, sig) { - return errors.New("ed25519: invalid signature") - } - return nil -diff --git a/src/crypto/ed25519/ed25519_test.go b/src/crypto/ed25519/ed25519_test.go -index 64901328a5e8c5..51cd6d0c8bc682 100644 ---- a/src/crypto/ed25519/ed25519_test.go -+++ b/src/crypto/ed25519/ed25519_test.go -@@ -9,7 +9,7 @@ import ( - "bytes" - "compress/gzip" - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/rand" - "crypto/sha512" - "encoding/hex" ++ if boring.Enabled && boring.SupportsEd25519() && testMalleability() { ++ pub, err := boringPublicKey(publicKey) ++ if err != nil { ++ return err ++ } ++ return boring.VerifyEd25519(pub, message, sig) ++ } + return ed25519.Verify(k, message, sig) + default: + return errors.New("ed25519: expected opts.Hash zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)") diff --git a/src/crypto/ed25519/notboring.go b/src/crypto/ed25519/notboring.go new file mode 100644 index 00000000000000..b0cdd44d81c753 @@ -796,8 +785,21 @@ index 00000000000000..b0cdd44d81c753 +func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) { + panic("boringcrypto: not available") +} +diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go +index 201b440289bb2d..4ed4960ff35b66 100644 +--- a/src/crypto/hkdf/hkdf_test.go ++++ b/src/crypto/hkdf/hkdf_test.go +@@ -6,7 +6,7 @@ package hkdf + + import ( + "bytes" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/md5" + "crypto/sha1" diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go -index b8c909cf015aa7..9f517e8e527363 100644 +index 72f5a4abea9d35..c88c6cbd128451 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -22,7 +22,7 @@ timing side-channels: @@ -806,9 +808,9 @@ index b8c909cf015aa7..9f517e8e527363 100644 import ( - "crypto/internal/boring" + boring "crypto/internal/backend" - "crypto/internal/fips/hmac" + "crypto/internal/fips140/hmac" + "crypto/internal/fips140only" "crypto/subtle" - "hash" diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go index 7accad763244a1..dd3211f2c37af3 100644 --- a/src/crypto/hmac/hmac_test.go @@ -883,10 +885,10 @@ index 00000000000000..20251a290dc2e0 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..07d965bf8b467c +index 00000000000000..858e76e3c51c06 --- /dev/null +++ b/src/crypto/internal/backend/common.go -@@ -0,0 +1,68 @@ +@@ -0,0 +1,72 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -955,6 +957,10 @@ index 00000000000000..07d965bf8b467c + // Given the above reasons, we only support 2-prime RSA keys. + return primes == 2 +} ++ ++func IsSaltSupported(salt int) bool { ++ return true ++} diff --git a/src/crypto/internal/backend/fips140/fips140.go b/src/crypto/internal/backend/fips140/fips140.go new file mode 100644 index 00000000000000..f54d39970319af @@ -1311,54 +1317,34 @@ index 00000000000000..5e4b436554d44d +// Having this assembly file keeps the go command +// from complaining about the missing body +// (because the implementation might be here). -diff --git a/src/crypto/internal/boring/fipstls/stub.s b/src/crypto/internal/boring/fipstls/stub.s -index f2e5a503eaacb6..35cf7532625efb 100644 ---- a/src/crypto/internal/boring/fipstls/stub.s -+++ b/src/crypto/internal/boring/fipstls/stub.s -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - // runtime_arg0 is declared in tls.go without a body. - // It's provided by package runtime, -diff --git a/src/crypto/internal/boring/fipstls/tls.go b/src/crypto/internal/boring/fipstls/tls.go -index b51f142fde8311..108b52d9d8fcb7 100644 ---- a/src/crypto/internal/boring/fipstls/tls.go -+++ b/src/crypto/internal/boring/fipstls/tls.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - // Package fipstls allows control over whether crypto/tls requires FIPS-approved settings. - // This package only exists with GOEXPERIMENT=boringcrypto, but the effects are independent -@@ -10,12 +10,19 @@ - package fipstls +diff --git a/src/crypto/internal/cryptotest/allocations.go b/src/crypto/internal/cryptotest/allocations.go +index 70055af70b42ec..3c4b4fbaa98ded 100644 +--- a/src/crypto/internal/cryptotest/allocations.go ++++ b/src/crypto/internal/cryptotest/allocations.go +@@ -5,7 +5,7 @@ + package cryptotest import ( -+ "crypto/internal/backend/fips140" - "internal/stringslite" - "sync/atomic" - ) - - var required atomic.Bool +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "internal/asan" + "internal/msan" + "internal/race" +diff --git a/src/crypto/internal/cryptotest/implementations.go b/src/crypto/internal/cryptotest/implementations.go +index 3fa730459050f6..1f28f12a6e7b4f 100644 +--- a/src/crypto/internal/cryptotest/implementations.go ++++ b/src/crypto/internal/cryptotest/implementations.go +@@ -5,7 +5,7 @@ + package cryptotest -+func init() { -+ if fips140.Enabled() { -+ Force() -+ } -+} -+ - // Force forces crypto/tls to restrict TLS configurations to FIPS-approved settings. - // By design, this call is impossible to undo (except in tests). - // + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/impl" + "internal/goos" + "internal/testenv" diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go -index c984c3f4968598..229dd457f8d53c 100644 +index 75e1fc7404724a..60428f8e1201de 100644 --- a/src/crypto/md5/md5.go +++ b/src/crypto/md5/md5.go @@ -12,6 +12,7 @@ package md5 @@ -1366,23 +1352,23 @@ index c984c3f4968598..229dd457f8d53c 100644 import ( "crypto" + boring "crypto/internal/backend" + "crypto/internal/fips140only" "errors" "hash" - "internal/byteorder" -@@ -103,6 +104,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { - // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal - // state of the hash. - func New() hash.Hash { +@@ -107,6 +108,9 @@ func New() hash.Hash { + if fips140only.Enabled { + panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") + } + if boring.Enabled && boring.SupportsHash(crypto.MD5) { + return boring.NewMD5() + } d := new(digest) d.Reset() return d -@@ -180,6 +184,9 @@ func (d *digest) checkSum() [Size]byte { - - // Sum returns the MD5 checksum of the data. - func Sum(data []byte) [Size]byte { +@@ -187,6 +191,9 @@ func Sum(data []byte) [Size]byte { + if fips140only.Enabled { + panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") + } + if boring.Enabled && boring.SupportsHash(crypto.MD5) { + return boring.MD5(data) + } @@ -1390,7 +1376,7 @@ index c984c3f4968598..229dd457f8d53c 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 6a8258a67e860c..61ea6b5153f617 100644 +index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -6,6 +6,7 @@ package md5 @@ -1435,6 +1421,19 @@ index 6a8258a67e860c..61ea6b5153f617 100644 for i, test := range largeUnmarshalTests { h := New() +diff --git a/src/crypto/pbkdf2/pbkdf2_test.go b/src/crypto/pbkdf2/pbkdf2_test.go +index 03980c7e54d3be..4968a666fad4e5 100644 +--- a/src/crypto/pbkdf2/pbkdf2_test.go ++++ b/src/crypto/pbkdf2/pbkdf2_test.go +@@ -6,7 +6,7 @@ package pbkdf2_test + + import ( + "bytes" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/pbkdf2" + "crypto/sha1" diff --git a/src/crypto/purego_test.go b/src/crypto/purego_test.go index 62be347e0c6822..d284b5cf7814a6 100644 --- a/src/crypto/purego_test.go @@ -1449,7 +1448,7 @@ index 62be347e0c6822..d284b5cf7814a6 100644 } diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go -index b3d0a7368f7fa0..c34b994a67a289 100644 +index 1ca16caa9563e6..3ef22b5ff8222b 100644 --- a/src/crypto/rand/rand.go +++ b/src/crypto/rand/rand.go @@ -7,7 +7,7 @@ @@ -1458,35 +1457,22 @@ index b3d0a7368f7fa0..c34b994a67a289 100644 import ( - "crypto/internal/boring" + boring "crypto/internal/backend" - "io" - "os" - "sync" -diff --git a/src/crypto/rand/rand_test.go b/src/crypto/rand/rand_test.go -index 63581b75fdbc7f..dd220c7c544f76 100644 ---- a/src/crypto/rand/rand_test.go -+++ b/src/crypto/rand/rand_test.go -@@ -7,7 +7,7 @@ package rand - import ( - "bytes" - "compress/flate" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "errors" - "internal/race" - "internal/testenv" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/sysrand" diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go -index 67452ec39f0fd4..47726d0ebe38d9 100644 +index 90943a0935befb..09ebdfd733e5d6 100644 --- a/src/crypto/rc4/rc4.go +++ b/src/crypto/rc4/rc4.go -@@ -11,6 +11,7 @@ package rc4 +@@ -10,6 +10,7 @@ + package rc4 import ( - "crypto/internal/alias" + boring "crypto/internal/backend" - "strconv" - ) - -@@ -18,6 +19,8 @@ import ( + "crypto/internal/fips140/alias" + "crypto/internal/fips140only" + "errors" +@@ -20,6 +21,8 @@ import ( type Cipher struct { s [256]uint32 i, j uint8 @@ -1495,7 +1481,7 @@ index 67452ec39f0fd4..47726d0ebe38d9 100644 } type KeySizeError int -@@ -33,6 +36,13 @@ func NewCipher(key []byte) (*Cipher, error) { +@@ -38,6 +41,13 @@ func NewCipher(key []byte) (*Cipher, error) { if k < 1 || k > 256 { return nil, KeySizeError(k) } @@ -1509,7 +1495,7 @@ index 67452ec39f0fd4..47726d0ebe38d9 100644 var c Cipher for i := 0; i < 256; i++ { c.s[i] = uint32(i) -@@ -50,6 +60,10 @@ func NewCipher(key []byte) (*Cipher, error) { +@@ -55,6 +65,10 @@ func NewCipher(key []byte) (*Cipher, error) { // Deprecated: Reset can't guarantee that the key will be entirely removed from // the process's memory. func (c *Cipher) Reset() { @@ -1520,7 +1506,7 @@ index 67452ec39f0fd4..47726d0ebe38d9 100644 for i := range c.s { c.s[i] = 0 } -@@ -59,6 +73,10 @@ func (c *Cipher) Reset() { +@@ -64,6 +78,10 @@ func (c *Cipher) Reset() { // XORKeyStream sets dst to the result of XORing src with the key stream. // Dst and src must overlap entirely or not at all. func (c *Cipher) XORKeyStream(dst, src []byte) { @@ -1553,7 +1539,7 @@ index b9f9d3154f2589..d52faddef45549 100644 "math/big" ) diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go -index 2234d079f0d9e7..94ce18b2338416 100644 +index 838fcc1244bdbe..d89f732345e8a3 100644 --- a/src/crypto/rsa/boring_test.go +++ b/src/crypto/rsa/boring_test.go @@ -2,7 +2,7 @@ @@ -1565,6 +1551,55 @@ index 2234d079f0d9e7..94ce18b2338416 100644 // Note: Can run these tests against the non-BoringCrypto // version of the code by using "CGO_ENABLED=0 go test". +diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go +index 24dfb38cf625bd..ccb027810a7e07 100644 +--- a/src/crypto/rsa/fips.go ++++ b/src/crypto/rsa/fips.go +@@ -6,7 +6,7 @@ package rsa + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140only" + "errors" +@@ -78,7 +78,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, + hash = opts.Hash + } + +- if boring.Enabled && rand == boring.RandReader { ++ if boring.Enabled && rand == boring.RandReader && boring.IsRSAKeySupported(len(priv.Primes)) && boring.SupportsHash(hash) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -136,7 +136,7 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts + return errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") + } + +- if boring.Enabled { ++ if boring.Enabled && boring.IsSaltSupported(opts.saltLength()) && boring.SupportsHash(hash) { + bkey, err := boringPublicKey(pub) + if err != nil { + return err +@@ -249,7 +249,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l + } + } + +- if boring.Enabled { ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { + k := priv.Size() + if len(ciphertext) > k || + k < hash.Size()*2+2 { +@@ -305,7 +305,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ + return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") + } + +- if boring.Enabled { ++ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go index 2abc0436405f8a..3e4d6f3eef61e6 100644 --- a/src/crypto/rsa/notboring.go @@ -1584,19 +1619,19 @@ index 2abc0436405f8a..3e4d6f3eef61e6 100644 func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { panic("boringcrypto: not available") diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 2f958022f98584..790d9cef5d3563 100644 +index f1e4ef48a4fd1c..cb5aa30920bb7d 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go -@@ -7,7 +7,7 @@ package rsa +@@ -5,7 +5,7 @@ + package rsa + import ( - "bytes" - "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140only" "crypto/internal/randutil" - "crypto/subtle" - "errors" -@@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b +@@ -104,7 +104,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b return nil, err } @@ -1605,8 +1640,8 @@ index 2f958022f98584..790d9cef5d3563 100644 bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -189,7 +189,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, - return +@@ -203,7 +203,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, + return 0, nil, 0, err } - if boring.Enabled { @@ -1614,26 +1649,8 @@ index 2f958022f98584..790d9cef5d3563 100644 var bkey *boring.PrivateKeyRSA bkey, err = boringPrivateKey(priv) if err != nil { -@@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) && (hash == 0 || boring.SupportsHash(hash)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -343,7 +343,7 @@ func pkcs1v15ConstructEM(pub *PublicKey, hash crypto.Hash, hashed []byte) ([]byt - // The inputs are not considered confidential, and may leak through timing side - // channels, or if an attacker has control of part of the inputs. - func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error { -- if boring.Enabled { -+ if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) { - bkey, err := boringPublicKey(pub) - if err != nil { - return err diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go -index dfa1eddc886ff3..849dafacf93d0f 100644 +index c65552cd93526a..910416abe842f5 100644 --- a/src/crypto/rsa/pkcs1v15_test.go +++ b/src/crypto/rsa/pkcs1v15_test.go @@ -7,6 +7,7 @@ package rsa_test @@ -1644,7 +1661,7 @@ index dfa1eddc886ff3..849dafacf93d0f 100644 "crypto/rand" . "crypto/rsa" "crypto/sha1" -@@ -229,6 +230,10 @@ func TestVerifyPKCS1v15(t *testing.T) { +@@ -235,6 +236,10 @@ func TestVerifyPKCS1v15(t *testing.T) { } func TestOverlongMessagePKCS1v15(t *testing.T) { @@ -1652,124 +1669,26 @@ index dfa1eddc886ff3..849dafacf93d0f 100644 + // See for example https://github.com/golang-fips/openssl/pull/142. + t.Skip("Some backends do not return an error for overlong messages.") + } + t.Setenv("GODEBUG", "rsa1024min=0") ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") - _, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) - if err == nil { -diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 5716c464ca0a33..4aac87d7952081 100644 ---- a/src/crypto/rsa/pss.go -+++ b/src/crypto/rsa/pss.go -@@ -9,7 +9,7 @@ package rsa - import ( - "bytes" - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "errors" - "hash" - "io" -@@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([ - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -300,7 +300,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - hash = opts.Hash - } - -- if boring.Enabled && rand == boring.RandReader { -+ if boring.Enabled && rand == boring.RandReader && boring.IsRSAKeySupported(len(priv.Primes)) && boring.SupportsHash(hash) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -342,7 +342,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - // The inputs are not considered confidential, and may leak through timing side - // channels, or if an attacker has control of part of the inputs. - func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsHash(hash) { - bkey, err := boringPublicKey(pub) - if err != nil { - return err -diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index 637d07e18cff2e..2c82f50adf38b8 100644 ---- a/src/crypto/rsa/pss_test.go -+++ b/src/crypto/rsa/pss_test.go -@@ -296,6 +296,9 @@ func TestInvalidPSSSaltLength(t *testing.T) { - SaltLength: -2, - Hash: crypto.SHA256, - }); err.Error() != InvalidSaltLenErr.Error() { -+ // The OpenSSL and CNG backend returns the error required in Go tip. -+ // This change will conflict with the upstream sync PR, where we will be able to remove this. -+ t.Skip("TODO: unskip when upstream sync PR is merged") - t.Fatalf("SignPSS unexpected error: got %v, want %v", err, InvalidSaltLenErr) - } - + _, err := DecryptPKCS1v15(nil, test512Key, ciphertext) diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 4d78d1eaaa6be0..a016c4f8362cf5 100644 +index fb23f003a6f217..be374dad6969d5 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go -@@ -26,14 +26,15 @@ package rsa +@@ -42,8 +42,8 @@ package rsa import ( "crypto" -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/bigmod" - "crypto/internal/boring" - "crypto/internal/boring/bbig" - "crypto/internal/randutil" - "crypto/rand" - "crypto/subtle" - "errors" - "hash" -+ "internal/goexperiment" - "io" - "math" - "math/big" -@@ -479,7 +480,13 @@ func mgf1XOR(out []byte, hash hash.Hash, seed []byte) { - var ErrMessageTooLong = errors.New("crypto/rsa: message too long for RSA key size") - - func encrypt(pub *PublicKey, plaintext []byte) ([]byte, error) { -- boring.Unreachable() -+ if goexperiment.BoringCrypto { -+ // encrypt is reached when the hash function or the salt length -+ // are not supported by the crypto backend. BoringCrypto does -+ // support everything, so use it to check that we don't -+ // accidentally reach this code path. -+ boring.Unreachable() -+ } - - N, err := bigmod.NewModulusFromBig(pub.N) - if err != nil { -@@ -638,7 +645,11 @@ const noCheck = false - // m^e is calculated and compared with ciphertext, in order to defend against - // errors in the CRT computation. - func decrypt(priv *PrivateKey, ciphertext []byte, check bool) ([]byte, error) { -- if len(priv.Primes) <= 2 { -+ if goexperiment.BoringCrypto { -+ // decrypt is reached when the hash function or the number of primers -+ // are not supported by the crypto backend. BoringCrypto does -+ // support everything, so use it to check that we don't -+ // accidentally reach this code path. - boring.Unreachable() - } - -@@ -718,7 +729,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci - return nil, ErrDecryption - } - -- if boring.Enabled { -+ if boring.Enabled && hash == mgfHash && boring.IsRSAKeySupported(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/fips140/bigmod" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140only" diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 2afa045a3a0bd2..c6294694521c69 100644 +index 2474ab82dfa207..78e9b47f051484 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -8,7 +8,7 @@ import ( @@ -1778,10 +1697,10 @@ index 2afa045a3a0bd2..c6294694521c69 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" + "crypto/internal/cryptotest" "crypto/rand" . "crypto/rsa" - "crypto/sha1" -@@ -113,6 +113,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { +@@ -129,6 +129,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { if priv.D.Cmp(priv.N) > 0 { t.Errorf("private exponent too large") } @@ -1793,7 +1712,7 @@ index 2afa045a3a0bd2..c6294694521c69 100644 msg := []byte("hi!") enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) -@@ -187,6 +192,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { +@@ -209,6 +214,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { if err := priv.Validate(); err != nil { t.Errorf("Validate() failed: %s", err) } @@ -1806,7 +1725,7 @@ index 2afa045a3a0bd2..c6294694521c69 100644 msg := []byte("test") enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go -index 8189d1946d8ea5..8f5f7f27f26fea 100644 +index b799f0d2fb1548..9aa23e9aa17e89 100644 --- a/src/crypto/sha1/sha1.go +++ b/src/crypto/sha1/sha1.go @@ -10,7 +10,7 @@ package sha1 @@ -1815,11 +1734,11 @@ index 8189d1946d8ea5..8f5f7f27f26fea 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" + "crypto/internal/fips140only" "errors" "hash" - "internal/byteorder" diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index d03892c57d4e61..f848659c6e4aa3 100644 +index 9d707b7cde5c2d..cb0c343afc46b6 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go @@ -8,7 +8,7 @@ package sha1 @@ -1856,7 +1775,7 @@ index d03892c57d4e61..f848659c6e4aa3 100644 h := New() diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index d87c689c9001ad..7584c380af0cec 100644 +index 069938a22dbc5a..8d0e06b86f4359 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -8,7 +8,7 @@ package sha256 @@ -1865,7 +1784,7 @@ index d87c689c9001ad..7584c380af0cec 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" - "crypto/internal/fips/sha256" + "crypto/internal/fips140/sha256" "hash" ) @@ -43,7 +43,7 @@ func New() hash.Hash { @@ -1887,19 +1806,18 @@ index d87c689c9001ad..7584c380af0cec 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index ffd16386515830..58632c01dc6a7f 100644 +index e1af9640e25547..41df7dbebf7e7a 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go -@@ -8,7 +8,7 @@ package sha256 +@@ -8,6 +8,7 @@ package sha256 import ( "bytes" -- "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/cryptotest" "encoding" "fmt" -@@ -157,6 +157,11 @@ func testGoldenMarshal(t *testing.T) { +@@ -155,6 +156,11 @@ func testGoldenMarshal(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -1911,7 +1829,7 @@ index ffd16386515830..58632c01dc6a7f 100644 for _, g := range tt.gold { h := tt.newHash() h2 := tt.newHash() -@@ -206,6 +211,14 @@ func TestMarshalTypeMismatch(t *testing.T) { +@@ -204,6 +210,14 @@ func TestMarshalTypeMismatch(t *testing.T) { h1 := New() h2 := New224() @@ -1926,7 +1844,7 @@ index ffd16386515830..58632c01dc6a7f 100644 state1, err := h1.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { t.Errorf("could not marshal: %v", err) -@@ -277,6 +290,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -275,6 +289,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -1939,7 +1857,7 @@ index ffd16386515830..58632c01dc6a7f 100644 h := New() diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go -index 0a12fde7bc060b..ca752598e4343a 100644 +index 1435eac1f5b5dc..17e8501154762a 100644 --- a/src/crypto/sha512/sha512.go +++ b/src/crypto/sha512/sha512.go @@ -12,7 +12,7 @@ package sha512 @@ -1948,23 +1866,22 @@ index 0a12fde7bc060b..ca752598e4343a 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" - "crypto/internal/fips/sha512" + "crypto/internal/fips140/sha512" "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index fdad37b1863ae8..cf6e4c395cd4fb 100644 +index 1fe9d132bb186d..a2c2926359a192 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go -@@ -8,7 +8,7 @@ package sha512 +@@ -8,6 +8,7 @@ package sha512 import ( "bytes" -- "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/cryptotest" "encoding" "encoding/hex" -@@ -746,6 +746,11 @@ func testGoldenMarshal(t *testing.T) { +@@ -744,6 +745,11 @@ func testGoldenMarshal(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { for _, test := range tt.golden { @@ -1976,7 +1893,7 @@ index fdad37b1863ae8..cf6e4c395cd4fb 100644 h := tt.newHash() h2 := tt.newHash() -@@ -807,6 +812,14 @@ func TestMarshalMismatch(t *testing.T) { +@@ -805,6 +811,14 @@ func TestMarshalMismatch(t *testing.T) { h1 := fn1() h2 := fn2() @@ -1991,7 +1908,7 @@ index fdad37b1863ae8..cf6e4c395cd4fb 100644 state, err := h1.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { t.Errorf("i=%d: could not marshal: %v", i, err) -@@ -882,6 +895,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -880,6 +894,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -2003,46 +1920,8 @@ index fdad37b1863ae8..cf6e4c395cd4fb 100644 for i, test := range largeUnmarshalTests { h := New() -diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go -index c44ae92f2528f3..ddfec0c438265e 100644 ---- a/src/crypto/tls/boring.go -+++ b/src/crypto/tls/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package tls - -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 56050421985927..863ad8d1faf810 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package tls - -@@ -25,6 +25,11 @@ import ( - "time" - ) - -+func init() { -+ // crypto/tls expects fipstls.Required() to be false. -+ fipstls.Abandon() -+} -+ - func allCipherSuitesIncludingTLS13() []uint16 { - s := allCipherSuites() - for _, suite := range cipherSuitesTLS13 { diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 917a1eff42d34f..f6f57130b64f41 100644 +index 01d65688284f97..d8a26c24024348 100644 --- a/src/crypto/tls/cipher_suites.go +++ b/src/crypto/tls/cipher_suites.go @@ -10,7 +10,7 @@ import ( @@ -2051,11 +1930,11 @@ index 917a1eff42d34f..f6f57130b64f41 100644 "crypto/hmac" - "crypto/internal/boring" + boring "crypto/internal/backend" + fipsaes "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" "crypto/rc4" - "crypto/sha1" - "crypto/sha256" diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go -index e5e47835e2f48d..7dccbc7c3d748a 100644 +index e702f44e986746..e506a0d8841237 100644 --- a/src/crypto/tls/fipsonly/fipsonly.go +++ b/src/crypto/tls/fipsonly/fipsonly.go @@ -2,7 +2,7 @@ @@ -2068,7 +1947,7 @@ index e5e47835e2f48d..7dccbc7c3d748a 100644 // Package fipsonly restricts all TLS configuration to FIPS-approved settings. // diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go -index f8485dc3ca1c29..d4915031340480 100644 +index 027bc22c33c921..eba08da985f832 100644 --- a/src/crypto/tls/fipsonly/fipsonly_test.go +++ b/src/crypto/tls/fipsonly/fipsonly_test.go @@ -2,7 +2,7 @@ @@ -2081,10 +1960,10 @@ index f8485dc3ca1c29..d4915031340480 100644 package fipsonly diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 760e827f467f15..393c59ba8f1183 100644 +index ecc62ff2edefc0..776fec96f0f349 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go -@@ -541,7 +541,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { +@@ -548,7 +548,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { // Does the handshake, either a full one or resumes old session. Requires hs.c, // hs.hello, hs.serverHello, and, optionally, hs.session to be set. @@ -2102,10 +1981,10 @@ index 760e827f467f15..393c59ba8f1183 100644 isResume, err := hs.processServerHello() diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go -index bc4e51ba364cf1..0933837161573e 100644 +index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 --- a/src/crypto/tls/handshake_server.go +++ b/src/crypto/tls/handshake_server.go -@@ -62,7 +62,15 @@ func (c *Conn) serverHandshake(ctx context.Context) error { +@@ -64,7 +64,15 @@ func (c *Conn) serverHandshake(ctx context.Context) error { return hs.handshake() } @@ -2123,7 +2002,7 @@ index bc4e51ba364cf1..0933837161573e 100644 if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index b8cf4c3fa50b24..bc5d32a29c50c4 100644 +index 3552d89ba3bc6f..958ec81dc64966 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -9,6 +9,7 @@ import ( @@ -2131,10 +2010,10 @@ index b8cf4c3fa50b24..bc5d32a29c50c4 100644 "crypto" "crypto/hmac" + boring "crypto/internal/backend" - "crypto/internal/mlkem768" - "crypto/rsa" - "errors" -@@ -441,6 +442,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { + "crypto/internal/fips140/hkdf" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/tls13" +@@ -477,6 +478,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { } marshaler, ok := in.(binaryMarshaler) if !ok { @@ -2150,62 +2029,29 @@ index b8cf4c3fa50b24..bc5d32a29c50c4 100644 return nil } state, err := marshaler.MarshalBinary() -diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go -index 1636baf79e7288..747c3c0883230c 100644 ---- a/src/crypto/tls/key_schedule.go -+++ b/src/crypto/tls/key_schedule.go -@@ -60,10 +60,18 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by - // significantly more confusing to users. - panic(fmt.Errorf("failed to construct HKDF label: %s", err)) - } -- out := make([]byte, length) -- n, err := hkdf.Expand(c.hash.New, secret, hkdfLabelBytes).Read(out) -- if err != nil || n != length { -- panic("tls: HKDF-Expand-Label invocation failed unexpectedly") -+ var out []byte -+ if boring.Enabled && boring.SupportsHKDF() { -+ out, err = boring.ExpandHKDF(c.hash.New, secret, hkdfLabelBytes, length) -+ if err != nil { -+ panic(fmt.Errorf("tls: HKDF-Expand-Label invocation failed unexpectedly: %s", err)) -+ } -+ } else { -+ out = make([]byte, length) -+ n, err := hkdf.Expand(c.hash.New, secret, hkdfLabelBytes).Read(out) -+ if err != nil || n != length { -+ panic("tls: HKDF-Expand-Label invocation failed unexpectedly") -+ } - } - return out - } -@@ -81,6 +89,13 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { - if newSecret == nil { - newSecret = make([]byte, c.hash.Size()) - } -+ if boring.Enabled && boring.SupportsHKDF() { -+ prk, err := boring.ExtractHKDF(c.hash.New, newSecret, currentSecret) -+ if err != nil { -+ panic(fmt.Errorf("tls: HKDF-Extract invocation failed unexpectedly: %s", err)) -+ } -+ return prk -+ } - return hkdf.Extract(c.hash.New, newSecret, currentSecret) - } +diff --git a/src/crypto/tls/internal/fips140tls/fipstls.go b/src/crypto/tls/internal/fips140tls/fipstls.go +index 24d78d60cf5b64..a6bfd3f17c1911 100644 +--- a/src/crypto/tls/internal/fips140tls/fipstls.go ++++ b/src/crypto/tls/internal/fips140tls/fipstls.go +@@ -6,6 +6,7 @@ + package fips140tls -diff --git a/src/crypto/tls/notboring.go b/src/crypto/tls/notboring.go -index bdbc32e05b35dd..3bfe4096471910 100644 ---- a/src/crypto/tls/notboring.go -+++ b/src/crypto/tls/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !goexperiment.systemcrypto - - package tls + import ( ++ bfips140 "crypto/internal/backend/fips140" + "crypto/internal/fips140" + "sync/atomic" + ) +@@ -13,7 +14,7 @@ import ( + var required atomic.Bool + func init() { +- if fips140.Enabled { ++ if fips140.Enabled || bfips140.Enabled() { + Force() + } + } diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go -index a7fa3370e66c82..d34cd41f0891db 100644 +index e7369542a73270..ff52175e4ac636 100644 --- a/src/crypto/tls/prf.go +++ b/src/crypto/tls/prf.go @@ -7,6 +7,7 @@ package tls @@ -2213,10 +2059,10 @@ index a7fa3370e66c82..d34cd41f0891db 100644 "crypto" "crypto/hmac" + boring "crypto/internal/backend" + "crypto/internal/fips140/tls12" "crypto/md5" "crypto/sha1" - "crypto/sha256" -@@ -44,8 +45,41 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { +@@ -47,9 +48,42 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { } } @@ -2248,107 +2094,57 @@ index a7fa3370e66c82..d34cd41f0891db 100644 +} + // prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. - func prf10(result, secret, label, seed []byte) { + func prf10(secret []byte, label string, seed []byte, keyLen int) []byte { + result := make([]byte, keyLen) + if boring.Enabled && boring.SupportsTLS1PRF() { -+ if err := boring.TLS1PRF(result, secret, label, seed, nil); err != nil { ++ if err := boring.TLS1PRF(result, secret, []byte(label), seed, nil); err != nil { + panicBoringPRFError(fmt.Errorf("crypto/tls: prf10: %v", err)) + } -+ return ++ return result + } hashSHA1 := sha1.New hashMD5 := md5.New -@@ -66,6 +100,12 @@ func prf10(result, secret, label, seed []byte) { +@@ -72,6 +106,13 @@ func prf10(secret []byte, label string, seed []byte, keyLen int) []byte { // prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. - func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { - return func(result, secret, label, seed []byte) { + func prf12(hashFunc func() hash.Hash) prfFunc { + return func(secret []byte, label string, seed []byte, keyLen int) []byte { + if boring.Enabled && boring.SupportsTLS1PRF() { -+ if err := boring.TLS1PRF(result, secret, label, seed, hashFunc); err != nil { ++ result := make([]byte, keyLen) ++ if err := boring.TLS1PRF(result, secret, []byte(label), seed, hashFunc); err != nil { + panicBoringPRFError(fmt.Errorf("crypto/tls: prf12: %v", err)) + } -+ return ++ return result + } - labelAndSeed := make([]byte, len(label)+len(seed)) - copy(labelAndSeed, label) - copy(labelAndSeed[len(label):], seed) -diff --git a/src/crypto/x509/boring.go b/src/crypto/x509/boring.go -index 095b58c31590d4..6b32417ea85657 100644 ---- a/src/crypto/x509/boring.go -+++ b/src/crypto/x509/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package x509 - -diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index 319ac61f49c994..b5f52252fb3e37 100644 ---- a/src/crypto/x509/boring_test.go -+++ b/src/crypto/x509/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package x509 - -@@ -26,6 +26,11 @@ const ( - boringCertFIPSOK = 0x80 - ) - -+func init() { -+ // crypto/tls expects fipstls.Required() to be false. -+ fipstls.Abandon() -+} -+ - func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey { - t.Helper() - k, err := rsa.GenerateKey(rand.Reader, size) -diff --git a/src/crypto/x509/notboring.go b/src/crypto/x509/notboring.go -index c83a7272c9f01f..7f6e574dc0c2dc 100644 ---- a/src/crypto/x509/notboring.go -+++ b/src/crypto/x509/notboring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !goexperiment.systemcrypto - - package x509 - + return tls12.PRF(hashFunc, secret, label, seed, keyLen) + } + } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index c6a2518f62ff3a..6c7229b41c825e 100644 +index cc7f4df7f388ea..58082b3636f209 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -457,14 +457,20 @@ var depsRules = ` - < crypto/internal/fips/hmac +@@ -491,9 +491,11 @@ var depsRules = ` + < crypto/internal/fips140/rsa < FIPS; + syscall < crypto/internal/backend/fips140; + - NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; -- sync/atomic < crypto/internal/boring/bcache, crypto/internal/boring/fipstls; -+ sync/atomic, -+ crypto/internal/backend/fips140 -+ < crypto/internal/boring/bcache, crypto/internal/boring/fipstls; - crypto/internal/boring/sig, crypto/internal/boring/fipstls < crypto/tls/fipsonly; + FIPS < crypto/internal/fips140/check/checktest; + +- FIPS, sync/atomic < crypto/tls/internal/fips140tls; ++ FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls; + + FIPS, internal/godebug, hash < crypto/fips140, crypto/internal/fips140only; - # CRYPTO is core crypto algorithms - no cgo, fmt, net. - FIPS, +@@ -505,6 +507,7 @@ var depsRules = ` + FIPS, crypto/internal/fips140only, crypto/internal/boring/sig, -+ crypto/internal/boring/fipstls, crypto/internal/boring/syso, + encoding/binary, golang.org/x/sys/cpu, hash, embed < crypto -@@ -474,7 +480,9 @@ var depsRules = ` +@@ -514,7 +517,9 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -2357,15 +2153,15 @@ index c6a2518f62ff3a..6c7229b41c825e 100644 + < crypto/internal/backend < crypto/boring; - crypto/internal/alias, math/rand/v2 -@@ -512,6 +520,7 @@ var depsRules = ` + crypto/boring +@@ -546,6 +551,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig + < crypto/internal/backend/bbig < crypto/rand - < crypto/internal/mlkem768 < crypto/ed25519 + < encoding/asn1 diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go new file mode 100644 index 00000000000000..52748c44698076 diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 20b7b606716..318411a5b78 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -10,7 +10,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../internal/backend/bbig/big_openssl.go | 12 + .../internal/backend/fips140/openssl.go | 41 +++ src/crypto/internal/backend/openssl_linux.go | 323 ++++++++++++++++++ - src/crypto/tls/key_schedule.go | 1 + + src/crypto/rsa/rsa_test.go | 3 + src/go.mod | 1 + src/go.sum | 2 + src/go/build/deps_test.go | 9 +- @@ -19,7 +19,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 16 files changed, 429 insertions(+), 5 deletions(-) + 15 files changed, 428 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -27,10 +27,10 @@ Subject: [PATCH] Add OpenSSL crypto backend create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 0facfb579cb196..223472e20d24a5 100644 +index 5a981f8bc147de..b38d84db20172a 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1225,12 +1225,11 @@ func (t *tester) registerCgoTests(heading string) { +@@ -1322,12 +1322,11 @@ func (t *tester) registerCgoTests(heading string) { // a C linker warning on Linux. // in function `bio_ip_and_port_to_socket_and_addr': // warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking @@ -42,7 +42,7 @@ index 0facfb579cb196..223472e20d24a5 100644 } - // Static linking tests - if goos != "android" && p != "netbsd/arm" { + if goos != "android" && p != "netbsd/arm" && !t.msan && !t.asan { // TODO(#56629): Why does this fail on netbsd-arm? diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 @@ -64,10 +64,10 @@ index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index 0c37a1dc1f8c15..faf8a1874d5f28 100644 +index 2d8f964f3594c6..a587e1abde57c9 100644 --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go -@@ -1163,6 +1163,7 @@ var hostobj []Hostobj +@@ -1172,6 +1172,7 @@ var hostobj []Hostobj // These packages can use internal linking mode. // Others trigger external mode. var internalpkg = []string{ @@ -142,7 +142,7 @@ index 00000000000000..118efa3a492a7d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..bccf529a4bcfac +index 00000000000000..06329e4faef026 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go @@ -0,0 +1,323 @@ @@ -470,10 +470,10 @@ index 00000000000000..bccf529a4bcfac + return openssl.VerifyDSA(pub, hashed, sig) +} diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index c6294694521c69..ab99b176ac9540 100644 +index 78e9b47f051484..4fdfcdc4c91004 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go -@@ -700,6 +700,9 @@ func TestDecryptOAEP(t *testing.T) { +@@ -846,6 +846,9 @@ func TestDecryptOAEP(t *testing.T) { } func Test2DecryptOAEP(t *testing.T) { @@ -483,20 +483,8 @@ index c6294694521c69..ab99b176ac9540 100644 random := rand.Reader msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} -diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go -index 747c3c0883230c..ee9274bb63b9b4 100644 ---- a/src/crypto/tls/key_schedule.go -+++ b/src/crypto/tls/key_schedule.go -@@ -7,6 +7,7 @@ package tls - import ( - "crypto/ecdh" - "crypto/hmac" -+ boring "crypto/internal/backend" - "crypto/internal/mlkem768" - "errors" - "fmt" diff --git a/src/go.mod b/src/go.mod -index df27f25e789f05..30e45951c763fa 100644 +index 7a1318dcac32ba..186ced4a1123a8 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std @@ -504,25 +492,25 @@ index df27f25e789f05..30e45951c763fa 100644 require ( + github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd + golang.org/x/crypto v0.30.0 + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) diff --git a/src/go.sum b/src/go.sum -index b4efd6d3c50c11..fd8881e46df76e 100644 +index 9e661352f16e0b..0a58eccb57a869 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ +github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= +github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= + golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= + golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 6c7229b41c825e..6504a23ce5d51f 100644 +index afbdd6770f3f79..2694c2ec84d091 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -479,8 +479,10 @@ var depsRules = ` - < crypto/cipher; +@@ -516,8 +516,10 @@ var depsRules = ` + < crypto/sha3; crypto/cipher, - crypto/internal/boring/bcache @@ -533,7 +521,7 @@ index 6c7229b41c825e..6504a23ce5d51f 100644 < crypto/internal/boring < crypto/internal/backend < crypto/boring; -@@ -519,6 +521,7 @@ var depsRules = ` +@@ -550,6 +552,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -541,7 +529,7 @@ index 6c7229b41c825e..6504a23ce5d51f 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -817,7 +820,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -845,7 +848,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -550,7 +538,7 @@ index 6c7229b41c825e..6504a23ce5d51f 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -827,7 +830,7 @@ func findImports(pkg string) ([]string, error) { +@@ -855,7 +858,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} @@ -602,7 +590,7 @@ index 00000000000000..a7f2712e9e1464 +const OpenSSLCrypto = true +const OpenSSLCryptoInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index d7cf7655f3cea3..9c8b16735cd4f1 100644 +index e126e388e84025..233a12ee542328 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go @@ -59,6 +59,7 @@ type Flags struct { diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 1f81f0ce1b1..c9d98f1f721 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -8,11 +8,8 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + src/crypto/internal/backend/cng_windows.go | 310 ++++++++++++++++++ - src/crypto/internal/backend/common.go | 13 +- + src/crypto/internal/backend/common.go | 9 +- src/crypto/internal/backend/fips140/cng.go | 33 ++ - src/crypto/internal/boring/fipstls/stub.s | 2 +- - src/crypto/internal/boring/fipstls/tls.go | 2 +- - src/crypto/rsa/pss.go | 2 +- src/crypto/rsa/pss_test.go | 2 +- src/go.mod | 1 + src/go.sum | 2 + @@ -22,7 +19,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 17 files changed, 417 insertions(+), 6 deletions(-) + 15 files changed, 412 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -403,7 +400,7 @@ index 00000000000000..2d7a18eaec2e23 + return cng.VerifyDSA(pub, hashed, r, s) +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index 07d965bf8b467c..91223c0ef0f810 100644 +index 858e76e3c51c06..91223c0ef0f810 100644 --- a/src/crypto/internal/backend/common.go +++ b/src/crypto/internal/backend/common.go @@ -44,7 +44,11 @@ func hasSuffix(s, t string) bool { @@ -419,17 +416,15 @@ index 07d965bf8b467c..91223c0ef0f810 100644 name := runtime_arg0() // If ran on Windows we'd need to allow _test.exe and .test.exe as well. if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { -@@ -66,3 +70,10 @@ func IsRSAKeySupported(primes int) bool { - // Given the above reasons, we only support 2-prime RSA keys. - return primes == 2 +@@ -68,5 +72,8 @@ func IsRSAKeySupported(primes int) bool { } -+ -+func IsSaltSupported(salt int) bool { + + func IsSaltSupported(salt int) bool { + if goexperiment.CNGCrypto { + return salt != 0 // rsa.PSSSaltLengthAuto + } -+ return true -+} + return true + } diff --git a/src/crypto/internal/backend/fips140/cng.go b/src/crypto/internal/backend/fips140/cng.go new file mode 100644 index 00000000000000..f769d15f94ab05 @@ -469,34 +464,21 @@ index 00000000000000..f769d15f94ab05 + } + return enabled != 0 +} -diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 4aac87d7952081..010ee1467501c3 100644 ---- a/src/crypto/rsa/pss.go -+++ b/src/crypto/rsa/pss.go -@@ -342,7 +342,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - // The inputs are not considered confidential, and may leak through timing side - // channels, or if an attacker has control of part of the inputs. - func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error { -- if boring.Enabled && boring.SupportsHash(hash) { -+ if boring.Enabled && boring.IsSaltSupported(opts.saltLength()) && boring.SupportsHash(hash) { - bkey, err := boringPublicKey(pub) - if err != nil { - return err diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index 2c82f50adf38b8..33630f14dcc8d4 100644 +index e03f4ab06603c6..a9928c0c7d8259 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go -@@ -284,7 +284,7 @@ func fromHex(hexStr string) []byte { - } +@@ -241,7 +241,7 @@ func fromHex(hexStr string) []byte { func TestInvalidPSSSaltLength(t *testing.T) { + t.Setenv("GODEBUG", "rsa1024min=0") - key, err := GenerateKey(rand.Reader, 245) + key, err := GenerateKey(rand.Reader, 512) if err != nil { t.Fatal(err) } diff --git a/src/go.mod b/src/go.mod -index 30e45951c763fa..0209eeb6b8642c 100644 +index 186ced4a1123a8..e9da0eb1301b93 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 @@ -504,11 +486,11 @@ index 30e45951c763fa..0209eeb6b8642c 100644 require ( github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf + github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd + golang.org/x/crypto v0.30.0 + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) diff --git a/src/go.sum b/src/go.sum -index fd8881e46df76e..1d0d5a1b7845bb 100644 +index 0a58eccb57a869..b464f023942b74 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ @@ -516,14 +498,14 @@ index fd8881e46df76e..1d0d5a1b7845bb 100644 github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 h1:fMAxrMWT19/kkIZIuB9cjqW8SqRxCH2+2ZiZr5qrpuI= +github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= + golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= + golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 6504a23ce5d51f..3b30b0dc249a94 100644 +index 37cb128ba9409a..3ceabaebc7ea46 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -481,6 +481,10 @@ var depsRules = ` +@@ -518,6 +518,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache, crypto/internal/backend/fips140 @@ -534,7 +516,7 @@ index 6504a23ce5d51f..3b30b0dc249a94 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -521,6 +525,7 @@ var depsRules = ` +@@ -552,6 +556,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -598,7 +580,7 @@ index 00000000000000..99ee2542ca38a9 +const CNGCrypto = true +const CNGCryptoInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index 9c8b16735cd4f1..2e6bf5d7f8284d 100644 +index 233a12ee542328..8c140f0dbed134 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go @@ -60,6 +60,7 @@ type Flags struct { diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index eafa5600be4..2aebec3fff2 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -11541,7 +11541,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index cf5c0b83c9eeef..e116e36e2473fd 100644 +index 1c8de570cc2f1f..9df7e15cd2ddde 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -11556,6 +11556,6 @@ index cf5c0b83c9eeef..e116e36e2473fd 100644 +github.com/microsoft/go-crypto-winnative/internal/bcrypt +github.com/microsoft/go-crypto-winnative/internal/subtle +github.com/microsoft/go-crypto-winnative/internal/sysdll - # golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 + # golang.org/x/crypto v0.30.0 ## explicit; go 1.20 golang.org/x/crypto/chacha20 diff --git a/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch index 89379537352..39e77834982 100644 --- a/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch +++ b/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch @@ -37,29 +37,29 @@ Submitting upgrades directly upstream would avoid this issue, but it would be hard to justify these unnecessary upgrades. --- - src/crypto/internal/bigmod/_asm/{go.mod => no.mod} | 0 - src/crypto/internal/bigmod/_asm/{go.sum => no.sum} | 0 - src/crypto/internal/edwards25519/field/_asm/{go.mod => no.mod} | 0 - src/crypto/internal/edwards25519/field/_asm/{go.sum => no.sum} | 0 + src/crypto/internal/fips140/bigmod/_asm/{go.mod => no.mod} | 0 + src/crypto/internal/fips140/bigmod/_asm/{go.sum => no.sum} | 0 + .../internal/fips140/edwards25519/field/_asm/{go.mod => no.mod} | 0 + .../internal/fips140/edwards25519/field/_asm/{go.sum => no.sum} | 0 4 files changed, 0 insertions(+), 0 deletions(-) - rename src/crypto/internal/bigmod/_asm/{go.mod => no.mod} (100%) - rename src/crypto/internal/bigmod/_asm/{go.sum => no.sum} (100%) - rename src/crypto/internal/edwards25519/field/_asm/{go.mod => no.mod} (100%) - rename src/crypto/internal/edwards25519/field/_asm/{go.sum => no.sum} (100%) + rename src/crypto/internal/fips140/bigmod/_asm/{go.mod => no.mod} (100%) + rename src/crypto/internal/fips140/bigmod/_asm/{go.sum => no.sum} (100%) + rename src/crypto/internal/fips140/edwards25519/field/_asm/{go.mod => no.mod} (100%) + rename src/crypto/internal/fips140/edwards25519/field/_asm/{go.sum => no.sum} (100%) -diff --git a/src/crypto/internal/bigmod/_asm/go.mod b/src/crypto/internal/bigmod/_asm/no.mod +diff --git a/src/crypto/internal/fips140/bigmod/_asm/go.mod b/src/crypto/internal/fips140/bigmod/_asm/no.mod similarity index 100% -rename from src/crypto/internal/bigmod/_asm/go.mod -rename to src/crypto/internal/bigmod/_asm/no.mod -diff --git a/src/crypto/internal/bigmod/_asm/go.sum b/src/crypto/internal/bigmod/_asm/no.sum +rename from src/crypto/internal/fips140/bigmod/_asm/go.mod +rename to src/crypto/internal/fips140/bigmod/_asm/no.mod +diff --git a/src/crypto/internal/fips140/bigmod/_asm/go.sum b/src/crypto/internal/fips140/bigmod/_asm/no.sum similarity index 100% -rename from src/crypto/internal/bigmod/_asm/go.sum -rename to src/crypto/internal/bigmod/_asm/no.sum -diff --git a/src/crypto/internal/edwards25519/field/_asm/go.mod b/src/crypto/internal/edwards25519/field/_asm/no.mod +rename from src/crypto/internal/fips140/bigmod/_asm/go.sum +rename to src/crypto/internal/fips140/bigmod/_asm/no.sum +diff --git a/src/crypto/internal/fips140/edwards25519/field/_asm/go.mod b/src/crypto/internal/fips140/edwards25519/field/_asm/no.mod similarity index 100% -rename from src/crypto/internal/edwards25519/field/_asm/go.mod -rename to src/crypto/internal/edwards25519/field/_asm/no.mod -diff --git a/src/crypto/internal/edwards25519/field/_asm/go.sum b/src/crypto/internal/edwards25519/field/_asm/no.sum +rename from src/crypto/internal/fips140/edwards25519/field/_asm/go.mod +rename to src/crypto/internal/fips140/edwards25519/field/_asm/no.mod +diff --git a/src/crypto/internal/fips140/edwards25519/field/_asm/go.sum b/src/crypto/internal/fips140/edwards25519/field/_asm/no.sum similarity index 100% -rename from src/crypto/internal/edwards25519/field/_asm/go.sum -rename to src/crypto/internal/edwards25519/field/_asm/no.sum +rename from src/crypto/internal/fips140/edwards25519/field/_asm/go.sum +rename to src/crypto/internal/fips140/edwards25519/field/_asm/no.sum diff --git a/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch index 8000003204f..7b39f407e72 100644 --- a/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch +++ b/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch @@ -10,36 +10,15 @@ Upstream follows the boringssl FIPS policy, which doesn't allow P-521. This change adds support for P-521 in TLS when fipsonly mode is enabled. --- - src/crypto/tls/boring_test.go | 3 ++- - src/crypto/tls/defaults.go | 3 ++- + src/crypto/tls/defaults.go | 3 ++- + src/crypto/tls/fips_test.go | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 3cdde9780352a4..0682dfb162268c 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -113,7 +113,7 @@ func isBoringCipherSuite(id uint16) bool { - - func isBoringCurve(id CurveID) bool { - switch id { -- case CurveP256, CurveP384: -+ case CurveP256, CurveP384, CurveP521: - return true - } - return false -@@ -137,6 +137,7 @@ func isBoringSignatureScheme(alg SignatureScheme) bool { - PKCS1WithSHA384, - ECDSAWithP384AndSHA384, - PKCS1WithSHA512, -+ ECDSAWithP521AndSHA512, - PSSWithSHA256, - PSSWithSHA384, - PSSWithSHA512: diff --git a/src/crypto/tls/defaults.go b/src/crypto/tls/defaults.go -index ad4070df4a8883..26b6602b841209 100644 +index f25d0d3ce3f9eb..08c091168d6383 100644 --- a/src/crypto/tls/defaults.go +++ b/src/crypto/tls/defaults.go -@@ -99,7 +99,7 @@ var defaultSupportedVersionsFIPS = []uint16{ +@@ -102,7 +102,7 @@ var defaultSupportedVersionsFIPS = []uint16{ // defaultCurvePreferencesFIPS are the FIPS-allowed curves, // in preference order (most preferable first). @@ -48,7 +27,7 @@ index ad4070df4a8883..26b6602b841209 100644 // defaultSupportedSignatureAlgorithmsFIPS currently are a subset of // defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1. -@@ -112,6 +112,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{ +@@ -115,6 +115,7 @@ var defaultSupportedSignatureAlgorithmsFIPS = []SignatureScheme{ PKCS1WithSHA384, ECDSAWithP384AndSHA384, PKCS1WithSHA512, @@ -56,3 +35,24 @@ index ad4070df4a8883..26b6602b841209 100644 } // defaultCipherSuitesFIPS are the FIPS-allowed cipher suites. +diff --git a/src/crypto/tls/fips_test.go b/src/crypto/tls/fips_test.go +index ab3c4465ddff0c..fc47e8ba8313cd 100644 +--- a/src/crypto/tls/fips_test.go ++++ b/src/crypto/tls/fips_test.go +@@ -111,7 +111,7 @@ func isFIPSCipherSuite(id uint16) bool { + + func isFIPSCurve(id CurveID) bool { + switch id { +- case CurveP256, CurveP384: ++ case CurveP256, CurveP384, CurveP521: + return true + } + return false +@@ -135,6 +135,7 @@ func isFIPSSignatureScheme(alg SignatureScheme) bool { + PKCS1WithSHA384, + ECDSAWithP384AndSHA384, + PKCS1WithSHA512, ++ ECDSAWithP521AndSHA512, + PSSWithSHA256, + PSSWithSHA384, + PSSWithSHA512: From 337ce7fa68608c096ca8a9cbe484bd7bf9a0e5a0 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 16 Dec 2024 14:05:43 +0100 Subject: [PATCH 155/887] skip failing tests --- .../0002-Add-crypto-backend-foundation.patch | 63 ++++++++++++++++++- patches/0005-Add-CNG-crypto-backend.patch | 20 +----- 2 files changed, 65 insertions(+), 18 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index c8ceedc8b80..7612ea62ed8 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -15,6 +15,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/dsa/dsa.go | 88 +++++++ src/crypto/dsa/notboring.go | 16 ++ src/crypto/ecdh/ecdh.go | 2 +- + src/crypto/ecdh/ecdh_test.go | 4 + src/crypto/ecdh/nist.go | 2 +- src/crypto/ecdsa/boring.go | 6 +- src/crypto/ecdsa/ecdsa.go | 4 +- @@ -48,6 +49,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/notboring.go | 4 +- src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pkcs1v15_test.go | 5 + + src/crypto/rsa/pss_test.go | 5 + src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 12 +- src/crypto/sha1/sha1.go | 2 +- @@ -66,11 +68,12 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/prf.go | 41 ++++ src/go/build/deps_test.go | 8 +- src/hash/boring_test.go | 9 + + src/hash/example_test.go | 2 + src/hash/marshal_test.go | 5 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 66 files changed, 1124 insertions(+), 80 deletions(-) + 69 files changed, 1135 insertions(+), 80 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -493,6 +496,28 @@ index 231f1ea04c1010..cfa113e2345816 100644 "crypto/internal/fips140/ecdh" "crypto/subtle" "errors" +diff --git a/src/crypto/ecdh/ecdh_test.go b/src/crypto/ecdh/ecdh_test.go +index 75d2480775669f..6a4d26fbafe090 100644 +--- a/src/crypto/ecdh/ecdh_test.go ++++ b/src/crypto/ecdh/ecdh_test.go +@@ -9,6 +9,7 @@ import ( + "crypto" + "crypto/cipher" + "crypto/ecdh" ++ boring "crypto/internal/backend" + "crypto/rand" + "crypto/sha256" + "encoding/hex" +@@ -280,6 +281,9 @@ var invalidPrivateKeys = map[ecdh.Curve][]string{ + } + + func TestNewPrivateKey(t *testing.T) { ++ if boring.Enabled { ++ t.Skip("skipping test with different results when using different backends") ++ } + testAllCurves(t, func(t *testing.T, curve ecdh.Curve) { + for _, input := range invalidPrivateKeys[curve] { + k, err := curve.NewPrivateKey(hexDecode(t, input)) diff --git a/src/crypto/ecdh/nist.go b/src/crypto/ecdh/nist.go index acef8298943c2b..ca6171cf775117 100644 --- a/src/crypto/ecdh/nist.go @@ -1672,6 +1697,29 @@ index c65552cd93526a..910416abe842f5 100644 t.Setenv("GODEBUG", "rsa1024min=0") ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") _, err := DecryptPKCS1v15(nil, test512Key, ciphertext) +diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go +index e03f4ab06603c6..a4af0a2144870a 100644 +--- a/src/crypto/rsa/pss_test.go ++++ b/src/crypto/rsa/pss_test.go +@@ -8,6 +8,7 @@ import ( + "bufio" + "compress/bzip2" + "crypto" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/rand" + . "crypto/rsa" +@@ -180,6 +181,10 @@ func TestPSSSigning(t *testing.T) { + continue + } + ++ if boring.Enabled && test.good != test.fipsGood { ++ t.Skip("skipping test with different results when using different backends") ++ } ++ + opts.SaltLength = test.verifySaltLength + err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) + good := test.good diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index fb23f003a6f217..be374dad6969d5 100644 --- a/src/crypto/rsa/rsa.go @@ -2177,6 +2225,19 @@ index 00000000000000..52748c44698076 +package hash_test + +const boringEnabled = true +diff --git a/src/hash/example_test.go b/src/hash/example_test.go +index f07b9aaa2c4898..b380537215634d 100644 +--- a/src/hash/example_test.go ++++ b/src/hash/example_test.go +@@ -2,6 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + ++//go:build !goexperiment.systemcrypto ++ + package hash_test + + import ( diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go index 3091f7a67acede..fead8cc4bec73a 100644 --- a/src/hash/marshal_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index c9d98f1f721..3d4d8cb3724 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -15,11 +15,10 @@ Subject: [PATCH] Add CNG crypto backend src/go.sum | 2 + src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + - src/hash/example_test.go | 2 + .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 15 files changed, 412 insertions(+), 5 deletions(-) + 14 files changed, 410 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -465,10 +464,10 @@ index 00000000000000..f769d15f94ab05 + return enabled != 0 +} diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index e03f4ab06603c6..a9928c0c7d8259 100644 +index a4af0a2144870a..7d7115cff81cea 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go -@@ -241,7 +241,7 @@ func fromHex(hexStr string) []byte { +@@ -246,7 +246,7 @@ func fromHex(hexStr string) []byte { func TestInvalidPSSSaltLength(t *testing.T) { t.Setenv("GODEBUG", "rsa1024min=0") @@ -536,19 +535,6 @@ index 7c821ae4bc5727..1d0b9b20e9b1d4 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/hash/example_test.go b/src/hash/example_test.go -index f07b9aaa2c4898..2ff6c4827391c0 100644 ---- a/src/hash/example_test.go -+++ b/src/hash/example_test.go -@@ -2,6 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - -+//go:build !goexperiment.cngcrypto -+ - package hash_test - - import ( diff --git a/src/internal/goexperiment/exp_cngcrypto_off.go b/src/internal/goexperiment/exp_cngcrypto_off.go new file mode 100644 index 00000000000000..831460053281e2 From 486cb165323c393364de61a985d1a9146446c1db Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 16 Dec 2024 15:01:54 +0100 Subject: [PATCH 156/887] don't mark azurelinux3 as broken --- eng/pipeline/stages/go-builder-matrix-stages.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index cd7a7dfd0ab..3d0827fa482 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -91,8 +91,8 @@ stages: - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2 } - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: mariner2, fips: true } - - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, broken: true } - - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, fips: true, broken: true } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3 } + - { experiment: opensslcrypto, os: linux, arch: amd64, config: test, distro: azurelinux3, fips: true } - { experiment: boringcrypto, os: linux, arch: amd64, config: test } - { experiment: boringcrypto, os: linux, arch: amd64, config: test, distro: ubuntu } - { os: windows, arch: amd64, config: devscript } From f572c516c9aa58b98425c9f1a97926742c951dc8 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 17 Dec 2024 10:35:07 +0100 Subject: [PATCH 157/887] upgrade github.com/microsoft/go-infra to v0.0.6 --- eng/_util/go.mod | 6 +++--- eng/_util/go.sum | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 3393abeda93..283c59e1cde 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -7,7 +7,7 @@ module github.com/microsoft/go/_util go 1.22.0 require ( - github.com/microsoft/go-infra v0.0.5 + github.com/microsoft/go-infra v0.0.6 github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 golang.org/x/sys v0.28.0 gotest.tools/gotestsum v1.12.0 @@ -23,7 +23,7 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 // indirect - golang.org/x/sync v0.8.0 // indirect + golang.org/x/sync v0.10.0 // indirect golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/text v0.21.0 // indirect ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index ffefea135f1..30bcc59b1ce 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -27,8 +27,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= -github.com/microsoft/go-infra v0.0.5 h1:2vfRe5hJUwJvnXcHDJiv/gqE0XIqCHnwXBFxXRm5+SI= -github.com/microsoft/go-infra v0.0.5/go.mod h1:abvc0FBd6VZIdqeJEgo3+SDIE3wSbjpvPhRZ0i21pls= +github.com/microsoft/go-infra v0.0.6 h1:RB/Jx3bMC8I+16Ra9iy+HcrHe3Ss1iM46OZ0LzNUZ0Y= +github.com/microsoft/go-infra v0.0.6/go.mod h1:L+TMMmm7bkfgUfx1FZmReNHXL9m4oqvc+bVXCuaKD30= github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 h1:i/EXV3vFmJ6UYZ8a4fM2ssKlvSstxvJfiUHau81iNZE= github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67/go.mod h1:SFsdKAEHdmGsGoh8FkksVaxoQ3rnnJ/TBqN09Ml/0Cw= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= @@ -63,8 +63,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -104,8 +104,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= @@ -114,8 +114,8 @@ golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gotest.tools/gotestsum v1.12.0 h1:CmwtaGDkHxrZm4Ib0Vob89MTfpc3GrEFMJKovliPwGk= gotest.tools/gotestsum v1.12.0/go.mod h1:fAvqkSptospfSbQw26CTYzNwnsE/ztqLeyhP0h67ARY= From f331d62478ecd242decac5267f9d086537dc4d46 Mon Sep 17 00:00:00 2001 From: George Adams Date: Tue, 17 Dec 2024 21:36:45 +0000 Subject: [PATCH 158/887] Implement crypto/pbkdf2 with the OpenSSL/CNG backends (#1450) --- .../0002-Add-crypto-backend-foundation.patch | 36 ++++++++++++++++--- .../0003-Add-BoringSSL-crypto-backend.patch | 14 +++++--- patches/0004-Add-OpenSSL-crypto-backend.patch | 18 +++++++--- patches/0005-Add-CNG-crypto-backend.patch | 14 +++++--- 4 files changed, 65 insertions(+), 17 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 7612ea62ed8..411d846547a 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -33,12 +33,13 @@ Subject: [PATCH] Add crypto backend foundation .../internal/backend/fips140/isrequirefips.go | 9 + .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + - src/crypto/internal/backend/nobackend.go | 223 ++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 229 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- src/crypto/md5/md5.go | 7 + src/crypto/md5/md5_test.go | 14 ++ + src/crypto/pbkdf2/pbkdf2.go | 4 + src/crypto/pbkdf2/pbkdf2_test.go | 2 +- src/crypto/purego_test.go | 2 +- src/crypto/rand/rand.go | 2 +- @@ -73,7 +74,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 69 files changed, 1135 insertions(+), 80 deletions(-) + 70 files changed, 1145 insertions(+), 80 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -1099,10 +1100,10 @@ index 00000000000000..83691d7dd42d51 +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..ffa8d38e5d490f +index 00000000000000..71e0ec9dc25a02 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,223 @@ +@@ -0,0 +1,229 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -1235,6 +1236,12 @@ index 00000000000000..ffa8d38e5d490f + panic("cryptobackend: not available") +} + ++func SupportsPBKDF2() bool { panic("cryptobackend: not available") } ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ +func SupportsTLS1PRF() bool { panic("cryptobackend: not available") } + +func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { @@ -1446,6 +1453,27 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 for i, test := range largeUnmarshalTests { h := New() +diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go +index 0fdd9e822d40a5..bc8e560487a6ef 100644 +--- a/src/crypto/pbkdf2/pbkdf2.go ++++ b/src/crypto/pbkdf2/pbkdf2.go +@@ -19,6 +19,7 @@ pbkdf2.Key. + package pbkdf2 + + import ( ++ boring "crypto/internal/backend" + "crypto/internal/fips140/pbkdf2" + "crypto/internal/fips140only" + "errors" +@@ -53,5 +54,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL + return nil, errors.New("crypto/pbkdf2: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") + } + } ++ if boring.Enabled && boring.SupportsPBKDF2() { ++ return boring.PBKDF2([]byte(password), salt, iter, keyLength, func() hash.Hash { return h() }) ++ } + return pbkdf2.Key(h, password, salt, iter, keyLength) + } diff --git a/src/crypto/pbkdf2/pbkdf2_test.go b/src/crypto/pbkdf2/pbkdf2_test.go index 03980c7e54d3be..4968a666fad4e5 100644 --- a/src/crypto/pbkdf2/pbkdf2_test.go diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 8a7c0aaa2df..d60a06344d5 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,9 +5,9 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 257 ++++++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 263 ++++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + - 3 files changed, 281 insertions(+) + 3 files changed, 286 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go create mode 100644 src/crypto/internal/backend/fips140/boring.go @@ -32,10 +32,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..31e57a8dffd4c3 +index 00000000000000..b1bd6d5ba756d7 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,257 @@ +@@ -0,0 +1,263 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -196,6 +196,12 @@ index 00000000000000..31e57a8dffd4c3 + panic("cryptobackend: not available") +} + ++func SupportsPBKDF2() bool { return false } ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ +func SupportsTLS1PRF() bool { return false } + +func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 318411a5b78..64277f1de6d 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/cmd/link/internal/ld/lib.go | 1 + .../internal/backend/bbig/big_openssl.go | 12 + .../internal/backend/fips140/openssl.go | 41 +++ - src/crypto/internal/backend/openssl_linux.go | 323 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 331 ++++++++++++++++++ src/crypto/rsa/rsa_test.go | 3 + src/go.mod | 1 + src/go.sum | 2 + @@ -19,7 +19,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 15 files changed, 428 insertions(+), 5 deletions(-) + 15 files changed, 436 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -142,10 +142,10 @@ index 00000000000000..118efa3a492a7d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..06329e4faef026 +index 00000000000000..d3a663737a1ce3 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,323 @@ +@@ -0,0 +1,331 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -362,6 +362,14 @@ index 00000000000000..06329e4faef026 + return openssl.ExtractHKDF(h, secret, salt) +} + ++func SupportsPBKDF2() bool { ++ return openssl.SupportsPBKDF2() ++} ++ ++func PBKDF2(pass, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { ++ return openssl.PBKDF2(pass, salt, iter, keyLen, h) ++} ++ +func SupportsTLS1PRF() bool { + return openssl.SupportsTLS1PRF() +} @@ -506,7 +514,7 @@ index 9e661352f16e0b..0a58eccb57a869 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index afbdd6770f3f79..2694c2ec84d091 100644 +index 58082b3636f209..37cb128ba9409a 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -516,8 +516,10 @@ var depsRules = ` diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 3d4d8cb3724..4ed2d8c4976 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -7,7 +7,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/ecdsa/badlinkname.go | 17 + src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 310 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 316 ++++++++++++++++++ src/crypto/internal/backend/common.go | 9 +- src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/rsa/pss_test.go | 2 +- @@ -18,7 +18,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 14 files changed, 410 insertions(+), 5 deletions(-) + 14 files changed, 416 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -84,10 +84,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..2d7a18eaec2e23 +index 00000000000000..c37247c8a2c7c6 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,310 @@ +@@ -0,0 +1,316 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -295,6 +295,12 @@ index 00000000000000..2d7a18eaec2e23 + return cng.ExtractHKDF(h, secret, salt) +} + ++func SupportsPBKDF2() bool { return true } ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { ++ return cng.PBKDF2(password, salt, iter, keyLen, h) ++} ++ +func SupportsTLS1PRF() bool { + return true +} From 646086032c418e016eb6e368eee9492ce7ddd083 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 18 Dec 2024 10:09:37 +0000 Subject: [PATCH 159/887] Implement crypto/hkdf with the OpenSSL/CNG backends (#1449) --- .../0002-Add-crypto-backend-foundation.patch | 49 ++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 411d846547a..aff2ca97720 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -23,6 +23,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/ed25519/boring.go | 71 ++++++ src/crypto/ed25519/ed25519.go | 73 ++++++ src/crypto/ed25519/notboring.go | 16 ++ + src/crypto/hkdf/hkdf.go | 14 ++ src/crypto/hkdf/hkdf_test.go | 2 +- src/crypto/hmac/hmac.go | 2 +- src/crypto/hmac/hmac_test.go | 2 +- @@ -74,7 +75,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 70 files changed, 1145 insertions(+), 80 deletions(-) + 71 files changed, 1159 insertions(+), 80 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -811,6 +812,52 @@ index 00000000000000..b0cdd44d81c753 +func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) { + panic("boringcrypto: not available") +} +diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go +index 7cfbe2c60de356..78139ed6170da5 100644 +--- a/src/crypto/hkdf/hkdf.go ++++ b/src/crypto/hkdf/hkdf.go +@@ -11,6 +11,7 @@ + package hkdf + + import ( ++ boring "crypto/internal/backend" + "crypto/internal/fips140/hkdf" + "crypto/internal/fips140only" + "errors" +@@ -27,6 +28,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { + if err := checkFIPS140Only(h, secret); err != nil { + return nil, err + } ++ if boring.Enabled && boring.SupportsHKDF() { ++ return boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) ++ } + return hkdf.Extract(h, secret, salt), nil + } + +@@ -47,6 +51,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen + return nil, errors.New("hkdf: requested key length too large") + } + ++ if boring.Enabled && boring.SupportsHKDF() { ++ return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) ++ } + return hkdf.Expand(h, pseudorandomKey, info, keyLength), nil + } + +@@ -63,6 +70,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen + return nil, errors.New("hkdf: requested key length too large") + } + ++ if boring.Enabled && boring.SupportsHKDF() { ++ pseudorandomKey, err := boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) ++ if err != nil { ++ return nil, err ++ } ++ return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) ++ } + return hkdf.Key(h, secret, salt, info, keyLength), nil + } + diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go index 201b440289bb2d..4ed4960ff35b66 100644 --- a/src/crypto/hkdf/hkdf_test.go From 18eaed4ca1684f05d4b0cd12245fccc7f4dc2436 Mon Sep 17 00:00:00 2001 From: mertakman Date: Fri, 20 Dec 2024 12:04:37 +0000 Subject: [PATCH 160/887] fix:update patches --- .../0002-Add-crypto-backend-foundation.patch | 75 +++++++++++++++---- 1 file changed, 60 insertions(+), 15 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index aff2ca97720..0fffa39c183 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -23,7 +23,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/ed25519/boring.go | 71 ++++++ src/crypto/ed25519/ed25519.go | 73 ++++++ src/crypto/ed25519/notboring.go | 16 ++ - src/crypto/hkdf/hkdf.go | 14 ++ + src/crypto/hkdf/hkdf.go | 22 +- src/crypto/hkdf/hkdf_test.go | 2 +- src/crypto/hmac/hmac.go | 2 +- src/crypto/hmac/hmac_test.go | 2 +- @@ -65,7 +65,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- src/crypto/tls/handshake_client.go | 10 +- src/crypto/tls/handshake_server.go | 10 +- - src/crypto/tls/handshake_server_tls13.go | 10 + + src/crypto/tls/handshake_server_tls13.go | 24 +- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- src/crypto/tls/prf.go | 41 ++++ src/go/build/deps_test.go | 8 +- @@ -75,7 +75,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 71 files changed, 1159 insertions(+), 80 deletions(-) + 71 files changed, 1174 insertions(+), 87 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -813,41 +813,49 @@ index 00000000000000..b0cdd44d81c753 + panic("boringcrypto: not available") +} diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go -index 7cfbe2c60de356..78139ed6170da5 100644 +index 7cfbe2c60de356..925b839b73cb0c 100644 --- a/src/crypto/hkdf/hkdf.go +++ b/src/crypto/hkdf/hkdf.go -@@ -11,6 +11,7 @@ +@@ -11,8 +11,9 @@ package hkdf import ( +- "crypto/internal/fips140/hkdf" + boring "crypto/internal/backend" - "crypto/internal/fips140/hkdf" "crypto/internal/fips140only" ++ "cryto/hkdf" "errors" -@@ -27,6 +28,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { + "hash" + ) +@@ -27,7 +28,10 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { if err := checkFIPS140Only(h, secret); err != nil { return nil, err } +- return hkdf.Extract(h, secret, salt), nil + if boring.Enabled && boring.SupportsHKDF() { + return boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) + } - return hkdf.Extract(h, secret, salt), nil ++ return hkdf.Extract(h, secret, salt) } -@@ -47,6 +51,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen + // Expand derives a key from the given hash, key, and optional context info, +@@ -47,7 +51,10 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen return nil, errors.New("hkdf: requested key length too large") } +- return hkdf.Expand(h, pseudorandomKey, info, keyLength), nil + if boring.Enabled && boring.SupportsHKDF() { + return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) + } - return hkdf.Expand(h, pseudorandomKey, info, keyLength), nil ++ return hkdf.Expand(h, pseudorandomKey, info, keyLength) } -@@ -63,6 +70,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen + // Key derives a key from the given hash, secret, salt and context info, +@@ -63,7 +70,14 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen return nil, errors.New("hkdf: requested key length too large") } +- return hkdf.Key(h, secret, salt, info, keyLength), nil + if boring.Enabled && boring.SupportsHKDF() { + pseudorandomKey, err := boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) + if err != nil { @@ -855,9 +863,10 @@ index 7cfbe2c60de356..78139ed6170da5 100644 + } + return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) + } - return hkdf.Key(h, secret, salt, info, keyLength), nil ++ return hkdf.Key(h, secret, salt, info, keyLength) } + func checkFIPS140Only[H hash.Hash](h func() H, key []byte) error { diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go index 201b440289bb2d..4ed4960ff35b66 100644 --- a/src/crypto/hkdf/hkdf_test.go @@ -2125,17 +2134,24 @@ index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 3552d89ba3bc6f..958ec81dc64966 100644 +index 3552d89ba3bc6f..cefacaca28bae0 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go -@@ -9,6 +9,7 @@ import ( +@@ -9,12 +9,13 @@ import ( "context" "crypto" "crypto/hmac" +- "crypto/internal/fips140/hkdf" + boring "crypto/internal/backend" - "crypto/internal/fips140/hkdf" "crypto/internal/fips140/mlkem" "crypto/internal/fips140/tls13" + "crypto/internal/hpke" + "crypto/rsa" + "crypto/tls/internal/fips140tls" ++ "cryto/hkdf" + "errors" + "hash" + "internal/byteorder" @@ -477,6 +478,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { } marshaler, ok := in.(binaryMarshaler) @@ -2152,6 +2168,35 @@ index 3552d89ba3bc6f..958ec81dc64966 100644 return nil } state, err := marshaler.MarshalBinary() +@@ -572,8 +582,12 @@ func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) + if err := transcriptMsg(helloRetryRequest, confTranscript); err != nil { + return nil, err + } ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil) ++ if err != nil { ++ return nil, err ++ } + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil), ++ secret, + "hrr ech accept confirmation", + confTranscript.Sum(nil), + 8, +@@ -734,9 +748,13 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { + if err := transcriptMsg(hs.hello, echTranscript); err != nil { + return err + } ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil) ++ if err != nil { ++ return err ++ } + // compute the acceptance message + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil), ++ secret, + "ech accept confirmation", + echTranscript.Sum(nil), + 8, diff --git a/src/crypto/tls/internal/fips140tls/fipstls.go b/src/crypto/tls/internal/fips140tls/fipstls.go index 24d78d60cf5b64..a6bfd3f17c1911 100644 --- a/src/crypto/tls/internal/fips140tls/fipstls.go From 0dc0c5a136a573f405aaeeb9a2bc4f4ab3448c82 Mon Sep 17 00:00:00 2001 From: mertakman Date: Fri, 20 Dec 2024 12:14:21 +0000 Subject: [PATCH 161/887] fix:wrong import fix --- .../0002-Add-crypto-backend-foundation.patch | 31 +++++++------------ 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 0fffa39c183..c65d9a3664c 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -23,7 +23,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/ed25519/boring.go | 71 ++++++ src/crypto/ed25519/ed25519.go | 73 ++++++ src/crypto/ed25519/notboring.go | 16 ++ - src/crypto/hkdf/hkdf.go | 22 +- + src/crypto/hkdf/hkdf.go | 14 ++ src/crypto/hkdf/hkdf_test.go | 2 +- src/crypto/hmac/hmac.go | 2 +- src/crypto/hmac/hmac_test.go | 2 +- @@ -75,7 +75,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 71 files changed, 1174 insertions(+), 87 deletions(-) + 71 files changed, 1170 insertions(+), 83 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -813,49 +813,41 @@ index 00000000000000..b0cdd44d81c753 + panic("boringcrypto: not available") +} diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go -index 7cfbe2c60de356..925b839b73cb0c 100644 +index 7cfbe2c60de356..78139ed6170da5 100644 --- a/src/crypto/hkdf/hkdf.go +++ b/src/crypto/hkdf/hkdf.go -@@ -11,8 +11,9 @@ +@@ -11,6 +11,7 @@ package hkdf import ( -- "crypto/internal/fips140/hkdf" + boring "crypto/internal/backend" + "crypto/internal/fips140/hkdf" "crypto/internal/fips140only" -+ "cryto/hkdf" "errors" - "hash" - ) -@@ -27,7 +28,10 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { +@@ -27,6 +28,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { if err := checkFIPS140Only(h, secret); err != nil { return nil, err } -- return hkdf.Extract(h, secret, salt), nil + if boring.Enabled && boring.SupportsHKDF() { + return boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) + } -+ return hkdf.Extract(h, secret, salt) + return hkdf.Extract(h, secret, salt), nil } - // Expand derives a key from the given hash, key, and optional context info, -@@ -47,7 +51,10 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen +@@ -47,6 +51,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen return nil, errors.New("hkdf: requested key length too large") } -- return hkdf.Expand(h, pseudorandomKey, info, keyLength), nil + if boring.Enabled && boring.SupportsHKDF() { + return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) + } -+ return hkdf.Expand(h, pseudorandomKey, info, keyLength) + return hkdf.Expand(h, pseudorandomKey, info, keyLength), nil } - // Key derives a key from the given hash, secret, salt and context info, -@@ -63,7 +70,14 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen +@@ -63,6 +70,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen return nil, errors.New("hkdf: requested key length too large") } -- return hkdf.Key(h, secret, salt, info, keyLength), nil + if boring.Enabled && boring.SupportsHKDF() { + pseudorandomKey, err := boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) + if err != nil { @@ -863,10 +855,9 @@ index 7cfbe2c60de356..925b839b73cb0c 100644 + } + return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) + } -+ return hkdf.Key(h, secret, salt, info, keyLength) + return hkdf.Key(h, secret, salt, info, keyLength), nil } - func checkFIPS140Only[H hash.Hash](h func() H, key []byte) error { diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go index 201b440289bb2d..4ed4960ff35b66 100644 --- a/src/crypto/hkdf/hkdf_test.go From ace8c68421f95a6cc62a7578589f553b5c3911db Mon Sep 17 00:00:00 2001 From: mertakman Date: Fri, 20 Dec 2024 12:26:44 +0000 Subject: [PATCH 162/887] update typo --- patches/0002-Add-crypto-backend-foundation.patch | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index c65d9a3664c..256abccdc20 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -2125,24 +2125,20 @@ index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 3552d89ba3bc6f..cefacaca28bae0 100644 +index 3552d89ba3bc6f..b3c4c8261887d0 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go -@@ -9,12 +9,13 @@ import ( +@@ -8,8 +8,9 @@ import ( + "bytes" "context" "crypto" ++ "crypto/hkdf" "crypto/hmac" - "crypto/internal/fips140/hkdf" + boring "crypto/internal/backend" "crypto/internal/fips140/mlkem" "crypto/internal/fips140/tls13" "crypto/internal/hpke" - "crypto/rsa" - "crypto/tls/internal/fips140tls" -+ "cryto/hkdf" - "errors" - "hash" - "internal/byteorder" @@ -477,6 +478,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { } marshaler, ok := in.(binaryMarshaler) From c9ef9a94330c09713e4b856de2f0b244ee819f76 Mon Sep 17 00:00:00 2001 From: mertakman Date: Fri, 20 Dec 2024 14:25:14 +0000 Subject: [PATCH 163/887] fix:move every import in crypto/tls --- .../0002-Add-crypto-backend-foundation.patch | 45 ++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 256abccdc20..cd9db869917 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -64,6 +64,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/fipsonly/fipsonly.go | 2 +- src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- src/crypto/tls/handshake_client.go | 10 +- + src/crypto/tls/handshake_client_tls13.go | 14 +- src/crypto/tls/handshake_server.go | 10 +- src/crypto/tls/handshake_server_tls13.go | 24 +- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- @@ -75,7 +76,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 71 files changed, 1170 insertions(+), 83 deletions(-) + 72 files changed, 1181 insertions(+), 86 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -2103,6 +2104,48 @@ index ecc62ff2edefc0..776fec96f0f349 100644 c := hs.c isResume, err := hs.processServerHello() +diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go +index 38c6025db74ee8..356036321d6283 100644 +--- a/src/crypto/tls/handshake_client_tls13.go ++++ b/src/crypto/tls/handshake_client_tls13.go +@@ -8,8 +8,8 @@ import ( + "bytes" + "context" + "crypto" ++ "crypto/hkdf" + "crypto/hmac" +- "crypto/internal/fips140/hkdf" + "crypto/internal/fips140/mlkem" + "crypto/internal/fips140/tls13" + "crypto/rsa" +@@ -91,8 +91,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error { + confTranscript.Write(hs.serverHello.original[:30]) + confTranscript.Write(make([]byte, 8)) + confTranscript.Write(hs.serverHello.original[38:]) ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil) ++ if err != nil { ++ return err ++ } + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil), ++ secret, + "ech accept confirmation", + confTranscript.Sum(nil), + 8, +@@ -268,8 +272,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error { + copy(hrrHello, hs.serverHello.original) + hrrHello = bytes.Replace(hrrHello, hs.serverHello.encryptedClientHello, make([]byte, 8), 1) + confTranscript.Write(hrrHello) ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil) ++ if err != nil { ++ return err ++ } + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil), ++ secret, + "hrr ech accept confirmation", + confTranscript.Sum(nil), + 8, diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 --- a/src/crypto/tls/handshake_server.go From 2722c86fa600fc162451817f7ef0b79a39426ee2 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Fri, 20 Dec 2024 11:17:07 -0800 Subject: [PATCH 164/887] Fill in .gdnsuppress --- .config/guardian/.gdnsuppress | 142 +++++++++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 3 deletions(-) diff --git a/.config/guardian/.gdnsuppress b/.config/guardian/.gdnsuppress index 528d4b92fa3..46a67e1548a 100644 --- a/.config/guardian/.gdnsuppress +++ b/.config/guardian/.gdnsuppress @@ -1,8 +1,8 @@ { - "hydrated": false, + "hydrated": true, "properties": { "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions", - "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance." + "hydrationStatus": "This file is hydrated. This is ok, it doesn't contain sensitive information." }, "version": "1.0.0", "suppressionSets": { @@ -13,13 +13,149 @@ } }, "results": { + "dd76b3defecd301787000102e3ce76506d45147b98fc4accb410b87097b2f0dd": { + "signature": "dd76b3defecd301787000102e3ce76506d45147b98fc4accb410b87097b2f0dd", + "alternativeSignatures": [], + "target": "go/src/crypto/ecdh/ecdh_test.go", + "line": 128, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-16 10:13:25Z" + }, + "6b250bd6def22ac84e477b4d22ec0b12cb69721002a7fe0fccf23ff5a7dfa688": { + "signature": "6b250bd6def22ac84e477b4d22ec0b12cb69721002a7fe0fccf23ff5a7dfa688", + "alternativeSignatures": [], + "target": "go/src/crypto/ecdh/ecdh_test.go", + "line": 136, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-16 10:13:25Z" + }, + "877868030fa2e6114057d685aea3f4ec90d3190dcfe0e0ae1d86a3a4094fad87": { + "signature": "877868030fa2e6114057d685aea3f4ec90d3190dcfe0e0ae1d86a3a4094fad87", + "alternativeSignatures": [], + "target": "go/src/crypto/ecdh/ecdh_test.go", + "line": 147, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-16 10:13:25Z" + }, + "3f72337007e55d003a9f252112dbaead6ddf0f89bac847d528b44c263ddce0e1": { + "signature": "3f72337007e55d003a9f252112dbaead6ddf0f89bac847d528b44c263ddce0e1", + "alternativeSignatures": [], + "target": "go/src/crypto/ecdh/ecdh_test.go", + "line": 154, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-16 10:13:25Z" + }, + "1ebc50c2b5fecaf320705d05137b2d29a3851823251d6224fc6223ca653b7c02": { + "signature": "1ebc50c2b5fecaf320705d05137b2d29a3851823251d6224fc6223ca653b7c02", + "alternativeSignatures": [], + "target": "go/src/crypto/tls/example_test.go", + "line": 165, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0020", + "createdDate": "2024-12-16 10:13:25Z" + }, + "3d4c2bb9f6a10eec92970320f48c0ee107981491a38c0869e054c54f156aafa1": { + "signature": "3d4c2bb9f6a10eec92970320f48c0ee107981491a38c0869e054c54f156aafa1", + "alternativeSignatures": [], + "target": "go/src/crypto/x509/platform_root_key.pem", + "line": 1, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0020", + "createdDate": "2024-12-16 10:13:25Z" + }, + "ebf235ebc38c8301d92931d07d3ba98a286fc46d53f24467f7d804c7d907a88b": { + "signature": "ebf235ebc38c8301d92931d07d3ba98a286fc46d53f24467f7d804c7d907a88b", + "alternativeSignatures": [], + "target": "go/src/crypto/tls/testdata/example-key.pem", + "line": 1, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0020", + "createdDate": "2024-12-16 10:13:25Z" + }, + "d00714f4abdecfa0f2b96d616a8631088ace81abf5f0688c05937dcf9cc4bb5e": { + "signature": "d00714f4abdecfa0f2b96d616a8631088ace81abf5f0688c05937dcf9cc4bb5e", + "alternativeSignatures": [], + "target": "go/src/cmd/vendor/rsc.io/markdown/emoji.go", + "line": 1432, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-16 10:13:25Z" + }, "d5ce1218657b3f7da8e9a6ac55d72833387257e76e39d837edfd5c62781b9b97": { "signature": "d5ce1218657b3f7da8e9a6ac55d72833387257e76e39d837edfd5c62781b9b97", "alternativeSignatures": [], + "target": "go/src/crypto/internal/hpke/testdata/rfc9180-vectors.json", + "line": 1, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-20 00:07:58Z" + }, + "e194d8614310e9f30653b5fb8ae34c07968131fce828c224c30536e1cb217e9e": { + "signature": "e194d8614310e9f30653b5fb8ae34c07968131fce828c224c30536e1cb217e9e", + "alternativeSignatures": [], + "target": "go/src/cmd/go/internal/auth/gitauth_test.go", + "line": 51, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-20 19:29:53Z" + }, + "dd34d1fbdcab2b03eccc9e9544d25b6830f28ef5f72e815035df834a6b3e57e4": { + "signature": "dd34d1fbdcab2b03eccc9e9544d25b6830f28ef5f72e815035df834a6b3e57e4", + "alternativeSignatures": [], + "target": "go/src/cmd/go/testdata/script/goauth_git.txt", + "line": 72, + "memberOf": [ + "default" + ], + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0060", + "createdDate": "2024-12-20 19:29:53Z" + }, + "2d264e899faa2c2dcf9c3c63acad2f0b0b7b9464fe1657d0313d8aa477103a3c": { + "signature": "2d264e899faa2c2dcf9c3c63acad2f0b0b7b9464fe1657d0313d8aa477103a3c", + "alternativeSignatures": [], + "target": "go/src/cmd/go/testdata/script/goauth_userauth.txt", + "line": 126, "memberOf": [ "default" ], - "createdDate": "2024-06-10 09:31:52Z" + "tool": "credscan", + "ruleId": "CSCAN-GENERAL0120", + "createdDate": "2024-12-20 19:29:53Z" } } } \ No newline at end of file From 4ca39237c27d9443a29feb2963fab193e05ee1d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 10:12:08 +0000 Subject: [PATCH 165/887] build(deps): bump github/codeql-action from 3.27.9 to 3.28.0 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.9 to 3.28.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...48ab28a6f5dbc2a99bf1e0131198dd8f1df78169) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c74a170d4ac..d61b4590e0f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: category: /language:go From 970af9d5e0f9b1e73edb22543bf452e97bd1b076 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Fri, 3 Jan 2025 16:06:34 +0000 Subject: [PATCH 166/887] Update submodule to latest master (4b652e9f): cmd/go: fix two typos in helpdoc.go --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 18b5435fc84..4b652e9f5f5 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 18b5435fc84225ca303da7a110c7e8065dc4bbda +Subproject commit 4b652e9f5f5c0793f2e41cd2876bce5a241b2c95 From a390c3b15375eae5a1f18953dafdea07219d64ee Mon Sep 17 00:00:00 2001 From: George Adams Date: Mon, 6 Jan 2025 09:33:46 +0000 Subject: [PATCH 167/887] resolve merge conflicts --- .../0002-Add-crypto-backend-foundation.patch | 62 +++++++++---------- patches/0004-Add-OpenSSL-crypto-backend.patch | 30 ++++----- patches/0005-Add-CNG-crypto-backend.patch | 12 ++-- 3 files changed, 49 insertions(+), 55 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index cd9db869917..6124c9efb17 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -69,14 +69,14 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_server_tls13.go | 24 +- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- src/crypto/tls/prf.go | 41 ++++ - src/go/build/deps_test.go | 8 +- + src/go/build/deps_test.go | 6 + src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + src/hash/marshal_test.go | 5 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 72 files changed, 1181 insertions(+), 86 deletions(-) + 72 files changed, 1180 insertions(+), 85 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -556,7 +556,7 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index 77727aaf96befb..dedaa0fe4100b1 100644 +index 0f9749975ffba9..41ac17df22d7d7 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -18,8 +18,8 @@ import ( @@ -1502,10 +1502,10 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 h := New() diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go -index 0fdd9e822d40a5..bc8e560487a6ef 100644 +index d40daab5e5b879..c32b3fd82b99b0 100644 --- a/src/crypto/pbkdf2/pbkdf2.go +++ b/src/crypto/pbkdf2/pbkdf2.go -@@ -19,6 +19,7 @@ pbkdf2.Key. +@@ -11,6 +11,7 @@ package pbkdf2 import ( @@ -1513,7 +1513,7 @@ index 0fdd9e822d40a5..bc8e560487a6ef 100644 "crypto/internal/fips140/pbkdf2" "crypto/internal/fips140only" "errors" -@@ -53,5 +54,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL +@@ -45,5 +46,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL return nil, errors.New("crypto/pbkdf2: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") } } @@ -1812,7 +1812,7 @@ index fb23f003a6f217..be374dad6969d5 100644 "crypto/internal/fips140/rsa" "crypto/internal/fips140only" diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 2474ab82dfa207..78e9b47f051484 100644 +index 2535661040273a..f9543d9cc89e7b 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -8,7 +8,7 @@ import ( @@ -2084,10 +2084,10 @@ index 027bc22c33c921..eba08da985f832 100644 package fipsonly diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index ecc62ff2edefc0..776fec96f0f349 100644 +index 38bd417a0dca72..9eec202234fa94 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go -@@ -548,7 +548,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { +@@ -549,7 +549,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { // Does the handshake, either a full one or resumes old session. Requires hs.c, // hs.hello, hs.serverHello, and, optionally, hs.session to be set. @@ -2105,7 +2105,7 @@ index ecc62ff2edefc0..776fec96f0f349 100644 isResume, err := hs.processServerHello() diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go -index 38c6025db74ee8..356036321d6283 100644 +index c0396e75796add..819bc54822f0cb 100644 --- a/src/crypto/tls/handshake_client_tls13.go +++ b/src/crypto/tls/handshake_client_tls13.go @@ -8,8 +8,8 @@ import ( @@ -2118,7 +2118,7 @@ index 38c6025db74ee8..356036321d6283 100644 "crypto/internal/fips140/mlkem" "crypto/internal/fips140/tls13" "crypto/rsa" -@@ -91,8 +91,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error { +@@ -90,8 +90,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error { confTranscript.Write(hs.serverHello.original[:30]) confTranscript.Write(make([]byte, 8)) confTranscript.Write(hs.serverHello.original[38:]) @@ -2132,7 +2132,7 @@ index 38c6025db74ee8..356036321d6283 100644 "ech accept confirmation", confTranscript.Sum(nil), 8, -@@ -268,8 +272,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error { +@@ -264,8 +268,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error { copy(hrrHello, hs.serverHello.original) hrrHello = bytes.Replace(hrrHello, hs.serverHello.encryptedClientHello, make([]byte, 8), 1) confTranscript.Write(hrrHello) @@ -2168,7 +2168,7 @@ index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 3552d89ba3bc6f..b3c4c8261887d0 100644 +index 76fff6974e7403..218d40171d2567 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -8,8 +8,9 @@ import ( @@ -2318,47 +2318,41 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index cc7f4df7f388ea..58082b3636f209 100644 +index d9d985dca4ade4..d74e8959264349 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -491,9 +491,11 @@ var depsRules = ` +@@ -493,6 +493,8 @@ var depsRules = ` < crypto/internal/fips140/rsa < FIPS; + syscall < crypto/internal/backend/fips140; + - FIPS < crypto/internal/fips140/check/checktest; - -- FIPS, sync/atomic < crypto/tls/internal/fips140tls; -+ FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls; - - FIPS, internal/godebug, hash < crypto/fips140, crypto/internal/fips140only; + FIPS, internal/godebug < crypto/fips140; -@@ -505,6 +507,7 @@ var depsRules = ` - FIPS, crypto/internal/fips140only, + crypto, hash !< FIPS; +@@ -506,12 +508,15 @@ var depsRules = ` + FIPS, internal/godebug, hash, embed, crypto/internal/boring/sig, crypto/internal/boring/syso, + encoding/binary, - golang.org/x/sys/cpu, - hash, embed - < crypto -@@ -514,7 +517,9 @@ var depsRules = ` - - crypto/cipher, crypto/internal/boring/bcache + crypto/internal/backend/fips140 + < crypto/internal/fips140only + < crypto + < crypto/subtle + < crypto/cipher < crypto/internal/boring + < crypto/internal/backend - < crypto/boring; + < crypto/boring + < crypto/aes, + crypto/des, +@@ -534,6 +539,7 @@ var depsRules = ` - crypto/boring -@@ -546,6 +551,7 @@ var depsRules = ` - # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig + < crypto/internal/backend/bbig < crypto/rand - < crypto/ed25519 + < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go new file mode 100644 diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 64277f1de6d..3224a67a858 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -27,10 +27,10 @@ Subject: [PATCH] Add OpenSSL crypto backend create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 5a981f8bc147de..b38d84db20172a 100644 +index 06bd01bc5bb995..9561bf2bca9a9d 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1322,12 +1322,11 @@ func (t *tester) registerCgoTests(heading string) { +@@ -1324,12 +1324,11 @@ func (t *tester) registerCgoTests(heading string) { // a C linker warning on Linux. // in function `bio_ip_and_port_to_socket_and_addr': // warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking @@ -478,7 +478,7 @@ index 00000000000000..d3a663737a1ce3 + return openssl.VerifyDSA(pub, hashed, sig) +} diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 78e9b47f051484..4fdfcdc4c91004 100644 +index f9543d9cc89e7b..f07c75821aab13 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -846,6 +846,9 @@ func TestDecryptOAEP(t *testing.T) { @@ -514,30 +514,30 @@ index 9e661352f16e0b..0a58eccb57a869 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 58082b3636f209..37cb128ba9409a 100644 +index d74e8959264349..878585aa05a38a 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -516,8 +516,10 @@ var depsRules = ` - < crypto/sha3; - - crypto/cipher, +@@ -509,8 +509,10 @@ var depsRules = ` + crypto/internal/boring/sig, + crypto/internal/boring/syso, + encoding/binary, - crypto/internal/boring/bcache + crypto/internal/boring/bcache, crypto/internal/backend/fips140 + < github.com/golang-fips/openssl/v2/internal/subtle + < github.com/golang-fips/openssl/v2 - < crypto/internal/boring - < crypto/internal/backend - < crypto/boring; -@@ -550,6 +552,7 @@ var depsRules = ` + < crypto/internal/fips140only + < crypto + < crypto/subtle +@@ -538,6 +540,7 @@ var depsRules = ` + # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. - # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big + < github.com/golang-fips/openssl/v2/bbig < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -845,7 +848,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -842,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -546,7 +546,7 @@ index 58082b3636f209..37cb128ba9409a 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -855,7 +858,7 @@ func findImports(pkg string) ([]string, error) { +@@ -852,7 +855,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 4ed2d8c4976..b5178e1bbde 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -507,11 +507,11 @@ index 0a58eccb57a869..b464f023942b74 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 37cb128ba9409a..3ceabaebc7ea46 100644 +index 878585aa05a38a..ddf58226076db1 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -518,6 +518,10 @@ var depsRules = ` - crypto/cipher, +@@ -511,6 +511,10 @@ var depsRules = ` + encoding/binary, crypto/internal/boring/bcache, crypto/internal/backend/fips140 + < github.com/microsoft/go-crypto-winnative/internal/subtle @@ -520,10 +520,10 @@ index 37cb128ba9409a..3ceabaebc7ea46 100644 + < github.com/microsoft/go-crypto-winnative/cng < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 - < crypto/internal/boring -@@ -552,6 +556,7 @@ var depsRules = ` + < crypto/internal/fips140only +@@ -540,6 +544,7 @@ var depsRules = ` + # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. - # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big + < github.com/microsoft/go-crypto-winnative/cng/bbig < github.com/golang-fips/openssl/v2/bbig From 7ff6aca4370725dec6281121dc88a2e8edca2ad9 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 7 Jan 2025 09:42:47 +0100 Subject: [PATCH 168/887] fix TestDependencies --- patches/0002-Add-crypto-backend-foundation.patch | 15 ++++++++++++--- patches/0004-Add-OpenSSL-crypto-backend.patch | 12 ++++++++---- patches/0005-Add-CNG-crypto-backend.patch | 12 ++++++------ 3 files changed, 26 insertions(+), 13 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 6124c9efb17..60c43ad8eaf 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -69,14 +69,14 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_server_tls13.go | 24 +- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- src/crypto/tls/prf.go | 41 ++++ - src/go/build/deps_test.go | 6 + + src/go/build/deps_test.go | 8 +- src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + src/hash/marshal_test.go | 5 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 72 files changed, 1180 insertions(+), 85 deletions(-) + 72 files changed, 1181 insertions(+), 86 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -2318,7 +2318,7 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index d9d985dca4ade4..d74e8959264349 100644 +index d9d985dca4ade4..de88160bcf3a1c 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` @@ -2354,6 +2354,15 @@ index d9d985dca4ade4..d74e8959264349 100644 < crypto/rand < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 +@@ -547,7 +553,7 @@ var depsRules = ` + + # TLS, Prince of Dependencies. + +- FIPS, sync/atomic < crypto/tls/internal/fips140tls; ++ FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls; + + crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly; + diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go new file mode 100644 index 00000000000000..52748c44698076 diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 3224a67a858..9b01a2e7b5e 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -514,21 +514,25 @@ index 9e661352f16e0b..0a58eccb57a869 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index d74e8959264349..878585aa05a38a 100644 +index de88160bcf3a1c..339cb53d8a1468 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -509,8 +509,10 @@ var depsRules = ` +@@ -509,12 +509,14 @@ var depsRules = ` crypto/internal/boring/sig, crypto/internal/boring/syso, encoding/binary, - crypto/internal/boring/bcache + crypto/internal/boring/bcache, crypto/internal/backend/fips140 -+ < github.com/golang-fips/openssl/v2/internal/subtle -+ < github.com/golang-fips/openssl/v2 < crypto/internal/fips140only < crypto < crypto/subtle + < crypto/cipher ++ < github.com/golang-fips/openssl/v2/internal/subtle ++ < github.com/golang-fips/openssl/v2 + < crypto/internal/boring + < crypto/internal/backend + < crypto/boring @@ -538,6 +540,7 @@ var depsRules = ` # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index b5178e1bbde..c2c4ab8e704 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -507,20 +507,20 @@ index 0a58eccb57a869..b464f023942b74 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 878585aa05a38a..ddf58226076db1 100644 +index 339cb53d8a1468..1fcadbf6c19d79 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -511,6 +511,10 @@ var depsRules = ` - encoding/binary, - crypto/internal/boring/bcache, - crypto/internal/backend/fips140 +@@ -515,6 +515,10 @@ var depsRules = ` + < crypto + < crypto/subtle + < crypto/cipher + < github.com/microsoft/go-crypto-winnative/internal/subtle + < github.com/microsoft/go-crypto-winnative/internal/sysdll + < github.com/microsoft/go-crypto-winnative/internal/bcrypt + < github.com/microsoft/go-crypto-winnative/cng < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 - < crypto/internal/fips140only + < crypto/internal/boring @@ -540,6 +544,7 @@ var depsRules = ` # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. From f8de805abc3e5226fb3ab015a732ed51385cb102 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 8 Jan 2025 02:12:40 -0800 Subject: [PATCH 169/887] Notarize individual macOS files (#1463) --- eng/_util/cmd/sign/archive.go | 45 ++++++++++++++++++++++++++++------- eng/_util/cmd/sign/sign.go | 20 ++++++++++++---- 2 files changed, 52 insertions(+), 13 deletions(-) diff --git a/eng/_util/cmd/sign/archive.go b/eng/_util/cmd/sign/archive.go index 08fad345ab1..920671c004d 100644 --- a/eng/_util/cmd/sign/archive.go +++ b/eng/_util/cmd/sign/archive.go @@ -95,11 +95,15 @@ func (a *archive) sigPath() string { } func (a *archive) macHardenPackPath() string { - return filepath.Join(a.workDir, a.name+".ToSignBundle.zip") + return filepath.Join(a.workDir, a.name+".ToHardenBundle.zip") } -func (a *archive) macNotarizePackPath() string { - return filepath.Join(a.workDir, a.name+".ToNotarize.zip") +func (a *archive) macIndividualNotarizePackPath() string { + return filepath.Join(a.workDir, a.name+".FilesToNotarize.zip") +} + +func (a *archive) macBundleNotarizePackPath() string { + return filepath.Join(a.workDir, a.name+".BundlesToNotarize.zip") } // entrySignInfo returns signing details for a given file in the Go archive, or nil if the given @@ -189,6 +193,31 @@ func (a *archive) prepareEntriesToSign(ctx context.Context) ([]*fileToSign, erro return results, nil } +func (a *archive) prepareIndividualNotarize(ctx context.Context) ([]*fileToSign, error) { + if err := ctx.Err(); err != nil { + return nil, err + } + + if !a.archiveMacOS { + return nil, nil + } + + // Simply send the hardened zip back to the signing service for notarization. + // Copy it first so that we can still access the hardened, pre-notarized files for diagnosis. + if err := copyFile(a.macIndividualNotarizePackPath(), a.macHardenPackPath()); err != nil { + return nil, err + } + + return []*fileToSign{ + { + originalPath: a.path, + fullPath: a.macIndividualNotarizePackPath(), + authenticode: "8020", // Can't specify MacNotarize or MacAppName is not detected. + macAppName: "MicrosoftGo", + }, + }, nil +} + func (a *archive) extractMacOSEntriesToZip(ctx context.Context, zw *zip.Writer) error { // Open tar.gz macOS archive to put files into the zip. writtenNames := make(map[string]struct{}) @@ -249,7 +278,7 @@ func (a *archive) repackSignedEntries(ctx context.Context) error { // Create the new tar.gz that we're assembling. return withTarGzCreate(targetPath, func(outTW *tar.Writer) error { // Open the zip payload we got back from the signing service. - return withZipOpen(a.macHardenPackPath(), func(zrc *zip.ReadCloser) error { + return withZipOpen(a.macIndividualNotarizePackPath(), func(zrc *zip.ReadCloser) error { // Iterate through the original tar.gz file to populate the target. return eachTarEntry(originalTR, func(hdr *tar.Header, originalR io.Reader) error { if err := ctx.Err(); err != nil { @@ -361,7 +390,7 @@ func (a *archive) writeTarRepackEntry(hdr *tar.Header, original io.Reader, signe return nil } -func (a *archive) prepareNotarize(ctx context.Context) ([]*fileToSign, error) { +func (a *archive) prepareBundleNotarize(ctx context.Context) ([]*fileToSign, error) { if err := ctx.Err(); err != nil { return nil, err } @@ -378,12 +407,12 @@ func (a *archive) prepareNotarize(ctx context.Context) ([]*fileToSign, error) { // not stapled: they are stored by Apple and downloaded on demand. // // If we do produce notarizable artifacts in the future, add the logic here to pack them in a - // zip and add logic to unpackNotarize to extract them back out, if zip submission is still a - // MicroBuild and/or ESRP requirement. + // zip and add logic to unpackBundleNotarize to extract them back out, if zip submission is + // still a MicroBuild and/or ESRP requirement. return nil, nil } -func (a *archive) unpackNotarize(ctx context.Context) error { +func (a *archive) unpackBundleNotarize(ctx context.Context) error { if err := ctx.Err(); err != nil { return err } diff --git a/eng/_util/cmd/sign/sign.go b/eng/_util/cmd/sign/sign.go index b1136205112..b91959a2a8e 100644 --- a/eng/_util/cmd/sign/sign.go +++ b/eng/_util/cmd/sign/sign.go @@ -101,27 +101,37 @@ func run() error { return err } + log.Println("Notarizing macOS individual files") + + individualFilesToNotarize, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { + return a.prepareIndividualNotarize(ctx) + }) + + if err := sign(ctx, "2-Notarize-Individual", individualFilesToNotarize); err != nil { + return err + } + for _, a := range archives { if err := a.repackSignedEntries(ctx); err != nil { return err } } - log.Println("Notarizing macOS archives") + log.Println("Notarizing macOS bundles") filesToNotarize, err := flatMapSlice(archives, func(a *archive) ([]*fileToSign, error) { - return a.prepareNotarize(ctx) + return a.prepareBundleNotarize(ctx) }) if err != nil { return err } - if err := sign(ctx, "2-Notarize", filesToNotarize); err != nil { + if err := sign(ctx, "3-Notarize-Bundles", filesToNotarize); err != nil { return err } for _, a := range archives { - if err := a.unpackNotarize(ctx); err != nil { + if err := a.unpackBundleNotarize(ctx); err != nil { return err } } @@ -135,7 +145,7 @@ func run() error { return err } - if err := sign(ctx, "3-Sigs", signatureFiles); err != nil { + if err := sign(ctx, "4-Sigs", signatureFiles); err != nil { return err } From 1eb2f56c23ee5917e165dbb98eb24813580d168d Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 8 Jan 2025 13:44:19 +0000 Subject: [PATCH 170/887] Use standardized hash.CloneHash interface (#1462) --- .../0002-Add-crypto-backend-foundation.patch | 218 +- patches/0006-Vendor-crypto-backends.patch | 2206 ++++++++--------- 2 files changed, 1263 insertions(+), 1161 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 60c43ad8eaf..a9ae91f13d4 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -39,7 +39,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- src/crypto/md5/md5.go | 7 + - src/crypto/md5/md5_test.go | 14 ++ + src/crypto/md5/md5_test.go | 21 ++ src/crypto/pbkdf2/pbkdf2.go | 4 + src/crypto/pbkdf2/pbkdf2_test.go | 2 +- src/crypto/purego_test.go | 2 +- @@ -55,28 +55,28 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 12 +- src/crypto/sha1/sha1.go | 2 +- - src/crypto/sha1/sha1_test.go | 12 +- + src/crypto/sha1/sha1_test.go | 19 +- src/crypto/sha256/sha256.go | 6 +- - src/crypto/sha256/sha256_test.go | 19 ++ + src/crypto/sha256/sha256_test.go | 29 +++ src/crypto/sha512/sha512.go | 2 +- - src/crypto/sha512/sha512_test.go | 19 ++ + src/crypto/sha512/sha512_test.go | 29 +++ src/crypto/tls/cipher_suites.go | 2 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- src/crypto/tls/handshake_client.go | 10 +- src/crypto/tls/handshake_client_tls13.go | 14 +- src/crypto/tls/handshake_server.go | 10 +- - src/crypto/tls/handshake_server_tls13.go | 24 +- + src/crypto/tls/handshake_server_tls13.go | 25 +- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- src/crypto/tls/prf.go | 41 ++++ src/go/build/deps_test.go | 8 +- src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + - src/hash/marshal_test.go | 5 + + src/hash/marshal_test.go | 9 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 72 files changed, 1181 insertions(+), 86 deletions(-) + 72 files changed, 1217 insertions(+), 89 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -1456,10 +1456,10 @@ index 75e1fc7404724a..60428f8e1201de 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 +index 437d9b9d4c0e0d..ee28c55f846e81 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go -@@ -6,6 +6,7 @@ package md5 +@@ -6,12 +6,14 @@ package md5 import ( "bytes" @@ -1467,7 +1467,14 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 "crypto/internal/cryptotest" "crypto/rand" "encoding" -@@ -88,6 +89,11 @@ func TestGolden(t *testing.T) { + "fmt" + "hash" + "io" ++ "strings" + "testing" + "unsafe" + ) +@@ -88,6 +90,11 @@ func TestGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -1479,7 +1486,17 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 for _, g := range golden { h := New() h2 := New() -@@ -157,6 +163,9 @@ func TestLarge(t *testing.T) { +@@ -96,6 +103,9 @@ func TestGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + continue + } +@@ -157,6 +167,9 @@ func TestLarge(t *testing.T) { // Tests that blockGeneric (pure Go) and block (in assembly for amd64, 386, arm) match. func TestBlockGeneric(t *testing.T) { @@ -1489,7 +1506,7 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 gen, asm := New().(*digest), New().(*digest) buf := make([]byte, BlockSize*20) // arbitrary factor rand.Read(buf) -@@ -204,6 +213,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -204,10 +217,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -1501,6 +1518,13 @@ index 437d9b9d4c0e0d..5bc3e7b0f8435f 100644 for i, test := range largeUnmarshalTests { h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go index d40daab5e5b879..c32b3fd82b99b0 100644 --- a/src/crypto/pbkdf2/pbkdf2.go @@ -1862,10 +1886,10 @@ index b799f0d2fb1548..9aa23e9aa17e89 100644 "errors" "hash" diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index 9d707b7cde5c2d..cb0c343afc46b6 100644 +index 9d707b7cde5c2d..8da08b3d860a85 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go -@@ -8,7 +8,7 @@ package sha1 +@@ -8,13 +8,14 @@ package sha1 import ( "bytes" @@ -1874,7 +1898,14 @@ index 9d707b7cde5c2d..cb0c343afc46b6 100644 "crypto/internal/cryptotest" "crypto/rand" "encoding" -@@ -97,6 +97,11 @@ func TestGolden(t *testing.T) { + "fmt" + "hash" + "io" ++ "strings" + "testing" + ) + +@@ -97,6 +98,11 @@ func TestGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -1886,7 +1917,17 @@ index 9d707b7cde5c2d..cb0c343afc46b6 100644 h := New() h2 := New() for _, g := range golden { -@@ -210,6 +215,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -107,6 +113,9 @@ func TestGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + continue + } +@@ -210,10 +219,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -1898,6 +1939,13 @@ index 9d707b7cde5c2d..cb0c343afc46b6 100644 for i, test := range largeUnmarshalTests { h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go index 069938a22dbc5a..8d0e06b86f4359 100644 --- a/src/crypto/sha256/sha256.go @@ -1930,10 +1978,10 @@ index 069938a22dbc5a..8d0e06b86f4359 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index e1af9640e25547..41df7dbebf7e7a 100644 +index e1af9640e25547..c4f142c1430285 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go -@@ -8,6 +8,7 @@ package sha256 +@@ -8,11 +8,13 @@ package sha256 import ( "bytes" @@ -1941,7 +1989,13 @@ index e1af9640e25547..41df7dbebf7e7a 100644 "crypto/internal/cryptotest" "encoding" "fmt" -@@ -155,6 +156,11 @@ func testGoldenMarshal(t *testing.T) { + "hash" + "io" ++ "strings" + "testing" + ) + +@@ -155,6 +157,11 @@ func testGoldenMarshal(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -1953,7 +2007,17 @@ index e1af9640e25547..41df7dbebf7e7a 100644 for _, g := range tt.gold { h := tt.newHash() h2 := tt.newHash() -@@ -204,6 +210,14 @@ func TestMarshalTypeMismatch(t *testing.T) { +@@ -163,6 +170,9 @@ func testGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + continue + } +@@ -204,8 +214,19 @@ func TestMarshalTypeMismatch(t *testing.T) { h1 := New() h2 := New224() @@ -1967,8 +2031,13 @@ index e1af9640e25547..41df7dbebf7e7a 100644 + state1, err := h1.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } t.Errorf("could not marshal: %v", err) -@@ -275,6 +289,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + +@@ -275,10 +296,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -1980,6 +2049,13 @@ index e1af9640e25547..41df7dbebf7e7a 100644 for i, test := range largeUnmarshalTests { h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go index 1435eac1f5b5dc..17e8501154762a 100644 --- a/src/crypto/sha512/sha512.go @@ -1994,10 +2070,10 @@ index 1435eac1f5b5dc..17e8501154762a 100644 "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index 1fe9d132bb186d..a2c2926359a192 100644 +index 1fe9d132bb186d..97b7da8c2d3d88 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go -@@ -8,6 +8,7 @@ package sha512 +@@ -8,12 +8,14 @@ package sha512 import ( "bytes" @@ -2005,7 +2081,14 @@ index 1fe9d132bb186d..a2c2926359a192 100644 "crypto/internal/cryptotest" "encoding" "encoding/hex" -@@ -744,6 +745,11 @@ func testGoldenMarshal(t *testing.T) { + "fmt" + "hash" + "io" ++ "strings" + "testing" + ) + +@@ -744,6 +746,11 @@ func testGoldenMarshal(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { for _, test := range tt.golden { @@ -2017,7 +2100,17 @@ index 1fe9d132bb186d..a2c2926359a192 100644 h := tt.newHash() h2 := tt.newHash() -@@ -805,6 +811,14 @@ func TestMarshalMismatch(t *testing.T) { +@@ -751,6 +758,9 @@ func testGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + return + } +@@ -805,8 +815,19 @@ func TestMarshalMismatch(t *testing.T) { h1 := fn1() h2 := fn2() @@ -2031,8 +2124,13 @@ index 1fe9d132bb186d..a2c2926359a192 100644 + state, err := h1.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } t.Errorf("i=%d: could not marshal: %v", i, err) -@@ -880,6 +894,11 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + continue + } +@@ -880,10 +901,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -2044,6 +2142,13 @@ index 1fe9d132bb186d..a2c2926359a192 100644 for i, test := range largeUnmarshalTests { h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go index 01d65688284f97..d8a26c24024348 100644 --- a/src/crypto/tls/cipher_suites.go @@ -2168,7 +2273,7 @@ index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 76fff6974e7403..218d40171d2567 100644 +index 76fff6974e7403..bccf52fb28fcc5 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go @@ -8,8 +8,9 @@ import ( @@ -2182,23 +2287,30 @@ index 76fff6974e7403..218d40171d2567 100644 "crypto/internal/fips140/mlkem" "crypto/internal/fips140/tls13" "crypto/internal/hpke" -@@ -477,6 +478,15 @@ func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { - } - marshaler, ok := in.(binaryMarshaler) - if !ok { -+ if boring.Enabled { -+ // CNG and OpenSSL with SymCrypt hash functions do not implement the -+ // encoding.BinaryMarshaler interface, but they do implement the Clone method. -+ if cloner, ok := in.(interface{ Clone() (hash.Hash, error) }); ok { -+ if out, err := cloner.Clone(); err == nil { -+ return out -+ } -+ } +@@ -470,15 +471,19 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { + // interfaces implemented by standard library hashes to clone the state of in + // to a new instance of h. It returns nil if the operation fails. + func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { ++ if boring.Enabled { ++ // CNG and OpenSSL with SymCrypt hash functions do not implement the ++ // encoding.BinaryMarshaler interface, but they do implement the Clone method. ++ if cloner, ok := in.(interface{ Clone() hash.Hash }); ok { ++ return cloner.Clone() + } - return nil ++ } + // Recreate the interface to avoid importing encoding. + type binaryMarshaler interface { + MarshalBinary() (data []byte, err error) + UnmarshalBinary(data []byte) error } + marshaler, ok := in.(binaryMarshaler) +- if !ok { +- return nil +- } state, err := marshaler.MarshalBinary() -@@ -572,8 +582,12 @@ func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) + if err != nil { + return nil +@@ -572,8 +577,12 @@ func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) if err := transcriptMsg(helloRetryRequest, confTranscript); err != nil { return nil, err } @@ -2212,7 +2324,7 @@ index 76fff6974e7403..218d40171d2567 100644 "hrr ech accept confirmation", confTranscript.Sum(nil), 8, -@@ -734,9 +748,13 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { +@@ -734,9 +743,13 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { if err := transcriptMsg(hs.hello, echTranscript); err != nil { return err } @@ -2392,10 +2504,18 @@ index f07b9aaa2c4898..b380537215634d 100644 import ( diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go -index 3091f7a67acede..fead8cc4bec73a 100644 +index 3091f7a67acede..23736034d5c352 100644 --- a/src/hash/marshal_test.go +++ b/src/hash/marshal_test.go -@@ -65,6 +65,11 @@ func TestMarshalHash(t *testing.T) { +@@ -21,6 +21,7 @@ import ( + "hash/crc32" + "hash/crc64" + "hash/fnv" ++ "strings" + "testing" + ) + +@@ -65,6 +66,11 @@ func TestMarshalHash(t *testing.T) { } h := tt.new() @@ -2407,6 +2527,16 @@ index 3091f7a67acede..fead8cc4bec73a 100644 h.Write(buf[:256]) sum := h.Sum(nil) +@@ -80,6 +86,9 @@ func TestMarshalHash(t *testing.T) { + } + enc, err := h2m.MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Fatalf("MarshalBinary: %v", err) + } + if !bytes.Equal(enc, tt.golden) { diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go new file mode 100644 index 00000000000000..11dc691600b110 diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 2aebec3fff2..5a08acdfbfc 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -5,70 +5,73 @@ Subject: [PATCH] Vendor crypto backends To reproduce, run 'go mod vendor' in 'go/src'. --- - .../golang-fips/openssl/v2/.gitignore | 1 + - .../golang-fips/openssl/v2/.gitleaks.toml | 9 + - .../github.com/golang-fips/openssl/v2/LICENSE | 20 + - .../golang-fips/openssl/v2/README.md | 66 ++ - .../github.com/golang-fips/openssl/v2/aes.go | 147 +++ - .../golang-fips/openssl/v2/bbig/big.go | 37 + - .../github.com/golang-fips/openssl/v2/big.go | 11 + - .../golang-fips/openssl/v2/cgo_go124.go | 18 + - .../golang-fips/openssl/v2/cipher.go | 569 +++++++++ - .../github.com/golang-fips/openssl/v2/des.go | 114 ++ - .../github.com/golang-fips/openssl/v2/dsa.go | 323 +++++ - .../github.com/golang-fips/openssl/v2/ec.go | 68 ++ - .../github.com/golang-fips/openssl/v2/ecdh.go | 303 +++++ - .../golang-fips/openssl/v2/ecdsa.go | 208 ++++ - .../golang-fips/openssl/v2/ed25519.go | 218 ++++ - .../github.com/golang-fips/openssl/v2/evp.go | 569 +++++++++ - .../golang-fips/openssl/v2/goopenssl.c | 248 ++++ - .../golang-fips/openssl/v2/goopenssl.h | 262 +++++ - .../github.com/golang-fips/openssl/v2/hash.go | 1041 +++++++++++++++++ - .../github.com/golang-fips/openssl/v2/hkdf.go | 322 +++++ - .../github.com/golang-fips/openssl/v2/hmac.go | 274 +++++ - .../github.com/golang-fips/openssl/v2/init.go | 64 + - .../golang-fips/openssl/v2/init_unix.go | 31 + - .../golang-fips/openssl/v2/init_windows.go | 36 + - .../golang-fips/openssl/v2/openssl.go | 469 ++++++++ - .../golang-fips/openssl/v2/params.go | 210 ++++ - .../golang-fips/openssl/v2/pbkdf2.go | 62 + - .../golang-fips/openssl/v2/port_dsa.c | 85 ++ - .../openssl/v2/port_evp_md5_sha1.c | 126 ++ - .../github.com/golang-fips/openssl/v2/rand.go | 20 + - .../github.com/golang-fips/openssl/v2/rc4.go | 66 ++ - .../github.com/golang-fips/openssl/v2/rsa.go | 408 +++++++ - .../github.com/golang-fips/openssl/v2/shims.h | 416 +++++++ - .../golang-fips/openssl/v2/thread_setup.go | 14 + - .../golang-fips/openssl/v2/thread_setup.h | 4 + - .../openssl/v2/thread_setup_unix.c | 64 + - .../openssl/v2/thread_setup_windows.c | 64 + - .../golang-fips/openssl/v2/tls1prf.go | 160 +++ - .../github.com/golang-fips/openssl/v2/zaes.go | 86 ++ - .../microsoft/go-crypto-winnative/LICENSE | 21 + - .../microsoft/go-crypto-winnative/cng/aes.go | 393 +++++++ - .../go-crypto-winnative/cng/bbig/big.go | 31 + - .../microsoft/go-crypto-winnative/cng/big.go | 30 + - .../go-crypto-winnative/cng/cipher.go | 52 + - .../microsoft/go-crypto-winnative/cng/cng.go | 131 +++ - .../microsoft/go-crypto-winnative/cng/des.go | 106 ++ - .../microsoft/go-crypto-winnative/cng/dsa.go | 465 ++++++++ - .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 ++++ - .../go-crypto-winnative/cng/ecdsa.go | 169 +++ - .../microsoft/go-crypto-winnative/cng/hash.go | 306 +++++ - .../microsoft/go-crypto-winnative/cng/hkdf.go | 124 ++ - .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + - .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ - .../go-crypto-winnative/cng/pbkdf2.go | 70 ++ - .../microsoft/go-crypto-winnative/cng/rand.go | 28 + - .../microsoft/go-crypto-winnative/cng/rc4.go | 65 + - .../microsoft/go-crypto-winnative/cng/rsa.go | 396 +++++++ - .../go-crypto-winnative/cng/tls1prf.go | 88 ++ - .../internal/bcrypt/bcrypt_windows.go | 359 ++++++ - .../internal/bcrypt/zsyscall_windows.go | 389 ++++++ - .../internal/subtle/aliasing.go | 32 + - .../internal/sysdll/sys_windows.go | 55 + - src/vendor/modules.txt | 11 + - 63 files changed, 11044 insertions(+) + src/go.mod | 4 +- + src/go.sum | 8 +- + .../golang-fips/openssl/v2/.gitignore | 1 + + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + + .../golang-fips/openssl/v2/README.md | 66 ++ + .../github.com/golang-fips/openssl/v2/aes.go | 147 ++++ + .../golang-fips/openssl/v2/bbig/big.go | 37 + + .../github.com/golang-fips/openssl/v2/big.go | 11 + + .../golang-fips/openssl/v2/cgo_go124.go | 18 + + .../golang-fips/openssl/v2/cipher.go | 569 ++++++++++++++ + .../github.com/golang-fips/openssl/v2/des.go | 114 +++ + .../github.com/golang-fips/openssl/v2/dsa.go | 323 ++++++++ + .../github.com/golang-fips/openssl/v2/ec.go | 68 ++ + .../github.com/golang-fips/openssl/v2/ecdh.go | 303 ++++++++ + .../golang-fips/openssl/v2/ecdsa.go | 208 +++++ + .../golang-fips/openssl/v2/ed25519.go | 228 ++++++ + .../github.com/golang-fips/openssl/v2/evp.go | 580 ++++++++++++++ + .../golang-fips/openssl/v2/goopenssl.c | 248 ++++++ + .../golang-fips/openssl/v2/goopenssl.h | 261 +++++++ + .../github.com/golang-fips/openssl/v2/hash.go | 714 ++++++++++++++++++ + .../github.com/golang-fips/openssl/v2/hkdf.go | 322 ++++++++ + .../github.com/golang-fips/openssl/v2/hmac.go | 274 +++++++ + .../github.com/golang-fips/openssl/v2/init.go | 64 ++ + .../golang-fips/openssl/v2/init_unix.go | 31 + + .../golang-fips/openssl/v2/init_windows.go | 36 + + .../golang-fips/openssl/v2/openssl.go | 469 ++++++++++++ + .../golang-fips/openssl/v2/params.go | 210 ++++++ + .../golang-fips/openssl/v2/pbkdf2.go | 62 ++ + .../golang-fips/openssl/v2/port_dsa.c | 85 +++ + .../github.com/golang-fips/openssl/v2/rand.go | 20 + + .../github.com/golang-fips/openssl/v2/rc4.go | 66 ++ + .../github.com/golang-fips/openssl/v2/rsa.go | 408 ++++++++++ + .../github.com/golang-fips/openssl/v2/shims.h | 413 ++++++++++ + .../golang-fips/openssl/v2/thread_setup.go | 14 + + .../golang-fips/openssl/v2/thread_setup.h | 4 + + .../openssl/v2/thread_setup_unix.c | 64 ++ + .../openssl/v2/thread_setup_windows.c | 64 ++ + .../golang-fips/openssl/v2/tls1prf.go | 160 ++++ + .../github.com/golang-fips/openssl/v2/zaes.go | 86 +++ + .../microsoft/go-crypto-winnative/LICENSE | 21 + + .../microsoft/go-crypto-winnative/cng/aes.go | 393 ++++++++++ + .../go-crypto-winnative/cng/bbig/big.go | 31 + + .../microsoft/go-crypto-winnative/cng/big.go | 30 + + .../go-crypto-winnative/cng/cipher.go | 52 ++ + .../microsoft/go-crypto-winnative/cng/cng.go | 131 ++++ + .../microsoft/go-crypto-winnative/cng/des.go | 106 +++ + .../microsoft/go-crypto-winnative/cng/dsa.go | 465 ++++++++++++ + .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 +++++++ + .../go-crypto-winnative/cng/ecdsa.go | 169 +++++ + .../microsoft/go-crypto-winnative/cng/hash.go | 312 ++++++++ + .../microsoft/go-crypto-winnative/cng/hkdf.go | 124 +++ + .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++++ + .../go-crypto-winnative/cng/pbkdf2.go | 70 ++ + .../microsoft/go-crypto-winnative/cng/rand.go | 28 + + .../microsoft/go-crypto-winnative/cng/rc4.go | 65 ++ + .../microsoft/go-crypto-winnative/cng/rsa.go | 396 ++++++++++ + .../microsoft/go-crypto-winnative/cng/sha3.go | 284 +++++++ + .../go-crypto-winnative/cng/tls1prf.go | 88 +++ + .../internal/bcrypt/bcrypt_windows.go | 368 +++++++++ + .../internal/bcrypt/ntstatus_windows.go | 45 ++ + .../internal/bcrypt/zsyscall_windows.go | 412 ++++++++++ + .../internal/subtle/aliasing.go | 32 + + .../internal/sysdll/sys_windows.go | 55 ++ + src/vendor/modules.txt | 11 + + 66 files changed, 10981 insertions(+), 6 deletions(-) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -97,7 +100,6 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/params.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/pbkdf2.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/port_dsa.c - create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rand.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rc4.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/rsa.go @@ -126,12 +128,45 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/rand.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/rc4.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/rsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/ntstatus_windows.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/zsyscall_windows.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/subtle/aliasing.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go +diff --git a/src/go.mod b/src/go.mod +index e9da0eb1301b93..96bdcd421e1129 100644 +--- a/src/go.mod ++++ b/src/go.mod +@@ -3,8 +3,8 @@ module std + go 1.24 + + require ( +- github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf +- github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 + golang.org/x/crypto v0.30.0 + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 + ) +diff --git a/src/go.sum b/src/go.sum +index b464f023942b74..abebb59dcd7739 100644 +--- a/src/go.sum ++++ b/src/go.sum +@@ -1,7 +1,7 @@ +-github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= +-github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +-github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 h1:fMAxrMWT19/kkIZIuB9cjqW8SqRxCH2+2ZiZr5qrpuI= +-github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= + golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= + golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore new file mode 100644 index 00000000000000..79b5594df7fa29 @@ -2113,10 +2148,10 @@ index 00000000000000..bc5f1117fd4355 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go new file mode 100644 -index 00000000000000..cd237025109997 +index 00000000000000..f96db2cd5efcad --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,218 @@ +@@ -0,0 +1,228 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2209,7 +2244,7 @@ index 00000000000000..cd237025109997 + if err := extractPKEYPubEd25519(k._pkey, pub); err != nil { + return nil, err + } -+ pubk, err := NewPublicKeyEd25119(pub) ++ pubk, err := NewPublicKeyEd25519(pub) + if err != nil { + return nil, err + } @@ -2227,14 +2262,24 @@ index 00000000000000..cd237025109997 + return priv, nil +} + ++// Deprecated: use NewPrivateKeyEd25519 instead. +func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++ return NewPrivateKeyEd25519(priv) ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { + if len(priv) != privateKeySizeEd25519 { + panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) + } + return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) +} + ++// Deprecated: use NewPublicKeyEd25519 instead. +func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++ return NewPublicKeyEd25519(pub) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { + if len(pub) != publicKeySizeEd25519 { + panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) + } @@ -2337,10 +2382,10 @@ index 00000000000000..cd237025109997 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go new file mode 100644 -index 00000000000000..ef68bbfb8fb065 +index 00000000000000..8b5b367f9f8092 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go -@@ -0,0 +1,569 @@ +@@ -0,0 +1,580 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2391,29 +2436,8 @@ index 00000000000000..ef68bbfb8fb065 + +// hashToMD converts a hash.Hash implementation from this package to a GO_EVP_MD_PTR. +func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR { -+ var ch crypto.Hash -+ switch h.(type) { -+ case *sha1Hash, *sha1Marshal: -+ ch = crypto.SHA1 -+ case *sha224Hash, *sha224Marshal: -+ ch = crypto.SHA224 -+ case *sha256Hash, *sha256Marshal: -+ ch = crypto.SHA256 -+ case *sha384Hash, *sha384Marshal: -+ ch = crypto.SHA384 -+ case *sha512Hash, *sha512Marshal: -+ ch = crypto.SHA512 -+ case *sha3_224Hash: -+ ch = crypto.SHA3_224 -+ case *sha3_256Hash: -+ ch = crypto.SHA3_256 -+ case *sha3_384Hash: -+ ch = crypto.SHA3_384 -+ case *sha3_512Hash: -+ ch = crypto.SHA3_512 -+ } -+ if ch != 0 { -+ return cryptoHashToMD(ch) ++ if h, ok := h.(*evpHash); ok { ++ return h.alg.md + } + return nil +} @@ -2432,78 +2456,110 @@ index 00000000000000..ef68bbfb8fb065 + return md, nil +} + -+// cryptoHashToMD converts a crypto.Hash to a GO_EVP_MD_PTR. -+func cryptoHashToMD(ch crypto.Hash) (md C.GO_EVP_MD_PTR) { ++type hashAlgorithm struct { ++ md C.GO_EVP_MD_PTR ++ ch crypto.Hash ++ size int ++ blockSize int ++ marshallable bool ++ magic string ++ marshalledSize int ++} ++ ++// loadHash converts a crypto.Hash to a EVP_MD. ++func loadHash(ch crypto.Hash) *hashAlgorithm { + if v, ok := cacheMD.Load(ch); ok { -+ return v.(C.GO_EVP_MD_PTR) -+ } -+ defer func() { -+ if md != nil { -+ switch vMajor { -+ case 1: -+ // On OpenSSL 1 EVP_MD objects can be not-nil even -+ // when they are not supported. We need to pass the md -+ // to a EVP_MD_CTX to really know if they can be used. -+ ctx := C.go_openssl_EVP_MD_CTX_new() -+ if C.go_openssl_EVP_DigestInit_ex(ctx, md, nil) != 1 { -+ md = nil -+ } -+ C.go_openssl_EVP_MD_CTX_free(ctx) -+ case 3: -+ // On OpenSSL 3, directly operating on a EVP_MD object -+ // not created by EVP_MD_fetch has negative performance -+ // implications, as digest operations will have -+ // to fetch it on every call. Better to just fetch it once here. -+ md = C.go_openssl_EVP_MD_fetch(nil, C.go_openssl_EVP_MD_get0_name(md), nil) -+ default: -+ panic(errUnsupportedVersion()) -+ } -+ } -+ cacheMD.Store(ch, md) -+ }() -+ // SupportsHash returns false for MD5SHA1 because we don't -+ // provide a hash.Hash implementation for it. Yet, it can -+ // still be used when signing/verifying with an RSA key. -+ if ch == crypto.MD5SHA1 { -+ if vMajor == 1 && vMinor == 0 { -+ return C.go_openssl_EVP_md5_sha1_backport() -+ } else { -+ return C.go_openssl_EVP_md5_sha1() -+ } ++ return v.(*hashAlgorithm) + } ++ ++ var hash hashAlgorithm + switch ch { ++ case crypto.RIPEMD160: ++ hash.md = C.go_openssl_EVP_ripemd160() + case crypto.MD4: -+ return C.go_openssl_EVP_md4() ++ hash.md = C.go_openssl_EVP_md4() + case crypto.MD5: -+ return C.go_openssl_EVP_md5() ++ hash.md = C.go_openssl_EVP_md5() ++ hash.magic = md5Magic ++ hash.marshalledSize = md5MarshaledSize ++ case crypto.MD5SHA1: ++ if vMajor == 1 && vMinor == 0 { ++ // OpenSSL 1.0.2 does not support MD5SHA1. ++ hash.md = nil ++ } else { ++ hash.md = C.go_openssl_EVP_md5_sha1() ++ } + case crypto.SHA1: -+ return C.go_openssl_EVP_sha1() ++ hash.md = C.go_openssl_EVP_sha1() ++ hash.magic = sha1Magic ++ hash.marshalledSize = sha1MarshaledSize + case crypto.SHA224: -+ return C.go_openssl_EVP_sha224() ++ hash.md = C.go_openssl_EVP_sha224() ++ hash.magic = magic224 ++ hash.marshalledSize = marshaledSize256 + case crypto.SHA256: -+ return C.go_openssl_EVP_sha256() ++ hash.md = C.go_openssl_EVP_sha256() ++ hash.magic = magic256 ++ hash.marshalledSize = marshaledSize256 + case crypto.SHA384: -+ return C.go_openssl_EVP_sha384() ++ hash.md = C.go_openssl_EVP_sha384() ++ hash.magic = magic384 ++ hash.marshalledSize = marshaledSize512 + case crypto.SHA512: -+ return C.go_openssl_EVP_sha512() ++ hash.md = C.go_openssl_EVP_sha512() ++ hash.magic = magic512 ++ hash.marshalledSize = marshaledSize512 ++ case crypto.SHA512_224: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = C.go_openssl_EVP_sha512_224() ++ hash.magic = magic512_224 ++ hash.marshalledSize = marshaledSize512 ++ } ++ case crypto.SHA512_256: ++ if versionAtOrAbove(1, 1, 1) { ++ hash.md = C.go_openssl_EVP_sha512_256() ++ hash.magic = magic512_256 ++ hash.marshalledSize = marshaledSize512 ++ } + case crypto.SHA3_224: + if versionAtOrAbove(1, 1, 1) { -+ return C.go_openssl_EVP_sha3_224() ++ hash.md = C.go_openssl_EVP_sha3_224() + } + case crypto.SHA3_256: + if versionAtOrAbove(1, 1, 1) { -+ return C.go_openssl_EVP_sha3_256() ++ hash.md = C.go_openssl_EVP_sha3_256() + } + case crypto.SHA3_384: + if versionAtOrAbove(1, 1, 1) { -+ return C.go_openssl_EVP_sha3_384() ++ hash.md = C.go_openssl_EVP_sha3_384() + } + case crypto.SHA3_512: + if versionAtOrAbove(1, 1, 1) { -+ return C.go_openssl_EVP_sha3_512() ++ hash.md = C.go_openssl_EVP_sha3_512() + } + } -+ return nil ++ if hash.md == nil { ++ cacheMD.Store(ch, (*hashAlgorithm)(nil)) ++ return nil ++ } ++ hash.ch = ch ++ hash.size = int(C.go_openssl_EVP_MD_get_size(hash.md)) ++ hash.blockSize = int(C.go_openssl_EVP_MD_get_block_size(hash.md)) ++ if vMajor == 3 { ++ // On OpenSSL 3, directly operating on a EVP_MD object ++ // not created by EVP_MD_fetch has negative performance ++ // implications, as digest operations will have ++ // to fetch it on every call. Better to just fetch it once here. ++ md := C.go_openssl_EVP_MD_fetch(nil, C.go_openssl_EVP_MD_get0_name(hash.md), nil) ++ // Don't overwrite md in case it can't be fetched, as the md may still be used ++ // outside of EVP_MD_CTX, for example to sign and verify RSA signatures. ++ if md != nil { ++ hash.md = md ++ } ++ } ++ hash.marshallable = hash.magic != "" && isHashMarshallable(hash.md) ++ cacheMD.Store(ch, &hash) ++ return &hash +} + +// generateEVPPKey generates a new EVP_PKEY with the given id and properties. @@ -2645,11 +2701,11 @@ index 00000000000000..ef68bbfb8fb065 + } + } + case C.GO_RSA_PKCS1_PSS_PADDING: -+ md := cryptoHashToMD(ch) -+ if md == nil { ++ alg := loadHash(ch) ++ if alg == nil { + return nil, errors.New("crypto/rsa: unsupported hash function") + } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(md)) != 1 { ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)) != 1 { + return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") + } + // setPadding must happen after setting EVP_PKEY_CTRL_MD. @@ -2665,11 +2721,11 @@ index 00000000000000..ef68bbfb8fb065 + case C.GO_RSA_PKCS1_PADDING: + if ch != 0 { + // We support unhashed messages. -+ md := cryptoHashToMD(ch) -+ if md == nil { ++ alg := loadHash(ch) ++ if alg == nil { + return nil, errors.New("crypto/rsa: unsupported hash function") + } -+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -1, C.GO_EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(md)) != 1 { ++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, -1, -1, C.GO_EVP_PKEY_CTRL_MD, 0, unsafe.Pointer(alg.md)) != 1 { + return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed") + } + if err := setPadding(); err != nil { @@ -2784,8 +2840,8 @@ index 00000000000000..ef68bbfb8fb065 +} + +func evpHashSign(withKey withKeyFunc, h crypto.Hash, msg []byte) ([]byte, error) { -+ md := cryptoHashToMD(h) -+ if md == nil { ++ alg := loadHash(h) ++ if alg == nil { + return nil, errors.New("unsupported hash function: " + strconv.Itoa(int(h))) + } + var out []byte @@ -2796,7 +2852,7 @@ index 00000000000000..ef68bbfb8fb065 + } + defer C.go_openssl_EVP_MD_CTX_free(ctx) + if withKey(func(key C.GO_EVP_PKEY_PTR) C.int { -+ return C.go_openssl_EVP_DigestSignInit(ctx, nil, md, nil, key) ++ return C.go_openssl_EVP_DigestSignInit(ctx, nil, alg.md, nil, key) + }) != 1 { + return nil, newOpenSSLError("EVP_DigestSignInit failed") + } @@ -2816,8 +2872,8 @@ index 00000000000000..ef68bbfb8fb065 +} + +func evpHashVerify(withKey withKeyFunc, h crypto.Hash, msg, sig []byte) error { -+ md := cryptoHashToMD(h) -+ if md == nil { ++ alg := loadHash(h) ++ if alg == nil { + return errors.New("unsupported hash function: " + strconv.Itoa(int(h))) + } + ctx := C.go_openssl_EVP_MD_CTX_new() @@ -2826,7 +2882,7 @@ index 00000000000000..ef68bbfb8fb065 + } + defer C.go_openssl_EVP_MD_CTX_free(ctx) + if withKey(func(key C.GO_EVP_PKEY_PTR) C.int { -+ return C.go_openssl_EVP_DigestVerifyInit(ctx, nil, md, nil, key) ++ return C.go_openssl_EVP_DigestVerifyInit(ctx, nil, alg.md, nil, key) + }) != 1 { + return newOpenSSLError("EVP_DigestVerifyInit failed") + } @@ -3166,10 +3222,10 @@ index 00000000000000..626f184badc53d +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h new file mode 100644 -index 00000000000000..1165f99157c663 +index 00000000000000..f5cdced630679f --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h -@@ -0,0 +1,262 @@ +@@ -0,0 +1,261 @@ +// This header file describes the OpenSSL ABI as built for use in Go. + +#include // size_t @@ -3199,7 +3255,6 @@ index 00000000000000..1165f99157c663 +int go_openssl_version_patch(void* handle); +int go_openssl_thread_setup(void); +void go_openssl_load_functions(void* handle, unsigned int major, unsigned int minor, unsigned int patch); -+const GO_EVP_MD_PTR go_openssl_EVP_md5_sha1_backport(void); +void go_openssl_DSA_get0_pqg_backport(const GO_DSA_PTR d, GO_BIGNUM_PTR *p, GO_BIGNUM_PTR *q, GO_BIGNUM_PTR *g); +int go_openssl_DSA_set0_pqg_backport(GO_DSA_PTR d, GO_BIGNUM_PTR p, GO_BIGNUM_PTR q, GO_BIGNUM_PTR g); +void go_openssl_DSA_get0_key_backport(const GO_DSA_PTR d, GO_BIGNUM_PTR *pub_key, GO_BIGNUM_PTR *priv_key); @@ -3435,10 +3490,10 @@ index 00000000000000..1165f99157c663 \ No newline at end of file diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hash.go b/src/vendor/github.com/golang-fips/openssl/v2/hash.go new file mode 100644 -index 00000000000000..6fd3a518906004 +index 00000000000000..b2109857b49bdf --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hash.go -@@ -0,0 +1,1041 @@ +@@ -0,0 +1,714 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -3455,6 +3510,9 @@ index 00000000000000..6fd3a518906004 + "unsafe" +) + ++// maxHashSize is the size of SHA52 and SHA3_512, the largest hashes we support. ++const maxHashSize = 64 ++ +// NOTE: Implementation ported from https://go-review.googlesource.com/c/go/+/404295. +// The cgo calls in this file are arranged to avoid marking the parameters as escaping. +// To do that, we call noescape (including via addr). @@ -3467,7 +3525,7 @@ index 00000000000000..6fd3a518906004 +// This is all to preserve compatibility with the allocation behavior of the non-openssl implementations. + +func hashOneShot(ch crypto.Hash, p []byte, sum []byte) bool { -+ return C.go_openssl_EVP_Digest(unsafe.Pointer(&*addr(p)), C.size_t(len(p)), (*C.uchar)(unsafe.Pointer(&*addr(sum))), nil, cryptoHashToMD(ch), nil) != 0 ++ return C.go_openssl_EVP_Digest(unsafe.Pointer(&*addr(p)), C.size_t(len(p)), (*C.uchar)(unsafe.Pointer(&*addr(sum))), nil, loadHash(ch).md, nil) != 0 +} + +func MD4(p []byte) (sum [16]byte) { @@ -3519,9 +3577,43 @@ index 00000000000000..6fd3a518906004 + return +} + -+// SupportsHash returns true if a hash.Hash implementation is supported for h. ++func SHA512_224(p []byte) (sum [28]byte) { ++ if !hashOneShot(crypto.SHA512_224, p, sum[:]) { ++ panic("openssl: SHA512 failed") ++ } ++ return ++} ++ ++func SHA512_256(p []byte) (sum [32]byte) { ++ if !hashOneShot(crypto.SHA512_256, p, sum[:]) { ++ panic("openssl: SHA512_256 failed") ++ } ++ return ++} ++ ++// cacheHashSupported is a cache of crypto.Hash support. ++var cacheHashSupported sync.Map ++ ++// SupportsHash reports whether the current OpenSSL version supports the given hash. +func SupportsHash(h crypto.Hash) bool { -+ return cryptoHashToMD(h) != nil ++ if v, ok := cacheHashSupported.Load(h); ok { ++ return v.(bool) ++ } ++ alg := loadHash(h) ++ if alg == nil { ++ cacheHashSupported.Store(h, false) ++ return false ++ } ++ // EVP_MD objects can be non-nil even when they can't be used ++ // in a EVP_MD_CTX, e.g. MD5 in FIPS mode. We need to prove ++ // if they can be used by passing them to a EVP_MD_CTX. ++ var supported bool ++ if ctx := C.go_openssl_EVP_MD_CTX_new(); ctx != nil { ++ supported = C.go_openssl_EVP_DigestInit_ex(ctx, alg.md, nil) == 1 ++ C.go_openssl_EVP_MD_CTX_free(ctx) ++ } ++ cacheHashSupported.Store(h, supported) ++ return supported +} + +func SHA3_224(p []byte) (sum [28]byte) { @@ -3552,21 +3644,79 @@ index 00000000000000..6fd3a518906004 + return +} + -+var isMarshallableCache sync.Map ++// NewMD4 returns a new MD4 hash. ++// The returned hash doesn't implement encoding.BinaryMarshaler and ++// encoding.BinaryUnmarshaler. ++func NewMD4() hash.Hash { ++ return newEvpHash(crypto.MD4) ++} ++ ++// NewMD5 returns a new MD5 hash. ++func NewMD5() hash.Hash { ++ return newEvpHash(crypto.MD5) ++} ++ ++// NewSHA1 returns a new SHA1 hash. ++func NewSHA1() hash.Hash { ++ return newEvpHash(crypto.SHA1) ++} ++ ++// NewSHA224 returns a new SHA224 hash. ++func NewSHA224() hash.Hash { ++ return newEvpHash(crypto.SHA224) ++} ++ ++// NewSHA256 returns a new SHA256 hash. ++func NewSHA256() hash.Hash { ++ return newEvpHash(crypto.SHA256) ++} ++ ++// NewSHA384 returns a new SHA384 hash. ++func NewSHA384() hash.Hash { ++ return newEvpHash(crypto.SHA384) ++} ++ ++// NewSHA512 returns a new SHA512 hash. ++func NewSHA512() hash.Hash { ++ return newEvpHash(crypto.SHA512) ++} ++ ++// NewSHA512_224 returns a new SHA512_224 hash. ++func NewSHA512_224() hash.Hash { ++ return newEvpHash(crypto.SHA512_224) ++} ++ ++// NewSHA512_256 returns a new SHA512_256 hash. ++func NewSHA512_256() hash.Hash { ++ return newEvpHash(crypto.SHA512_256) ++} ++ ++// NewSHA3_224 returns a new SHA3-224 hash. ++func NewSHA3_224() hash.Hash { ++ return newEvpHash(crypto.SHA3_224) ++} + -+// isHashMarshallable returns true if the memory layout of cb ++// NewSHA3_256 returns a new SHA3-256 hash. ++func NewSHA3_256() hash.Hash { ++ return newEvpHash(crypto.SHA3_256) ++} ++ ++// NewSHA3_384 returns a new SHA3-384 hash. ++func NewSHA3_384() hash.Hash { ++ return newEvpHash(crypto.SHA3_384) ++} ++ ++// NewSHA3_512 returns a new SHA3-512 hash. ++func NewSHA3_512() hash.Hash { ++ return newEvpHash(crypto.SHA3_512) ++} ++ ++// isHashMarshallable returns true if the memory layout of md +// is known by this library and can therefore be marshalled. -+func isHashMarshallable(ch crypto.Hash) bool { ++func isHashMarshallable(md C.GO_EVP_MD_PTR) bool { + if vMajor == 1 { + return true + } -+ if v, ok := isMarshallableCache.Load(ch); ok { -+ return v.(bool) -+ } -+ md := cryptoHashToMD(ch) -+ if md == nil { -+ return false -+ } + prov := C.go_openssl_EVP_MD_get0_provider(md) + if prov == nil { + return false @@ -3579,51 +3729,73 @@ index 00000000000000..6fd3a518906004 + // We only know the memory layout of the built-in providers. + // See evpHash.hashState for more details. + marshallable := name == "default" || name == "fips" -+ isMarshallableCache.Store(ch, marshallable) + return marshallable +} + ++// cloneHash is an interface that defines a Clone method. ++// ++// hahs.CloneHash will probably be added in Go 1.25, see https://golang.org/issue/69521, ++// but we need it now. ++type cloneHash interface { ++ hash.Hash ++ // Clone returns a separate Hash instance with the same state as h. ++ Clone() hash.Hash ++} ++ ++var _ hash.Hash = (*evpHash)(nil) ++var _ cloneHash = (*evpHash)(nil) ++ +// evpHash implements generic hash methods. +type evpHash struct { ++ alg *hashAlgorithm + ctx C.GO_EVP_MD_CTX_PTR + // ctx2 is used in evpHash.sum to avoid changing + // the state of ctx. Having it here allows reusing the + // same allocated object multiple times. -+ ctx2 C.GO_EVP_MD_CTX_PTR -+ size int -+ blockSize int -+ marshallable bool ++ ctx2 C.GO_EVP_MD_CTX_PTR +} + +func newEvpHash(ch crypto.Hash) *evpHash { -+ md := cryptoHashToMD(ch) -+ if md == nil { ++ alg := loadHash(ch) ++ if alg == nil { + panic("openssl: unsupported hash function: " + strconv.Itoa(int(ch))) + } -+ ctx := C.go_openssl_EVP_MD_CTX_new() -+ if C.go_openssl_EVP_DigestInit_ex(ctx, md, nil) != 1 { -+ C.go_openssl_EVP_MD_CTX_free(ctx) -+ panic(newOpenSSLError("EVP_DigestInit_ex")) -+ } -+ ctx2 := C.go_openssl_EVP_MD_CTX_new() -+ blockSize := int(C.go_openssl_EVP_MD_get_block_size(md)) -+ h := &evpHash{ -+ ctx: ctx, -+ ctx2: ctx2, -+ size: ch.Size(), -+ blockSize: blockSize, -+ marshallable: isHashMarshallable(ch), -+ } -+ runtime.SetFinalizer(h, (*evpHash).finalize) ++ h := &evpHash{alg: alg} ++ // Don't call init() yet, it would be wasteful ++ // if the caller only wants to know the hash type. This ++ // is a common pattern in this package, as some functions ++ // accept a `func() hash.Hash` parameter and call it just ++ // to know the hash type. + return h +} + +func (h *evpHash) finalize() { -+ C.go_openssl_EVP_MD_CTX_free(h.ctx) -+ C.go_openssl_EVP_MD_CTX_free(h.ctx2) ++ if h.ctx != nil { ++ C.go_openssl_EVP_MD_CTX_free(h.ctx) ++ } ++ if h.ctx2 != nil { ++ C.go_openssl_EVP_MD_CTX_free(h.ctx2) ++ } ++} ++ ++func (h *evpHash) init() { ++ if h.ctx != nil { ++ return ++ } ++ h.ctx = C.go_openssl_EVP_MD_CTX_new() ++ if C.go_openssl_EVP_DigestInit_ex(h.ctx, h.alg.md, nil) != 1 { ++ C.go_openssl_EVP_MD_CTX_free(h.ctx) ++ panic(newOpenSSLError("EVP_DigestInit_ex")) ++ } ++ h.ctx2 = C.go_openssl_EVP_MD_CTX_new() ++ runtime.SetFinalizer(h, (*evpHash).finalize) +} + +func (h *evpHash) Reset() { ++ if h.ctx == nil { ++ // The hash is not initialized yet, no need to reset. ++ return ++ } + // There is no need to reset h.ctx2 because it is always reset after + // use in evpHash.sum. + if C.go_openssl_EVP_DigestInit_ex(h.ctx, nil, nil) != 1 { @@ -3633,7 +3805,11 @@ index 00000000000000..6fd3a518906004 +} + +func (h *evpHash) Write(p []byte) (int, error) { -+ if len(p) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&*addr(p)), C.size_t(len(p))) != 1 { ++ if len(p) == 0 { ++ return 0, nil ++ } ++ h.init() ++ if C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&*addr(p)), C.size_t(len(p))) != 1 { + panic(newOpenSSLError("EVP_DigestUpdate")) + } + runtime.KeepAlive(h) @@ -3641,7 +3817,11 @@ index 00000000000000..6fd3a518906004 +} + +func (h *evpHash) WriteString(s string) (int, error) { -+ if len(s) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(unsafe.StringData(s)), C.size_t(len(s))) == 0 { ++ if len(s) == 0 { ++ return 0, nil ++ } ++ h.init() ++ if C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(unsafe.StringData(s)), C.size_t(len(s))) == 0 { + panic("openssl: EVP_DigestUpdate failed") + } + runtime.KeepAlive(h) @@ -3649,6 +3829,7 @@ index 00000000000000..6fd3a518906004 +} + +func (h *evpHash) WriteByte(c byte) error { ++ h.init() + if C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&c), 1) == 0 { + panic("openssl: EVP_DigestUpdate failed") + } @@ -3657,56 +3838,53 @@ index 00000000000000..6fd3a518906004 +} + +func (h *evpHash) Size() int { -+ return h.size ++ return h.alg.size +} + +func (h *evpHash) BlockSize() int { -+ return h.blockSize ++ return h.alg.blockSize +} + -+func (h *evpHash) sum(out []byte) { ++func (h *evpHash) Sum(in []byte) []byte { ++ h.init() ++ out := make([]byte, h.Size(), maxHashSize) // explicit cap to allow stack allocation + if C.go_hash_sum(h.ctx, h.ctx2, base(out)) != 1 { + panic(newOpenSSLError("go_hash_sum")) + } + runtime.KeepAlive(h) ++ return append(in, out...) +} + -+// clone returns a new evpHash object that is a deep clone of itself. ++// Clone returns a new evpHash object that is a deep clone of itself. +// The duplicate object contains all state and data contained in the +// original object at the point of duplication. -+func (h *evpHash) clone() (*evpHash, error) { -+ ctx := C.go_openssl_EVP_MD_CTX_new() -+ if ctx == nil { -+ return nil, newOpenSSLError("EVP_MD_CTX_new") -+ } -+ if C.go_openssl_EVP_MD_CTX_copy_ex(ctx, h.ctx) != 1 { -+ C.go_openssl_EVP_MD_CTX_free(ctx) -+ return nil, newOpenSSLError("EVP_MD_CTX_copy") -+ } -+ ctx2 := C.go_openssl_EVP_MD_CTX_new() -+ if ctx2 == nil { -+ C.go_openssl_EVP_MD_CTX_free(ctx) -+ return nil, newOpenSSLError("EVP_MD_CTX_new") -+ } -+ cloned := &evpHash{ -+ ctx: ctx, -+ ctx2: ctx2, -+ size: h.size, -+ blockSize: h.blockSize, -+ marshallable: h.marshallable, ++func (h *evpHash) Clone() hash.Hash { ++ h2 := &evpHash{alg: h.alg} ++ if h.ctx != nil { ++ h2.ctx = C.go_openssl_EVP_MD_CTX_new() ++ if h2.ctx == nil { ++ panic(newOpenSSLError("EVP_MD_CTX_new")) ++ } ++ if C.go_openssl_EVP_MD_CTX_copy_ex(h2.ctx, h.ctx) != 1 { ++ C.go_openssl_EVP_MD_CTX_free(h2.ctx) ++ panic(newOpenSSLError("EVP_MD_CTX_copy")) ++ } ++ h2.ctx2 = C.go_openssl_EVP_MD_CTX_new() ++ if h2.ctx2 == nil { ++ C.go_openssl_EVP_MD_CTX_free(h2.ctx) ++ panic(newOpenSSLError("EVP_MD_CTX_new")) ++ } ++ runtime.SetFinalizer(h2, (*evpHash).finalize) + } -+ runtime.SetFinalizer(cloned, (*evpHash).finalize) -+ return cloned, nil ++ runtime.KeepAlive(h) ++ return h2 +} + +// hashState returns a pointer to the internal hash structure. +// +// The EVP_MD_CTX memory layout has changed in OpenSSL 3 +// and the property holding the internal structure is no longer md_data but algctx. -+func (h *evpHash) hashState() unsafe.Pointer { -+ if !h.marshallable { -+ panic("openssl: hash state is not marshallable") -+ } ++func hashState(ctx C.GO_EVP_MD_CTX_PTR) unsafe.Pointer { + switch vMajor { + case 1: + // https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/crypto/evp/evp_local.h#L12. @@ -3715,7 +3893,7 @@ index 00000000000000..6fd3a518906004 + _ C.ulong + md_data unsafe.Pointer + } -+ return (*mdCtx)(unsafe.Pointer(h.ctx)).md_data ++ return (*mdCtx)(unsafe.Pointer(ctx)).md_data + case 3: + // https://github.com/openssl/openssl/blob/5675a5aaf6a2e489022bcfc18330dae9263e598e/crypto/evp/evp_local.h#L16. + type mdCtx struct { @@ -3724,49 +3902,98 @@ index 00000000000000..6fd3a518906004 + _ [3]unsafe.Pointer + algctx unsafe.Pointer + } -+ return (*mdCtx)(unsafe.Pointer(h.ctx)).algctx ++ return (*mdCtx)(unsafe.Pointer(ctx)).algctx + default: + panic(errUnsupportedVersion()) + } +} + -+// NewMD4 returns a new MD4 hash. -+// The returned hash doesn't implement encoding.BinaryMarshaler and -+// encoding.BinaryUnmarshaler. -+func NewMD4() hash.Hash { -+ return &md4Hash{ -+ evpHash: newEvpHash(crypto.MD4), ++func (d *evpHash) MarshalBinary() ([]byte, error) { ++ if !d.alg.marshallable { ++ return nil, errors.New("openssl: hash state is not marshallable") + } ++ buf := make([]byte, 0, d.alg.marshalledSize) ++ return d.AppendBinary(buf) +} + -+type md4Hash struct { -+ *evpHash -+ out [16]byte -+} -+ -+func (h *md4Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *md4Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err ++func (d *evpHash) AppendBinary(buf []byte) ([]byte, error) { ++ defer runtime.KeepAlive(d) ++ d.init() ++ if !d.alg.marshallable { ++ return nil, errors.New("openssl: hash state is not marshallable") ++ } ++ state := hashState(d.ctx) ++ if state == nil { ++ return nil, errors.New("openssl: can't retrieve hash state") ++ } ++ var appender interface { ++ AppendBinary([]byte) ([]byte, error) ++ } ++ switch d.alg.ch { ++ case crypto.MD5: ++ appender = (*md5State)(state) ++ case crypto.SHA1: ++ appender = (*sha1State)(state) ++ case crypto.SHA224: ++ appender = (*sha256State)(state) ++ case crypto.SHA256: ++ appender = (*sha256State)(state) ++ case crypto.SHA384: ++ appender = (*sha512State)(state) ++ case crypto.SHA512: ++ appender = (*sha512State)(state) ++ case crypto.SHA512_224: ++ appender = (*sha512State)(state) ++ case crypto.SHA512_256: ++ appender = (*sha512State)(state) ++ default: ++ panic("openssl: unsupported hash function: " + strconv.Itoa(int(d.alg.ch))) + } -+ return &md4Hash{evpHash: c}, nil ++ buf = append(buf, d.alg.magic[:]...) ++ return appender.AppendBinary(buf) +} + -+// NewMD5 returns a new MD5 hash. -+func NewMD5() hash.Hash { -+ h := md5Hash{evpHash: newEvpHash(crypto.MD5)} -+ if h.marshallable { -+ return &md5Marshal{h} ++func (d *evpHash) UnmarshalBinary(b []byte) error { ++ defer runtime.KeepAlive(d) ++ d.init() ++ if !d.alg.marshallable { ++ return errors.New("openssl: hash state is not marshallable") ++ } ++ if len(b) < len(d.alg.magic) || string(b[:len(d.alg.magic)]) != string(d.alg.magic[:]) { ++ return errors.New("openssl: invalid hash state identifier") ++ } ++ if len(b) != d.alg.marshalledSize { ++ return errors.New("openssl: invalid hash state size") ++ } ++ state := hashState(d.ctx) ++ if state == nil { ++ return errors.New("openssl: can't retrieve hash state") + } -+ return &h ++ b = b[len(d.alg.magic):] ++ var unmarshaler interface { ++ UnmarshalBinary([]byte) error ++ } ++ switch d.alg.ch { ++ case crypto.MD5: ++ unmarshaler = (*md5State)(state) ++ case crypto.SHA1: ++ unmarshaler = (*sha1State)(state) ++ case crypto.SHA224: ++ unmarshaler = (*sha256State)(state) ++ case crypto.SHA256: ++ unmarshaler = (*sha256State)(state) ++ case crypto.SHA384: ++ unmarshaler = (*sha512State)(state) ++ case crypto.SHA512: ++ unmarshaler = (*sha512State)(state) ++ case crypto.SHA512_224: ++ unmarshaler = (*sha512State)(state) ++ case crypto.SHA512_256: ++ unmarshaler = (*sha512State)(state) ++ default: ++ panic("openssl: unsupported hash function: " + strconv.Itoa(int(d.alg.ch))) ++ } ++ return unmarshaler.UnmarshalBinary(b) +} + +// md5State layout is taken from @@ -3778,53 +4005,12 @@ index 00000000000000..6fd3a518906004 + nx uint32 +} + -+type md5Hash struct { -+ *evpHash -+ out [16]byte -+} -+ -+func (h *md5Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *md5Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &md5Hash{evpHash: c}, nil -+} -+ +const ( + md5Magic = "md5\x01" + md5MarshaledSize = len(md5Magic) + 4*4 + 64 + 8 +) + -+type md5Marshal struct { -+ md5Hash -+} -+ -+func (h *md5Marshal) MarshalBinary() ([]byte, error) { -+ buf := make([]byte, 0, md5MarshaledSize) -+ return h.AppendBinary(buf) -+} -+ -+func (h *md5Marshal) UnmarshalBinary(b []byte) error { -+ if len(b) < len(md5Magic) || string(b[:len(md5Magic)]) != md5Magic { -+ return errors.New("crypto/md5: invalid hash state identifier") -+ } -+ if len(b) != md5MarshaledSize { -+ return errors.New("crypto/md5: invalid hash state size") -+ } -+ d := (*md5State)(h.hashState()) -+ if d == nil { -+ return errors.New("crypto/md5: can't retrieve hash state") -+ } -+ b = b[len(md5Magic):] ++func (d *md5State) UnmarshalBinary(b []byte) error { + b, d.h[0] = consumeUint32(b) + b, d.h[1] = consumeUint32(b) + b, d.h[2] = consumeUint32(b) @@ -3837,13 +4023,7 @@ index 00000000000000..6fd3a518906004 + return nil +} + -+func (h *md5Marshal) AppendBinary(buf []byte) ([]byte, error) { -+ d := (*md5State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/md5: can't retrieve hash state") -+ } -+ -+ buf = append(buf, md5Magic...) ++func (d *md5State) AppendBinary(buf []byte) ([]byte, error) { + buf = appendUint32(buf, d.h[0]) + buf = appendUint32(buf, d.h[1]) + buf = appendUint32(buf, d.h[2]) @@ -3854,36 +4034,6 @@ index 00000000000000..6fd3a518906004 + return buf, nil +} + -+// NewSHA1 returns a new SHA1 hash. -+func NewSHA1() hash.Hash { -+ h := sha1Hash{evpHash: newEvpHash(crypto.SHA1)} -+ if h.marshallable { -+ return &sha1Marshal{h} -+ } -+ return &h -+} -+ -+type sha1Hash struct { -+ *evpHash -+ out [20]byte -+} -+ -+func (h *sha1Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha1Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha1Hash{evpHash: c}, nil -+} -+ +// sha1State layout is taken from +// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L34. +type sha1State struct { @@ -3898,27 +4048,7 @@ index 00000000000000..6fd3a518906004 + sha1MarshaledSize = len(sha1Magic) + 5*4 + 64 + 8 +) + -+type sha1Marshal struct { -+ sha1Hash -+} -+ -+func (h *sha1Marshal) MarshalBinary() ([]byte, error) { -+ buf := make([]byte, 0, sha1MarshaledSize) -+ return h.AppendBinary(buf) -+} -+ -+func (h *sha1Marshal) UnmarshalBinary(b []byte) error { -+ if len(b) < len(sha1Magic) || string(b[:len(sha1Magic)]) != sha1Magic { -+ return errors.New("crypto/sha1: invalid hash state identifier") -+ } -+ if len(b) != sha1MarshaledSize { -+ return errors.New("crypto/sha1: invalid hash state size") -+ } -+ d := (*sha1State)(h.hashState()) -+ if d == nil { -+ return errors.New("crypto/sha1: can't retrieve hash state") -+ } -+ b = b[len(sha1Magic):] ++func (d *sha1State) UnmarshalBinary(b []byte) error { + b, d.h[0] = consumeUint32(b) + b, d.h[1] = consumeUint32(b) + b, d.h[2] = consumeUint32(b) @@ -3932,12 +4062,7 @@ index 00000000000000..6fd3a518906004 + return nil +} + -+func (h *sha1Marshal) AppendBinary(buf []byte) ([]byte, error) { -+ d := (*sha1State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha1: can't retrieve hash state") -+ } -+ buf = append(buf, sha1Magic...) ++func (d *sha1State) AppendBinary(buf []byte) ([]byte, error) { + buf = appendUint32(buf, d.h[0]) + buf = appendUint32(buf, d.h[1]) + buf = appendUint32(buf, d.h[2]) @@ -3949,66 +4074,6 @@ index 00000000000000..6fd3a518906004 + return buf, nil +} + -+// NewSHA224 returns a new SHA224 hash. -+func NewSHA224() hash.Hash { -+ h := sha224Hash{evpHash: newEvpHash(crypto.SHA224)} -+ if h.marshallable { -+ return &sha224Marshal{h} -+ } -+ return &h -+} -+ -+type sha224Hash struct { -+ *evpHash -+ out [224 / 8]byte -+} -+ -+func (h *sha224Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha224Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha224Hash{evpHash: c}, nil -+} -+ -+// NewSHA256 returns a new SHA256 hash. -+func NewSHA256() hash.Hash { -+ h := sha256Hash{evpHash: newEvpHash(crypto.SHA256)} -+ if h.marshallable { -+ return &sha256Marshal{h} -+ } -+ return &h -+} -+ -+type sha256Hash struct { -+ *evpHash -+ out [256 / 8]byte -+} -+ -+func (h *sha256Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha256Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha256Hash{evpHash: c}, nil -+} -+ +const ( + magic224 = "sha\x02" + magic256 = "sha\x03" @@ -4024,36 +4089,7 @@ index 00000000000000..6fd3a518906004 + nx uint32 +} + -+type sha224Marshal struct { -+ sha224Hash -+} -+ -+type sha256Marshal struct { -+ sha256Hash -+} -+ -+func (h *sha224Marshal) MarshalBinary() ([]byte, error) { -+ buf := make([]byte, 0, marshaledSize256) -+ return h.AppendBinary(buf) -+} -+ -+func (h *sha256Marshal) MarshalBinary() ([]byte, error) { -+ buf := make([]byte, 0, marshaledSize256) -+ return h.AppendBinary(buf) -+} -+ -+func (h *sha224Marshal) UnmarshalBinary(b []byte) error { -+ if len(b) < len(magic224) || string(b[:len(magic224)]) != magic224 { -+ return errors.New("crypto/sha256: invalid hash state identifier") -+ } -+ if len(b) != marshaledSize256 { -+ return errors.New("crypto/sha256: invalid hash state size") -+ } -+ d := (*sha256State)(h.hashState()) -+ if d == nil { -+ return errors.New("crypto/sha256: can't retrieve hash state") -+ } -+ b = b[len(magic224):] ++func (d *sha256State) UnmarshalBinary(b []byte) error { + b, d.h[0] = consumeUint32(b) + b, d.h[1] = consumeUint32(b) + b, d.h[2] = consumeUint32(b) @@ -4070,40 +4106,7 @@ index 00000000000000..6fd3a518906004 + return nil +} + -+func (h *sha256Marshal) UnmarshalBinary(b []byte) error { -+ if len(b) < len(magic256) || string(b[:len(magic256)]) != magic256 { -+ return errors.New("crypto/sha256: invalid hash state identifier") -+ } -+ if len(b) != marshaledSize256 { -+ return errors.New("crypto/sha256: invalid hash state size") -+ } -+ d := (*sha256State)(h.hashState()) -+ if d == nil { -+ return errors.New("crypto/sha256: can't retrieve hash state") -+ } -+ b = b[len(magic256):] -+ b, d.h[0] = consumeUint32(b) -+ b, d.h[1] = consumeUint32(b) -+ b, d.h[2] = consumeUint32(b) -+ b, d.h[3] = consumeUint32(b) -+ b, d.h[4] = consumeUint32(b) -+ b, d.h[5] = consumeUint32(b) -+ b, d.h[6] = consumeUint32(b) -+ b, d.h[7] = consumeUint32(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = uint32(n << 3) -+ d.nh = uint32(n >> 29) -+ d.nx = uint32(n) % 64 -+ return nil -+} -+ -+func (h *sha224Marshal) AppendBinary(buf []byte) ([]byte, error) { -+ d := (*sha256State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha256: can't retrieve hash state") -+ } -+ buf = append(buf, magic224...) ++func (d *sha256State) AppendBinary(buf []byte) ([]byte, error) { + buf = appendUint32(buf, d.h[0]) + buf = appendUint32(buf, d.h[1]) + buf = appendUint32(buf, d.h[2]) @@ -4118,86 +4121,6 @@ index 00000000000000..6fd3a518906004 + return buf, nil +} + -+func (h *sha256Marshal) AppendBinary(buf []byte) ([]byte, error) { -+ d := (*sha256State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha256: can't retrieve hash state") -+ } -+ buf = append(buf, magic256...) -+ buf = appendUint32(buf, d.h[0]) -+ buf = appendUint32(buf, d.h[1]) -+ buf = appendUint32(buf, d.h[2]) -+ buf = appendUint32(buf, d.h[3]) -+ buf = appendUint32(buf, d.h[4]) -+ buf = appendUint32(buf, d.h[5]) -+ buf = appendUint32(buf, d.h[6]) -+ buf = appendUint32(buf, d.h[7]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, uint64(d.nl)>>3|uint64(d.nh)<<29) -+ return buf, nil -+} -+ -+// NewSHA384 returns a new SHA384 hash. -+func NewSHA384() hash.Hash { -+ h := sha384Hash{evpHash: newEvpHash(crypto.SHA384)} -+ if h.marshallable { -+ return &sha384Marshal{h} -+ } -+ return &h -+} -+ -+type sha384Hash struct { -+ *evpHash -+ out [384 / 8]byte -+} -+ -+func (h *sha384Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha384Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha384Hash{evpHash: c}, nil -+} -+ -+// NewSHA512 returns a new SHA512 hash. -+func NewSHA512() hash.Hash { -+ h := sha512Hash{evpHash: newEvpHash(crypto.SHA512)} -+ if h.marshallable { -+ return &sha512Marshal{h} -+ } -+ return &h -+} -+ -+type sha512Hash struct { -+ *evpHash -+ out [512 / 8]byte -+} -+ -+func (h *sha512Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha512Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha512Hash{evpHash: c}, nil -+} -+ +// sha512State layout is taken from +// https://github.com/openssl/openssl/blob/0418e993c717a6863f206feaa40673a261de7395/include/openssl/sha.h#L95. +type sha512State struct { @@ -4215,39 +4138,12 @@ index 00000000000000..6fd3a518906004 + marshaledSize512 = len(magic512) + 8*8 + 128 + 8 +) + -+type sha384Marshal struct { -+ sha384Hash -+} -+ -+type sha512Marshal struct { -+ sha512Hash -+} -+ -+func (h *sha384Marshal) MarshalBinary() ([]byte, error) { ++func (d *sha512State) MarshalBinary() ([]byte, error) { + buf := make([]byte, 0, marshaledSize512) -+ return h.AppendBinary(buf) ++ return d.AppendBinary(buf) +} + -+func (h *sha512Marshal) MarshalBinary() ([]byte, error) { -+ buf := make([]byte, 0, marshaledSize512) -+ return h.AppendBinary(buf) -+} -+ -+func (h *sha384Marshal) UnmarshalBinary(b []byte) error { -+ if len(b) < len(magic512) { -+ return errors.New("crypto/sha512: invalid hash state identifier") -+ } -+ if string(b[:len(magic384)]) != magic384 { -+ return errors.New("crypto/sha512: invalid hash state identifier") -+ } -+ if len(b) != marshaledSize512 { -+ return errors.New("crypto/sha512: invalid hash state size") -+ } -+ d := (*sha512State)(h.hashState()) -+ if d == nil { -+ return errors.New("crypto/sha512: can't retrieve hash state") -+ } -+ b = b[len(magic512):] ++func (d *sha512State) UnmarshalBinary(b []byte) error { + b, d.h[0] = consumeUint64(b) + b, d.h[1] = consumeUint64(b) + b, d.h[2] = consumeUint64(b) @@ -4264,63 +4160,7 @@ index 00000000000000..6fd3a518906004 + return nil +} + -+func (h *sha512Marshal) UnmarshalBinary(b []byte) error { -+ if len(b) < len(magic512) { -+ return errors.New("crypto/sha512: invalid hash state identifier") -+ } -+ if string(b[:len(magic512)]) != magic512 { -+ return errors.New("crypto/sha512: invalid hash state identifier") -+ } -+ if len(b) != marshaledSize512 { -+ return errors.New("crypto/sha512: invalid hash state size") -+ } -+ d := (*sha512State)(h.hashState()) -+ if d == nil { -+ return errors.New("crypto/sha512: can't retrieve hash state") -+ } -+ b = b[len(magic512):] -+ b, d.h[0] = consumeUint64(b) -+ b, d.h[1] = consumeUint64(b) -+ b, d.h[2] = consumeUint64(b) -+ b, d.h[3] = consumeUint64(b) -+ b, d.h[4] = consumeUint64(b) -+ b, d.h[5] = consumeUint64(b) -+ b, d.h[6] = consumeUint64(b) -+ b, d.h[7] = consumeUint64(b) -+ b = b[copy(d.x[:], b):] -+ _, n := consumeUint64(b) -+ d.nl = n << 3 -+ d.nh = n >> 61 -+ d.nx = uint32(n) % 128 -+ return nil -+} -+ -+func (h *sha384Marshal) AppendBinary(buf []byte) ([]byte, error) { -+ d := (*sha512State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha512: can't retrieve hash state") -+ } -+ buf = append(buf, magic384...) -+ buf = appendUint64(buf, d.h[0]) -+ buf = appendUint64(buf, d.h[1]) -+ buf = appendUint64(buf, d.h[2]) -+ buf = appendUint64(buf, d.h[3]) -+ buf = appendUint64(buf, d.h[4]) -+ buf = appendUint64(buf, d.h[5]) -+ buf = appendUint64(buf, d.h[6]) -+ buf = appendUint64(buf, d.h[7]) -+ buf = append(buf, d.x[:d.nx]...) -+ buf = append(buf, make([]byte, len(d.x)-int(d.nx))...) -+ buf = appendUint64(buf, d.nl>>3|d.nh<<61) -+ return buf, nil -+} -+ -+func (h *sha512Marshal) AppendBinary(buf []byte) ([]byte, error) { -+ d := (*sha512State)(h.hashState()) -+ if d == nil { -+ return nil, errors.New("crypto/sha512: can't retrieve hash state") -+ } -+ buf = append(buf, magic512...) ++func (d *sha512State) AppendBinary(buf []byte) ([]byte, error) { + buf = appendUint64(buf, d.h[0]) + buf = appendUint64(buf, d.h[1]) + buf = appendUint64(buf, d.h[2]) @@ -4335,118 +4175,6 @@ index 00000000000000..6fd3a518906004 + return buf, nil +} + -+// NewSHA3_224 returns a new SHA3-224 hash. -+func NewSHA3_224() hash.Hash { -+ return &sha3_224Hash{ -+ evpHash: newEvpHash(crypto.SHA3_224), -+ } -+} -+ -+type sha3_224Hash struct { -+ *evpHash -+ out [224 / 8]byte -+} -+ -+func (h *sha3_224Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha3_224Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha3_224Hash{evpHash: c}, nil -+} -+ -+// NewSHA3_256 returns a new SHA3-256 hash. -+func NewSHA3_256() hash.Hash { -+ return &sha3_256Hash{ -+ evpHash: newEvpHash(crypto.SHA3_256), -+ } -+} -+ -+type sha3_256Hash struct { -+ *evpHash -+ out [256 / 8]byte -+} -+ -+func (h *sha3_256Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha3_256Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha3_256Hash{evpHash: c}, nil -+} -+ -+// NewSHA3_384 returns a new SHA3-384 hash. -+func NewSHA3_384() hash.Hash { -+ return &sha3_384Hash{ -+ evpHash: newEvpHash(crypto.SHA3_384), -+ } -+} -+ -+type sha3_384Hash struct { -+ *evpHash -+ out [384 / 8]byte -+} -+ -+func (h *sha3_384Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha3_384Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha3_384Hash{evpHash: c}, nil -+} -+ -+// NewSHA3_512 returns a new SHA3-512 hash. -+func NewSHA3_512() hash.Hash { -+ return &sha3_512Hash{ -+ evpHash: newEvpHash(crypto.SHA3_512), -+ } -+} -+ -+type sha3_512Hash struct { -+ *evpHash -+ out [512 / 8]byte -+} -+ -+func (h *sha3_512Hash) Sum(in []byte) []byte { -+ h.sum(h.out[:]) -+ return append(in, h.out[:]...) -+} -+ -+// Clone returns a new [hash.Hash] object that is a deep clone of itself. -+// The duplicate object contains all state and data contained in the -+// original object at the point of duplication. -+func (h *sha3_512Hash) Clone() (hash.Hash, error) { -+ c, err := h.clone() -+ if err != nil { -+ return nil, err -+ } -+ return &sha3_512Hash{evpHash: c}, nil -+} -+ +// appendUint64 appends x into b as a big endian byte sequence. +func appendUint64(b []byte, x uint64) []byte { + return append(b, @@ -6088,138 +5816,6 @@ index 00000000000000..5a948eafdbc6a7 + return 1; +} \ No newline at end of file -diff --git a/src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c b/src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c -new file mode 100644 -index 00000000000000..50d49b1f103351 ---- /dev/null -+++ b/src/vendor/github.com/golang-fips/openssl/v2/port_evp_md5_sha1.c -@@ -0,0 +1,126 @@ -+// The following is a partial backport of crypto/evp/m_md5_sha1.c, -+// commit cbc8a839959418d8a2c2e3ec6bdf394852c9501e on the -+// OpenSSL_1_1_0-stable branch. The ctrl function has been removed. -+ -+/* -+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include "goopenssl.h" -+ -+#define NID_md5_sha1 114 -+ -+#define MD5_CBLOCK 64 -+#define MD5_LBLOCK (MD5_CBLOCK/4) -+#define MD5_DIGEST_LENGTH 16 -+#define SHA_LBLOCK 16 -+#define SHA_DIGEST_LENGTH 20 -+ -+#define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} -+ -+// Change: MD5_LONG and SHA_LONG have been expanded to unsigned int, -+// which is always 32 bits. This avoids adding some obscure logic -+// to support 16-bit platforms. -+ -+# define MD5_LONG unsigned int -+# define SHA_LONG unsigned int -+ -+typedef struct env_md_st EVP_MD; -+typedef struct env_md_ctx_st EVP_MD_CTX; -+ -+struct env_md_ctx_st { -+ void *digest; -+ void *engine; -+ unsigned long flags; -+ void *md_data; -+ void *pctx; -+ void *update; -+} /* EVP_MD_CTX */ ; -+ -+struct env_md_st { -+ int type; -+ int pkey_type; -+ int md_size; -+ unsigned long flags; -+ int (*init) (EVP_MD_CTX *ctx); -+ int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); -+ int (*final) (EVP_MD_CTX *ctx, unsigned char *md); -+ void *copy; -+ void *cleanup; -+ void *sign; -+ void *verify; -+ int required_pkey_type[5]; -+ int block_size; -+ int ctx_size; -+ void *md_ctrl; -+} /* EVP_MD */ ; -+ -+typedef struct MD5state_st { -+ MD5_LONG A, B, C, D; -+ MD5_LONG Nl, Nh; -+ MD5_LONG data[MD5_LBLOCK]; -+ MD5_LONG num; -+} MD5_CTX; -+ -+typedef struct SHAstate_st { -+ SHA_LONG h0, h1, h2, h3, h4; -+ SHA_LONG Nl, Nh; -+ SHA_LONG data[SHA_LBLOCK]; -+ SHA_LONG num; -+} SHA_CTX; -+ -+struct md5_sha1_ctx { -+ MD5_CTX md5; -+ SHA_CTX sha1; -+}; -+ -+static int md5_sha1_init(EVP_MD_CTX *ctx) { -+ struct md5_sha1_ctx *mctx = ctx->md_data; -+ if (!go_openssl_MD5_Init(&mctx->md5)) -+ return 0; -+ return go_openssl_SHA1_Init(&mctx->sha1); -+} -+ -+static int md5_sha1_update(EVP_MD_CTX *ctx, const void *data, -+ size_t count) { -+ struct md5_sha1_ctx *mctx = ctx->md_data; -+ if (!go_openssl_MD5_Update(&mctx->md5, data, count)) -+ return 0; -+ return go_openssl_SHA1_Update(&mctx->sha1, data, count); -+} -+ -+static int md5_sha1_final(EVP_MD_CTX *ctx, unsigned char *md) { -+ struct md5_sha1_ctx *mctx = ctx->md_data; -+ if (!go_openssl_MD5_Final(md, &mctx->md5)) -+ return 0; -+ return go_openssl_SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1); -+} -+ -+// Change: Removed: -+// static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms) -+ -+static const EVP_MD md5_sha1_md = { -+ NID_md5_sha1, -+ NID_md5_sha1, -+ MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, -+ 0, -+ md5_sha1_init, -+ md5_sha1_update, -+ md5_sha1_final, -+ NULL, -+ NULL, -+ EVP_PKEY_NULL_method, // Change: inserted -+ MD5_CBLOCK, -+ sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx), -+ NULL, // Change: was ctrl -+}; -+ -+// Change: Apply name mangling. -+const GO_EVP_MD_PTR go_openssl_EVP_md5_sha1_backport(void) { -+ return (const GO_EVP_MD_PTR)&md5_sha1_md; -+} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/rand.go b/src/vendor/github.com/golang-fips/openssl/v2/rand.go new file mode 100644 index 00000000000000..9fd709635c3b40 @@ -6734,10 +6330,10 @@ index 00000000000000..da5c7636173775 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/shims.h b/src/vendor/github.com/golang-fips/openssl/v2/shims.h new file mode 100644 -index 00000000000000..c8f599f71c0b20 +index 00000000000000..437312ad795fc3 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/shims.h -@@ -0,0 +1,416 @@ +@@ -0,0 +1,413 @@ +#include // size_t +#include // uint64_t + @@ -6970,13 +6566,8 @@ index 00000000000000..c8f599f71c0b20 +DEFINEFUNC(int, EVP_DigestVerifyInit, (GO_EVP_MD_CTX_PTR ctx, GO_EVP_PKEY_CTX_PTR *pctx, const GO_EVP_MD_PTR type, GO_ENGINE_PTR e, GO_EVP_PKEY_PTR pkey), (ctx, pctx, type, e, pkey)) \ +DEFINEFUNC(int, EVP_DigestVerifyFinal, (GO_EVP_MD_CTX_PTR ctx, const unsigned char *sig, size_t siglen), (ctx, sig, siglen)) \ +DEFINEFUNC_1_1_1(int, EVP_DigestVerify, (GO_EVP_MD_CTX_PTR ctx, const unsigned char *sigret, size_t siglen, const unsigned char *tbs, size_t tbslen), (ctx, sigret, siglen, tbs, tbslen)) \ -+DEFINEFUNC_LEGACY_1_0(int, MD5_Init, (GO_MD5_CTX_PTR c), (c)) \ -+DEFINEFUNC_LEGACY_1_0(int, MD5_Update, (GO_MD5_CTX_PTR c, const void *data, size_t len), (c, data, len)) \ -+DEFINEFUNC_LEGACY_1_0(int, MD5_Final, (unsigned char *md, GO_MD5_CTX_PTR c), (md, c)) \ -+DEFINEFUNC_LEGACY_1_0(int, SHA1_Init, (GO_SHA_CTX_PTR c), (c)) \ -+DEFINEFUNC_LEGACY_1_0(int, SHA1_Update, (GO_SHA_CTX_PTR c, const void *data, size_t len), (c, data, len)) \ -+DEFINEFUNC_LEGACY_1_0(int, SHA1_Final, (unsigned char *md, GO_SHA_CTX_PTR c), (md, c)) \ +DEFINEFUNC_1_1(const GO_EVP_MD_PTR, EVP_md5_sha1, (void), ()) \ ++DEFINEFUNC(const GO_EVP_MD_PTR, EVP_ripemd160, (void), ()) \ +DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md4, (void), ()) \ +DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md5, (void), ()) \ +DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha1, (void), ()) \ @@ -6984,6 +6575,8 @@ index 00000000000000..c8f599f71c0b20 +DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha256, (void), ()) \ +DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha384, (void), ()) \ +DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha512, (void), ()) \ ++DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha512_224, (void), ()) \ ++DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha512_256, (void), ()) \ +DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_224, (void), ()) \ +DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_256, (void), ()) \ +DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_384, (void), ()) \ @@ -7326,7 +6919,7 @@ index 00000000000000..93281d6cffc352 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go new file mode 100644 -index 00000000000000..f342f221ea0c92 +index 00000000000000..33134548830d3e --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go @@ -0,0 +1,160 @@ @@ -7367,7 +6960,7 @@ index 00000000000000..f342f221ea0c92 + // that the caller wants to use TLS 1.0/1.1 PRF. + // OpenSSL detects this case by checking if the hash + // function is MD5SHA1. -+ md = cryptoHashToMD(crypto.MD5SHA1) ++ md = loadHash(crypto.MD5SHA1).md + } else { + h, err := hashFuncHash(fh) + if err != nil { @@ -9297,10 +8890,10 @@ index 00000000000000..586e9ae2ebb0c9 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go new file mode 100644 -index 00000000000000..87b1c95dc7f911 +index 00000000000000..a674496f18a3af --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -0,0 +1,306 @@ +@@ -0,0 +1,312 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9319,6 +8912,9 @@ index 00000000000000..87b1c95dc7f911 + "github.com/microsoft/go-crypto-winnative/internal/bcrypt" +) + ++// maxHashSize is the size of SHA512 and SHA3_512, the largest hashes we support. ++const maxHashSize = 64 ++ +// SupportsHash returns true if a hash.Hash implementation is supported for h. +func SupportsHash(h crypto.Hash) bool { + switch h { @@ -9387,27 +8983,6 @@ index 00000000000000..87b1c95dc7f911 + return +} + -+func SHA3_256(p []byte) (sum [32]byte) { -+ if err := hashOneShot(bcrypt.SHA3_256_ALGORITHM, p, sum[:]); err != nil { -+ panic("bcrypt: SHA3_256 failed") -+ } -+ return -+} -+ -+func SHA3_384(p []byte) (sum [48]byte) { -+ if err := hashOneShot(bcrypt.SHA3_384_ALGORITHM, p, sum[:]); err != nil { -+ panic("bcrypt: SHA3_384 failed") -+ } -+ return -+} -+ -+func SHA3_512(p []byte) (sum [64]byte) { -+ if err := hashOneShot(bcrypt.SHA3_512_ALGORITHM, p, sum[:]); err != nil { -+ panic("bcrypt: SHA3_512 failed") -+ } -+ return -+} -+ +// NewMD4 returns a new MD4 hash. +func NewMD4() hash.Hash { + return newHashX(bcrypt.MD4_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) @@ -9433,24 +9008,9 @@ index 00000000000000..87b1c95dc7f911 + return newHashX(bcrypt.SHA384_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) +} + -+// NewSHA512 returns a new SHA512 hash. -+func NewSHA512() hash.Hash { -+ return newHashX(bcrypt.SHA512_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) -+} -+ -+// NewSHA3_256 returns a new SHA256 hash. -+func NewSHA3_256() hash.Hash { -+ return newHashX(bcrypt.SHA3_256_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) -+} -+ -+// NewSHA3_384 returns a new SHA384 hash. -+func NewSHA3_384() hash.Hash { -+ return newHashX(bcrypt.SHA3_384_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) -+} -+ -+// NewSHA3_512 returns a new SHA512 hash. -+func NewSHA3_512() hash.Hash { -+ return newHashX(bcrypt.SHA3_512_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) ++// NewSHA512 returns a new SHA512 hash. ++func NewSHA512() hash.Hash { ++ return newHashX(bcrypt.SHA512_ALGORITHM, bcrypt.ALG_NONE_FLAG, nil) +} + +type hashAlgorithm struct { @@ -9484,11 +9044,24 @@ index 00000000000000..87b1c95dc7f911 + return hx.alg.id +} + ++// cloneHash is an interface that defines a Clone method. ++// ++// hash.CloneHash will probably be added in Go 1.25, see https://golang.org/issue/69521, ++// but we need it now. ++type cloneHash interface { ++ hash.Hash ++ // Clone returns a separate Hash instance with the same state as h. ++ Clone() hash.Hash ++} ++ ++var _ hash.Hash = (*hashX)(nil) ++var _ cloneHash = (*hashX)(nil) ++ ++// hashX implements [hash.Hash]. +type hashX struct { -+ alg *hashAlgorithm -+ _ctx bcrypt.HASH_HANDLE // access it using withCtx ++ alg *hashAlgorithm ++ ctx bcrypt.HASH_HANDLE + -+ buf []byte + key []byte +} + @@ -9499,88 +9072,72 @@ index 00000000000000..87b1c95dc7f911 + panic(err) + } + h := &hashX{alg: alg, key: bytes.Clone(key)} -+ // Don't allocate hx.buf nor call bcrypt.CreateHash yet, -+ // which would be wasteful if the caller only wants to know -+ // the hash type. This is a common pattern in this package, -+ // as some functions accept a `func() hash.Hash` parameter -+ // and call it just to know the hash type. -+ runtime.SetFinalizer(h, (*hashX).finalize) ++ // Don't call bcrypt.CreateHash yet, it would be wasteful ++ // if the caller only wants to know the hash type. This ++ // is a common pattern in this package, as some functions ++ // accept a `func() hash.Hash` parameter and call it just ++ // to know the hash type. + return h +} + +func (h *hashX) finalize() { -+ if h._ctx != 0 { -+ bcrypt.DestroyHash(h._ctx) -+ } ++ bcrypt.DestroyHash(h.ctx) +} + -+func (h *hashX) withCtx(fn func(ctx bcrypt.HASH_HANDLE) error) error { ++func (h *hashX) init() { + defer runtime.KeepAlive(h) -+ if h._ctx == 0 { -+ err := bcrypt.CreateHash(h.alg.handle, &h._ctx, nil, h.key, 0) -+ if err != nil { -+ panic(err) -+ } ++ if h.ctx != 0 { ++ return ++ } ++ err := bcrypt.CreateHash(h.alg.handle, &h.ctx, nil, h.key, bcrypt.HASH_REUSABLE_FLAG) ++ if err != nil { ++ panic(err) + } -+ return fn(h._ctx) ++ runtime.SetFinalizer(h, (*hashX).finalize) +} + -+func (h *hashX) Clone() (hash.Hash, error) { ++func (h *hashX) Clone() hash.Hash { ++ defer runtime.KeepAlive(h) + h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} -+ err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { -+ return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) -+ }) -+ if err != nil { -+ return nil, err ++ if h.ctx != 0 { ++ hashClone(h.ctx, &h2.ctx) ++ runtime.SetFinalizer(h2, (*hashX).finalize) + } -+ runtime.SetFinalizer(h2, (*hashX).finalize) -+ return h2, nil ++ return h2 +} + +func (h *hashX) Reset() { -+ if h._ctx != 0 { -+ bcrypt.DestroyHash(h._ctx) -+ h._ctx = 0 ++ defer runtime.KeepAlive(h) ++ if h.ctx != 0 { ++ hashReset(h.ctx, h.Size()) + } +} + +func (h *hashX) Write(p []byte) (n int, err error) { -+ err = h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { -+ for n < len(p) && err == nil { -+ nn := len32(p[n:]) -+ err = bcrypt.HashData(h._ctx, p[n:n+nn], 0) -+ n += nn -+ } -+ return err -+ }) -+ if err != nil { -+ // hash.Hash interface mandates Write should never return an error. -+ panic(err) -+ } ++ defer runtime.KeepAlive(h) ++ h.init() ++ hashData(h.ctx, p) + return len(p), nil +} + +func (h *hashX) WriteString(s string) (int, error) { -+ // TODO: use unsafe.StringData once we drop support -+ // for go1.19 and earlier. -+ hdr := (*struct { -+ Data *byte -+ Len int -+ })(unsafe.Pointer(&s)) -+ return h.Write(unsafe.Slice(hdr.Data, len(s))) ++ defer runtime.KeepAlive(h) ++ return h.Write(unsafe.Slice(unsafe.StringData(s), len(s))) +} + +func (h *hashX) WriteByte(c byte) error { -+ err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { -+ return bcrypt.HashDataRaw(h._ctx, &c, 1, 0) -+ }) -+ if err != nil { -+ // hash.Hash interface mandates Write should never return an error. -+ panic(err) -+ } ++ defer runtime.KeepAlive(h) ++ h.init() ++ hashByte(h.ctx, c) + return nil +} + ++func (h *hashX) Sum(in []byte) []byte { ++ defer runtime.KeepAlive(h) ++ h.init() ++ return hashSum(h.ctx, h.Size(), in) ++} ++ +func (h *hashX) Size() int { + return int(h.alg.size) +} @@ -9589,23 +9146,65 @@ index 00000000000000..87b1c95dc7f911 + return int(h.alg.blockSize) +} + -+func (h *hashX) Sum(in []byte) []byte { ++// hashData writes p to ctx. It panics on error. ++func hashData(ctx bcrypt.HASH_HANDLE, p []byte) { ++ var n int ++ var err error ++ for n < len(p) && err == nil { ++ nn := len32(p[n:]) ++ err = bcrypt.HashData(ctx, p[n:n+nn], 0) ++ n += nn ++ } ++ if err != nil { ++ panic(err) ++ } ++} ++ ++// hashByte writes c to ctx. It panics on error. ++func hashByte(ctx bcrypt.HASH_HANDLE, c byte) { ++ err := bcrypt.HashDataRaw(ctx, &c, 1, 0) ++ if err != nil { ++ panic(err) ++ } ++} ++ ++// hashSum writes the hash of ctx to in and returns the result. ++// size is the size of the hash output. ++// It panics on error. ++func hashSum(ctx bcrypt.HASH_HANDLE, size int, in []byte) []byte { + var ctx2 bcrypt.HASH_HANDLE -+ err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { -+ return bcrypt.DuplicateHash(ctx, &ctx2, nil, 0) -+ }) ++ err := bcrypt.DuplicateHash(ctx, &ctx2, nil, 0) + if err != nil { + panic(err) + } + defer bcrypt.DestroyHash(ctx2) -+ if h.buf == nil { -+ h.buf = make([]byte, h.alg.size) ++ buf := make([]byte, size, maxHashSize) // explicit cap to allow stack allocation ++ err = bcrypt.FinishHash(ctx2, buf, 0) ++ if err != nil { ++ panic(err) ++ } ++ return append(in, buf...) ++} ++ ++// hashReset resets the hash state of ctx. ++// size is the size of the hash output. ++// It panics on error. ++func hashReset(ctx bcrypt.HASH_HANDLE, size int) { ++ // bcrypt.FinishHash expects the output buffer to match the hash size. ++ // We don't care about the output, so we just pass a stack-allocated buffer ++ // that is large enough to hold the largest hash size we support. ++ var discard [maxHashSize]byte ++ if err := bcrypt.FinishHash(ctx, discard[:size], 0); err != nil { ++ panic(err) + } -+ err = bcrypt.FinishHash(ctx2, h.buf, 0) ++} ++ ++// hashClone clones ctx into ctx2. It panics on error. ++func hashClone(ctx bcrypt.HASH_HANDLE, ctx2 *bcrypt.HASH_HANDLE) { ++ err := bcrypt.DuplicateHash(ctx, ctx2, nil, 0) + if err != nil { + panic(err) + } -+ return append(in, h.buf...) +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go new file mode 100644 @@ -10587,6 +10186,296 @@ index 00000000000000..0269f9cf86539e + } + return "" +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go +new file mode 100644 +index 00000000000000..d7aa193e00e653 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go +@@ -0,0 +1,284 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build windows ++// +build windows ++ ++package cng ++ ++import ( ++ "hash" ++ "runtime" ++ "unsafe" ++ ++ "github.com/microsoft/go-crypto-winnative/internal/bcrypt" ++) ++ ++// SumSHA3_256 returns the SHA3-256 checksum of the data. ++func SumSHA3_256(p []byte) (sum [32]byte) { ++ if err := hashOneShot(bcrypt.SHA3_256_ALGORITHM, p, sum[:]); err != nil { ++ panic("bcrypt: SHA3_256 failed") ++ } ++ return ++} ++ ++// SumSHA3_384 returns the SHA3-384 checksum of the data. ++func SumSHA3_384(p []byte) (sum [48]byte) { ++ if err := hashOneShot(bcrypt.SHA3_384_ALGORITHM, p, sum[:]); err != nil { ++ panic("bcrypt: SHA3_384 failed") ++ } ++ return ++} ++ ++// SumSHA3_512 returns the SHA3-512 checksum of the data. ++func SumSHA3_512(p []byte) (sum [64]byte) { ++ if err := hashOneShot(bcrypt.SHA3_512_ALGORITHM, p, sum[:]); err != nil { ++ panic("bcrypt: SHA3_512 failed") ++ } ++ return ++} ++ ++// SumSHAKE128 applies the SHAKE128 extendable output function to data and ++// returns an output of the given length in bytes. ++func SumSHAKE128(data []byte, length int) []byte { ++ out := make([]byte, length) ++ if err := hashOneShot(bcrypt.CSHAKE128_ALGORITHM, data, out); err != nil { ++ panic("bcrypt: CSHAKE128_ALGORITHM failed") ++ } ++ return out ++} ++ ++// SumSHAKE256 applies the SHAKE256 extendable output function to data and ++// returns an output of the given length in bytes. ++func SumSHAKE256(data []byte, length int) []byte { ++ out := make([]byte, length) ++ if err := hashOneShot(bcrypt.CSHAKE256_ALGORITHM, data, out); err != nil { ++ panic("bcrypt: CSHAKE256_ALGORITHM failed") ++ } ++ return out ++} ++ ++// SupportsSHAKE128 returns true if the SHAKE128 extendable output function is ++// supported. ++func SupportsSHAKE128() bool { ++ _, err := loadHash(bcrypt.CSHAKE128_ALGORITHM, bcrypt.ALG_NONE_FLAG) ++ return err == nil ++} ++ ++// SupportsSHAKE256 returns true if the SHAKE256 extendable output function is ++// supported. ++func SupportsSHAKE256() bool { ++ _, err := loadHash(bcrypt.CSHAKE256_ALGORITHM, bcrypt.ALG_NONE_FLAG) ++ return err == nil ++} ++ ++var _ hash.Hash = (*DigestSHA3)(nil) ++var _ cloneHash = (*DigestSHA3)(nil) ++ ++// DigestSHA3 is the [sha3.SHA3] implementation using the CNG API. ++type DigestSHA3 struct { ++ alg *hashAlgorithm ++ ctx bcrypt.HASH_HANDLE ++} ++ ++// newDigestSHA3 returns a new hash.Hash using the specified algorithm. ++func newDigestSHA3(id string) *DigestSHA3 { ++ alg, err := loadHash(id, bcrypt.ALG_NONE_FLAG) ++ if err != nil { ++ panic(err) ++ } ++ h := &DigestSHA3{alg: alg} ++ // Don't call bcrypt.CreateHash yet, it would be wasteful ++ // if the caller only wants to know the hash type. This ++ // is a common pattern in this package, as some functions ++ // accept a `func() hash.Hash` parameter and call it just ++ // to know the hash type. ++ return h ++} ++ ++func (h *DigestSHA3) finalize() { ++ bcrypt.DestroyHash(h.ctx) ++} ++ ++func (h *DigestSHA3) init() { ++ defer runtime.KeepAlive(h) ++ if h.ctx != 0 { ++ return ++ } ++ err := bcrypt.CreateHash(h.alg.handle, &h.ctx, nil, nil, bcrypt.HASH_REUSABLE_FLAG) ++ if err != nil { ++ panic(err) ++ } ++ runtime.SetFinalizer(h, (*DigestSHA3).finalize) ++} ++ ++func (h *DigestSHA3) Clone() hash.Hash { ++ defer runtime.KeepAlive(h) ++ h2 := &DigestSHA3{alg: h.alg} ++ if h.ctx != 0 { ++ hashClone(h.ctx, &h2.ctx) ++ runtime.SetFinalizer(h2, (*DigestSHA3).finalize) ++ } ++ return h2 ++} ++ ++func (h *DigestSHA3) Reset() { ++ defer runtime.KeepAlive(h) ++ if h.ctx != 0 { ++ hashReset(h.ctx, h.Size()) ++ } ++} ++ ++func (h *DigestSHA3) Write(p []byte) (n int, err error) { ++ defer runtime.KeepAlive(h) ++ h.init() ++ hashData(h.ctx, p) ++ return len(p), nil ++} ++ ++func (h *DigestSHA3) WriteString(s string) (int, error) { ++ defer runtime.KeepAlive(h) ++ return h.Write(unsafe.Slice(unsafe.StringData(s), len(s))) ++} ++ ++func (h *DigestSHA3) WriteByte(c byte) error { ++ defer runtime.KeepAlive(h) ++ h.init() ++ hashByte(h.ctx, c) ++ return nil ++} ++ ++func (h *DigestSHA3) Sum(in []byte) []byte { ++ defer runtime.KeepAlive(h) ++ h.init() ++ return hashSum(h.ctx, h.Size(), in) ++} ++ ++func (h *DigestSHA3) Size() int { ++ return int(h.alg.size) ++} ++ ++func (h *DigestSHA3) BlockSize() int { ++ return int(h.alg.blockSize) ++} ++ ++// NewSHA3_256 returns a new SHA256 hash. ++func NewSHA3_256() *DigestSHA3 { ++ return newDigestSHA3(bcrypt.SHA3_256_ALGORITHM) ++} ++ ++// NewSHA3_384 returns a new SHA384 hash. ++func NewSHA3_384() *DigestSHA3 { ++ return newDigestSHA3(bcrypt.SHA3_384_ALGORITHM) ++} ++ ++// NewSHA3_512 returns a new SHA512 hash. ++func NewSHA3_512() *DigestSHA3 { ++ return newDigestSHA3(bcrypt.SHA3_512_ALGORITHM) ++} ++ ++// SHAKE is an instance of a SHAKE extendable output function. ++type SHAKE struct { ++ ctx bcrypt.HASH_HANDLE ++ blockSize uint32 ++} ++ ++func newShake(id string, N, S []byte) *SHAKE { ++ alg, err := loadHash(id, bcrypt.ALG_NONE_FLAG) ++ if err != nil { ++ panic(err) ++ } ++ h := &SHAKE{blockSize: alg.blockSize} ++ err = bcrypt.CreateHash(alg.handle, &h.ctx, nil, nil, bcrypt.HASH_REUSABLE_FLAG) ++ if err != nil { ++ panic(err) ++ } ++ if len(N) != 0 { ++ if err := bcrypt.SetProperty(bcrypt.HANDLE(h.ctx), utf16PtrFromString(bcrypt.FUNCTION_NAME_STRING), N, 0); err != nil { ++ panic(err) ++ } ++ } ++ if len(S) != 0 { ++ if err := bcrypt.SetProperty(bcrypt.HANDLE(h.ctx), utf16PtrFromString(bcrypt.CUSTOMIZATION_STRING), S, 0); err != nil { ++ panic(err) ++ } ++ } ++ runtime.SetFinalizer(h, (*SHAKE).finalize) ++ return h ++} ++ ++// NewSHAKE128 creates a new SHAKE128 XOF. ++func NewSHAKE128() *SHAKE { ++ return newShake(bcrypt.CSHAKE128_ALGORITHM, nil, nil) ++} ++ ++// NewSHAKE256 creates a new SHAKE256 XOF. ++func NewSHAKE256() *SHAKE { ++ return newShake(bcrypt.CSHAKE256_ALGORITHM, nil, nil) ++} ++ ++// NewCSHAKE128 creates a new cSHAKE128 XOF. ++// ++// N is used to define functions based on cSHAKE, it can be empty when plain ++// cSHAKE is desired. S is a customization byte string used for domain ++// separation. When N and S are both empty, this is equivalent to NewSHAKE128. ++func NewCSHAKE128(N, S []byte) *SHAKE { ++ return newShake(bcrypt.CSHAKE128_ALGORITHM, N, S) ++} ++ ++// NewCSHAKE256 creates a new cSHAKE256 XOF. ++// ++// N is used to define functions based on cSHAKE, it can be empty when plain ++// cSHAKE is desired. S is a customization byte string used for domain ++// separation. When N and S are both empty, this is equivalent to NewSHAKE256. ++func NewCSHAKE256(N, S []byte) *SHAKE { ++ return newShake(bcrypt.CSHAKE256_ALGORITHM, N, S) ++} ++ ++func (h *SHAKE) finalize() { ++ bcrypt.DestroyHash(h.ctx) ++} ++ ++// Write absorbs more data into the XOF's state. ++// ++// It panics if any output has already been read. ++func (s *SHAKE) Write(p []byte) (n int, err error) { ++ if len(p) == 0 { ++ return 0, nil ++ } ++ defer runtime.KeepAlive(s) ++ hashData(s.ctx, p) ++ return len(p), nil ++} ++ ++// Read squeezes more output from the XOF. ++// ++// Any call to Write after a call to Read will panic. ++func (s *SHAKE) Read(p []byte) (n int, err error) { ++ if len(p) == 0 { ++ return 0, nil ++ } ++ defer runtime.KeepAlive(s) ++ for n < len(p) && err == nil { ++ nn := len32(p[n:]) ++ err = bcrypt.FinishHash(s.ctx, p[n:n+nn], bcrypt.HASH_DONT_RESET_FLAG) ++ n += nn ++ } ++ if err != nil { ++ panic(err) ++ } ++ return len(p), nil ++} ++ ++// Reset resets the XOF to its initial state. ++func (s *SHAKE) Reset() { ++ defer runtime.KeepAlive(s) ++ // SHAKE has a variable size, CNG doesn't change the size of the hash ++ // when resetting, so we can pass a small value here. ++ hashReset(s.ctx, 1) ++} ++ ++// BlockSize returns the rate of the XOF. ++func (s *SHAKE) BlockSize() int { ++ return int(s.blockSize) ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go new file mode 100644 index 00000000000000..5a3fb01606ef95 @@ -10683,10 +10572,10 @@ index 00000000000000..5a3fb01606ef95 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go new file mode 100644 -index 00000000000000..090c74a894e170 +index 00000000000000..7d34e6661d3086 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/bcrypt_windows.go -@@ -0,0 +1,359 @@ +@@ -0,0 +1,368 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -10711,6 +10600,8 @@ index 00000000000000..090c74a894e170 + SHA3_256_ALGORITHM = "SHA3-256" + SHA3_384_ALGORITHM = "SHA3-384" + SHA3_512_ALGORITHM = "SHA3-512" ++ CSHAKE128_ALGORITHM = "CSHAKE128" ++ CSHAKE256_ALGORITHM = "CSHAKE256" + AES_ALGORITHM = "AES" + RC4_ALGORITHM = "RC4" + RSA_ALGORITHM = "RSA" @@ -10736,17 +10627,19 @@ index 00000000000000..090c74a894e170 +) + +const ( -+ HASH_LENGTH = "HashDigestLength" -+ HASH_BLOCK_LENGTH = "HashBlockLength" -+ CHAINING_MODE = "ChainingMode" -+ CHAIN_MODE_ECB = "ChainingModeECB" -+ CHAIN_MODE_CBC = "ChainingModeCBC" -+ CHAIN_MODE_GCM = "ChainingModeGCM" -+ KEY_LENGTH = "KeyLength" -+ KEY_LENGTHS = "KeyLengths" -+ SIGNATURE_LENGTH = "SignatureLength" -+ BLOCK_LENGTH = "BlockLength" -+ ECC_CURVE_NAME = "ECCCurveName" ++ HASH_LENGTH = "HashDigestLength" ++ HASH_BLOCK_LENGTH = "HashBlockLength" ++ CHAINING_MODE = "ChainingMode" ++ CHAIN_MODE_ECB = "ChainingModeECB" ++ CHAIN_MODE_CBC = "ChainingModeCBC" ++ CHAIN_MODE_GCM = "ChainingModeGCM" ++ KEY_LENGTH = "KeyLength" ++ KEY_LENGTHS = "KeyLengths" ++ SIGNATURE_LENGTH = "SignatureLength" ++ BLOCK_LENGTH = "BlockLength" ++ ECC_CURVE_NAME = "ECCCurveName" ++ FUNCTION_NAME_STRING = "FunctionNameString" ++ CUSTOMIZATION_STRING = "CustomizationString" +) + +const ( @@ -10803,6 +10696,11 @@ index 00000000000000..090c74a894e170 +) + +const ( ++ HASH_DONT_RESET_FLAG = 0x00000001 ++ HASH_REUSABLE_FLAG = 0x00000020 ++) ++ ++const ( + KDF_RAW_SECRET = "TRUNCATE" +) + @@ -10987,7 +10885,7 @@ index 00000000000000..090c74a894e170 + Count [4]uint8 +} + -+func Encrypt(hKey KEY_HANDLE, plaintext []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) { ++func Encrypt(hKey KEY_HANDLE, plaintext []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) { + var pInput *byte + if len(plaintext) > 0 { + pInput = &plaintext[0] @@ -11000,42 +10898,42 @@ index 00000000000000..090c74a894e170 + return _Encrypt(hKey, pInput, uint32(len(plaintext)), pPaddingInfo, pbIV, pbOutput, pcbResult, dwFlags) +} + -+//sys GetFipsAlgorithmMode(enabled *bool) (s error) = bcrypt.BCryptGetFipsAlgorithmMode -+//sys SetProperty(hObject HANDLE, pszProperty *uint16, pbInput []byte, dwFlags uint32) (s error) = bcrypt.BCryptSetProperty -+//sys GetProperty(hObject HANDLE, pszProperty *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptGetProperty -+//sys OpenAlgorithmProvider(phAlgorithm *ALG_HANDLE, pszAlgId *uint16, pszImplementation *uint16, dwFlags AlgorithmProviderFlags) (s error) = bcrypt.BCryptOpenAlgorithmProvider -+//sys CloseAlgorithmProvider(hAlgorithm ALG_HANDLE, dwFlags uint32) (s error) = bcrypt.BCryptCloseAlgorithmProvider ++//sys GetFipsAlgorithmMode(enabled *bool) (ntstatus error) = bcrypt.BCryptGetFipsAlgorithmMode ++//sys SetProperty(hObject HANDLE, pszProperty *uint16, pbInput []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptSetProperty ++//sys GetProperty(hObject HANDLE, pszProperty *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptGetProperty ++//sys OpenAlgorithmProvider(phAlgorithm *ALG_HANDLE, pszAlgId *uint16, pszImplementation *uint16, dwFlags AlgorithmProviderFlags) (ntstatus error) = bcrypt.BCryptOpenAlgorithmProvider ++//sys CloseAlgorithmProvider(hAlgorithm ALG_HANDLE, dwFlags uint32) (ntstatus error) = bcrypt.BCryptCloseAlgorithmProvider + +// SHA and HMAC + -+//sys Hash(hAlgorithm ALG_HANDLE, pbSecret []byte, pbInput []byte, pbOutput []byte) (s error) = bcrypt.BCryptHash -+//sys CreateHash(hAlgorithm ALG_HANDLE, phHash *HASH_HANDLE, pbHashObject []byte, pbSecret []byte, dwFlags uint32) (s error) = bcrypt.BCryptCreateHash -+//sys DestroyHash(hHash HASH_HANDLE) (s error) = bcrypt.BCryptDestroyHash -+//sys HashData(hHash HASH_HANDLE, pbInput []byte, dwFlags uint32) (s error) = bcrypt.BCryptHashData -+//sys HashDataRaw(hHash HASH_HANDLE, pbInput *byte, cbInput uint32, dwFlags uint32) (s error) = bcrypt.BCryptHashData -+//sys DuplicateHash(hHash HASH_HANDLE, phNewHash *HASH_HANDLE, pbHashObject []byte, dwFlags uint32) (s error) = bcrypt.BCryptDuplicateHash -+//sys FinishHash(hHash HASH_HANDLE, pbOutput []byte, dwFlags uint32) (s error) = bcrypt.BCryptFinishHash ++//sys Hash(hAlgorithm ALG_HANDLE, pbSecret []byte, pbInput []byte, pbOutput []byte) (ntstatus error) = bcrypt.BCryptHash ++//sys CreateHash(hAlgorithm ALG_HANDLE, phHash *HASH_HANDLE, pbHashObject []byte, pbSecret []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptCreateHash ++//sys DestroyHash(hHash HASH_HANDLE) (ntstatus error) = bcrypt.BCryptDestroyHash ++//sys HashData(hHash HASH_HANDLE, pbInput []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptHashData ++//sys HashDataRaw(hHash HASH_HANDLE, pbInput *byte, cbInput uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptHashData ++//sys DuplicateHash(hHash HASH_HANDLE, phNewHash *HASH_HANDLE, pbHashObject []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptDuplicateHash ++//sys FinishHash(hHash HASH_HANDLE, pbOutput []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptFinishHash + +// Rand + -+//sys GenRandom(hAlgorithm ALG_HANDLE, pbBuffer []byte, dwFlags uint32) (s error) = bcrypt.BCryptGenRandom ++//sys GenRandom(hAlgorithm ALG_HANDLE, pbBuffer []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptGenRandom + +// Keys + -+//sys generateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret *byte, cbSecret uint32, dwFlags uint32) (s error) = bcrypt.BCryptGenerateSymmetricKey -+//sys GenerateKeyPair(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, dwLength uint32, dwFlags uint32) (s error) = bcrypt.BCryptGenerateKeyPair -+//sys FinalizeKeyPair(hKey KEY_HANDLE, dwFlags uint32) (s error) = bcrypt.BCryptFinalizeKeyPair -+//sys ImportKeyPair (hAlgorithm ALG_HANDLE, hImportKey KEY_HANDLE, pszBlobType *uint16, phKey *KEY_HANDLE, pbInput []byte, dwFlags uint32) (s error) = bcrypt.BCryptImportKeyPair -+//sys ExportKey(hKey KEY_HANDLE, hExportKey KEY_HANDLE, pszBlobType *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptExportKey -+//sys DestroyKey(hKey KEY_HANDLE) (s error) = bcrypt.BCryptDestroyKey -+//sys _Encrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) = bcrypt.BCryptEncrypt -+//sys Decrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) = bcrypt.BCryptDecrypt -+//sys SignHash (hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbInput []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) = bcrypt.BCryptSignHash -+//sys VerifySignature(hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbHash []byte, pbSignature []byte, dwFlags PadMode) (s error) = bcrypt.BCryptVerifySignature -+//sys SecretAgreement(hPrivKey KEY_HANDLE, hPubKey KEY_HANDLE, phAgreedSecret *SECRET_HANDLE, dwFlags uint32) (s error) = bcrypt.BCryptSecretAgreement -+//sys DeriveKey(hSharedSecret SECRET_HANDLE, pwszKDF *uint16, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptDeriveKey -+//sys KeyDerivation(hKey KEY_HANDLE, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (s error) = bcrypt.BCryptKeyDerivation -+//sys DestroySecret(hSecret SECRET_HANDLE) (s error) = bcrypt.BCryptDestroySecret ++//sys generateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret *byte, cbSecret uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptGenerateSymmetricKey ++//sys GenerateKeyPair(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, dwLength uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptGenerateKeyPair ++//sys FinalizeKeyPair(hKey KEY_HANDLE, dwFlags uint32) (ntstatus error) = bcrypt.BCryptFinalizeKeyPair ++//sys ImportKeyPair (hAlgorithm ALG_HANDLE, hImportKey KEY_HANDLE, pszBlobType *uint16, phKey *KEY_HANDLE, pbInput []byte, dwFlags uint32) (ntstatus error) = bcrypt.BCryptImportKeyPair ++//sys ExportKey(hKey KEY_HANDLE, hExportKey KEY_HANDLE, pszBlobType *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptExportKey ++//sys DestroyKey(hKey KEY_HANDLE) (ntstatus error) = bcrypt.BCryptDestroyKey ++//sys _Encrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) = bcrypt.BCryptEncrypt ++//sys Decrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) = bcrypt.BCryptDecrypt ++//sys SignHash (hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbInput []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) = bcrypt.BCryptSignHash ++//sys VerifySignature(hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbHash []byte, pbSignature []byte, dwFlags PadMode) (ntstatus error) = bcrypt.BCryptVerifySignature ++//sys SecretAgreement(hPrivKey KEY_HANDLE, hPubKey KEY_HANDLE, phAgreedSecret *SECRET_HANDLE, dwFlags uint32) (ntstatus error) = bcrypt.BCryptSecretAgreement ++//sys DeriveKey(hSharedSecret SECRET_HANDLE, pwszKDF *uint16, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptDeriveKey ++//sys KeyDerivation(hKey KEY_HANDLE, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) = bcrypt.BCryptKeyDerivation ++//sys DestroySecret(hSecret SECRET_HANDLE) (ntstatus error) = bcrypt.BCryptDestroySecret + +func GenerateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret []byte, dwFlags uint32) error { + cbLen := uint32(len(pbSecret)) @@ -11046,12 +10944,63 @@ index 00000000000000..090c74a894e170 + } + return generateSymmetricKey(hAlgorithm, phKey, pbKeyObject, &pbSecret[0], cbLen, dwFlags) +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/ntstatus_windows.go b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/ntstatus_windows.go +new file mode 100644 +index 00000000000000..ec2eb01aa3cd8a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/ntstatus_windows.go +@@ -0,0 +1,45 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package bcrypt ++ ++import ( ++ "strconv" ++ "syscall" ++ "unicode/utf16" ++) ++ ++const ( ++ FORMAT_MESSAGE_FROM_HMODULE = 2048 ++ FORMAT_MESSAGE_FROM_SYSTEM = 4096 ++ FORMAT_MESSAGE_ARGUMENT_ARRAY = 8192 ++ ++ LANG_ENGLISH = 0x09 ++ SUBLANG_ENGLISH_US = 0x01 ++) ++ ++type NTStatus uint32 ++ ++func (s NTStatus) Errno() syscall.Errno { ++ return rtlNtStatusToDosErrorNoTeb(s) ++} ++ ++func langID(pri, sub uint16) uint32 { return uint32(sub)<<10 | uint32(pri) } ++ ++func (s NTStatus) Error() string { ++ b := make([]uint16, 300) ++ n, err := formatMessage(FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_FROM_HMODULE|FORMAT_MESSAGE_ARGUMENT_ARRAY, modntdll.Handle(), uint32(s), langID(LANG_ENGLISH, SUBLANG_ENGLISH_US), b, nil) ++ if err != nil { ++ return "NTSTATUS 0x" + strconv.FormatUint(uint64(s), 16) ++ } ++ // trim terminating \r and \n ++ for ; n > 0 && (b[n-1] == '\n' || b[n-1] == '\r'); n-- { ++ } ++ return string(utf16.Decode(b[:n])) ++} ++ ++// NT Native APIs ++//sys rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) = ntdll.RtlNtStatusToDosErrorNoTeb ++ ++// windows api calls ++//sys formatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/zsyscall_windows.go b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/zsyscall_windows.go new file mode 100644 -index 00000000000000..3c6a5764eb92ec +index 00000000000000..5d049f025b0301 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/bcrypt/zsyscall_windows.go -@@ -0,0 +1,389 @@ +@@ -0,0 +1,412 @@ +// Code generated by 'go generate'; DO NOT EDIT. + +package bcrypt @@ -11091,7 +11040,9 @@ index 00000000000000..3c6a5764eb92ec +} + +var ( -+ modbcrypt = syscall.NewLazyDLL(sysdll.Add("bcrypt.dll")) ++ modbcrypt = syscall.NewLazyDLL(sysdll.Add("bcrypt.dll")) ++ modkernel32 = syscall.NewLazyDLL(sysdll.Add("kernel32.dll")) ++ modntdll = syscall.NewLazyDLL(sysdll.Add("ntdll.dll")) + + procBCryptCloseAlgorithmProvider = modbcrypt.NewProc("BCryptCloseAlgorithmProvider") + procBCryptCreateHash = modbcrypt.NewProc("BCryptCreateHash") @@ -11119,17 +11070,19 @@ index 00000000000000..3c6a5764eb92ec + procBCryptSetProperty = modbcrypt.NewProc("BCryptSetProperty") + procBCryptSignHash = modbcrypt.NewProc("BCryptSignHash") + procBCryptVerifySignature = modbcrypt.NewProc("BCryptVerifySignature") ++ procFormatMessageW = modkernel32.NewProc("FormatMessageW") ++ procRtlNtStatusToDosErrorNoTeb = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb") +) + -+func CloseAlgorithmProvider(hAlgorithm ALG_HANDLE, dwFlags uint32) (s error) { ++func CloseAlgorithmProvider(hAlgorithm ALG_HANDLE, dwFlags uint32) (ntstatus error) { + r0, _, _ := syscall.Syscall(procBCryptCloseAlgorithmProvider.Addr(), 2, uintptr(hAlgorithm), uintptr(dwFlags), 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func CreateHash(hAlgorithm ALG_HANDLE, phHash *HASH_HANDLE, pbHashObject []byte, pbSecret []byte, dwFlags uint32) (s error) { ++func CreateHash(hAlgorithm ALG_HANDLE, phHash *HASH_HANDLE, pbHashObject []byte, pbSecret []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbHashObject) > 0 { + _p0 = &pbHashObject[0] @@ -11140,12 +11093,12 @@ index 00000000000000..3c6a5764eb92ec + } + r0, _, _ := syscall.Syscall9(procBCryptCreateHash.Addr(), 7, uintptr(hAlgorithm), uintptr(unsafe.Pointer(phHash)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbHashObject)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbSecret)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func Decrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) { ++func Decrypt(hKey KEY_HANDLE, pbInput []byte, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) { + var _p0 *byte + if len(pbInput) > 0 { + _p0 = &pbInput[0] @@ -11160,60 +11113,60 @@ index 00000000000000..3c6a5764eb92ec + } + r0, _, _ := syscall.Syscall12(procBCryptDecrypt.Addr(), 10, uintptr(hKey), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(pPaddingInfo), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbIV)), uintptr(unsafe.Pointer(_p2)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func DeriveKey(hSharedSecret SECRET_HANDLE, pwszKDF *uint16, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (s error) { ++func DeriveKey(hSharedSecret SECRET_HANDLE, pwszKDF *uint16, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbDerivedKey) > 0 { + _p0 = &pbDerivedKey[0] + } + r0, _, _ := syscall.Syscall9(procBCryptDeriveKey.Addr(), 7, uintptr(hSharedSecret), uintptr(unsafe.Pointer(pwszKDF)), uintptr(unsafe.Pointer(pParameterList)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbDerivedKey)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func DestroyHash(hHash HASH_HANDLE) (s error) { ++func DestroyHash(hHash HASH_HANDLE) (ntstatus error) { + r0, _, _ := syscall.Syscall(procBCryptDestroyHash.Addr(), 1, uintptr(hHash), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func DestroyKey(hKey KEY_HANDLE) (s error) { ++func DestroyKey(hKey KEY_HANDLE) (ntstatus error) { + r0, _, _ := syscall.Syscall(procBCryptDestroyKey.Addr(), 1, uintptr(hKey), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func DestroySecret(hSecret SECRET_HANDLE) (s error) { ++func DestroySecret(hSecret SECRET_HANDLE) (ntstatus error) { + r0, _, _ := syscall.Syscall(procBCryptDestroySecret.Addr(), 1, uintptr(hSecret), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func DuplicateHash(hHash HASH_HANDLE, phNewHash *HASH_HANDLE, pbHashObject []byte, dwFlags uint32) (s error) { ++func DuplicateHash(hHash HASH_HANDLE, phNewHash *HASH_HANDLE, pbHashObject []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbHashObject) > 0 { + _p0 = &pbHashObject[0] + } + r0, _, _ := syscall.Syscall6(procBCryptDuplicateHash.Addr(), 5, uintptr(hHash), uintptr(unsafe.Pointer(phNewHash)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbHashObject)), uintptr(dwFlags), 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func _Encrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) { ++func _Encrypt(hKey KEY_HANDLE, pbInput *byte, cbInput uint32, pPaddingInfo unsafe.Pointer, pbIV []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) { + var _p0 *byte + if len(pbIV) > 0 { + _p0 = &pbIV[0] @@ -11224,76 +11177,76 @@ index 00000000000000..3c6a5764eb92ec + } + r0, _, _ := syscall.Syscall12(procBCryptEncrypt.Addr(), 10, uintptr(hKey), uintptr(unsafe.Pointer(pbInput)), uintptr(cbInput), uintptr(pPaddingInfo), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbIV)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func ExportKey(hKey KEY_HANDLE, hExportKey KEY_HANDLE, pszBlobType *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) { ++func ExportKey(hKey KEY_HANDLE, hExportKey KEY_HANDLE, pszBlobType *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbOutput) > 0 { + _p0 = &pbOutput[0] + } + r0, _, _ := syscall.Syscall9(procBCryptExportKey.Addr(), 7, uintptr(hKey), uintptr(hExportKey), uintptr(unsafe.Pointer(pszBlobType)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func FinalizeKeyPair(hKey KEY_HANDLE, dwFlags uint32) (s error) { ++func FinalizeKeyPair(hKey KEY_HANDLE, dwFlags uint32) (ntstatus error) { + r0, _, _ := syscall.Syscall(procBCryptFinalizeKeyPair.Addr(), 2, uintptr(hKey), uintptr(dwFlags), 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func FinishHash(hHash HASH_HANDLE, pbOutput []byte, dwFlags uint32) (s error) { ++func FinishHash(hHash HASH_HANDLE, pbOutput []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbOutput) > 0 { + _p0 = &pbOutput[0] + } + r0, _, _ := syscall.Syscall6(procBCryptFinishHash.Addr(), 4, uintptr(hHash), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbOutput)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func GenRandom(hAlgorithm ALG_HANDLE, pbBuffer []byte, dwFlags uint32) (s error) { ++func GenRandom(hAlgorithm ALG_HANDLE, pbBuffer []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbBuffer) > 0 { + _p0 = &pbBuffer[0] + } + r0, _, _ := syscall.Syscall6(procBCryptGenRandom.Addr(), 4, uintptr(hAlgorithm), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbBuffer)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func GenerateKeyPair(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, dwLength uint32, dwFlags uint32) (s error) { ++func GenerateKeyPair(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, dwLength uint32, dwFlags uint32) (ntstatus error) { + r0, _, _ := syscall.Syscall6(procBCryptGenerateKeyPair.Addr(), 4, uintptr(hAlgorithm), uintptr(unsafe.Pointer(phKey)), uintptr(dwLength), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func generateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret *byte, cbSecret uint32, dwFlags uint32) (s error) { ++func generateSymmetricKey(hAlgorithm ALG_HANDLE, phKey *KEY_HANDLE, pbKeyObject []byte, pbSecret *byte, cbSecret uint32, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbKeyObject) > 0 { + _p0 = &pbKeyObject[0] + } + r0, _, _ := syscall.Syscall9(procBCryptGenerateSymmetricKey.Addr(), 7, uintptr(hAlgorithm), uintptr(unsafe.Pointer(phKey)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbKeyObject)), uintptr(unsafe.Pointer(pbSecret)), uintptr(cbSecret), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func GetFipsAlgorithmMode(enabled *bool) (s error) { ++func GetFipsAlgorithmMode(enabled *bool) (ntstatus error) { + var _p0 uint32 + if *enabled { + _p0 = 1 @@ -11301,24 +11254,24 @@ index 00000000000000..3c6a5764eb92ec + r0, _, _ := syscall.Syscall(procBCryptGetFipsAlgorithmMode.Addr(), 1, uintptr(unsafe.Pointer(&_p0)), 0, 0) + *enabled = _p0 != 0 + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func GetProperty(hObject HANDLE, pszProperty *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (s error) { ++func GetProperty(hObject HANDLE, pszProperty *uint16, pbOutput []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbOutput) > 0 { + _p0 = &pbOutput[0] + } + r0, _, _ := syscall.Syscall6(procBCryptGetProperty.Addr(), 6, uintptr(hObject), uintptr(unsafe.Pointer(pszProperty)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags)) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func Hash(hAlgorithm ALG_HANDLE, pbSecret []byte, pbInput []byte, pbOutput []byte) (s error) { ++func Hash(hAlgorithm ALG_HANDLE, pbSecret []byte, pbInput []byte, pbOutput []byte) (ntstatus error) { + var _p0 *byte + if len(pbSecret) > 0 { + _p0 = &pbSecret[0] @@ -11333,84 +11286,84 @@ index 00000000000000..3c6a5764eb92ec + } + r0, _, _ := syscall.Syscall9(procBCryptHash.Addr(), 7, uintptr(hAlgorithm), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbSecret)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbInput)), uintptr(unsafe.Pointer(_p2)), uintptr(len(pbOutput)), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func HashDataRaw(hHash HASH_HANDLE, pbInput *byte, cbInput uint32, dwFlags uint32) (s error) { ++func HashDataRaw(hHash HASH_HANDLE, pbInput *byte, cbInput uint32, dwFlags uint32) (ntstatus error) { + r0, _, _ := syscall.Syscall6(procBCryptHashData.Addr(), 4, uintptr(hHash), uintptr(unsafe.Pointer(pbInput)), uintptr(cbInput), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func HashData(hHash HASH_HANDLE, pbInput []byte, dwFlags uint32) (s error) { ++func HashData(hHash HASH_HANDLE, pbInput []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbInput) > 0 { + _p0 = &pbInput[0] + } + r0, _, _ := syscall.Syscall6(procBCryptHashData.Addr(), 4, uintptr(hHash), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func ImportKeyPair(hAlgorithm ALG_HANDLE, hImportKey KEY_HANDLE, pszBlobType *uint16, phKey *KEY_HANDLE, pbInput []byte, dwFlags uint32) (s error) { ++func ImportKeyPair(hAlgorithm ALG_HANDLE, hImportKey KEY_HANDLE, pszBlobType *uint16, phKey *KEY_HANDLE, pbInput []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbInput) > 0 { + _p0 = &pbInput[0] + } + r0, _, _ := syscall.Syscall9(procBCryptImportKeyPair.Addr(), 7, uintptr(hAlgorithm), uintptr(hImportKey), uintptr(unsafe.Pointer(pszBlobType)), uintptr(unsafe.Pointer(phKey)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func KeyDerivation(hKey KEY_HANDLE, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (s error) { ++func KeyDerivation(hKey KEY_HANDLE, pParameterList *BufferDesc, pbDerivedKey []byte, pcbResult *uint32, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbDerivedKey) > 0 { + _p0 = &pbDerivedKey[0] + } + r0, _, _ := syscall.Syscall6(procBCryptKeyDerivation.Addr(), 6, uintptr(hKey), uintptr(unsafe.Pointer(pParameterList)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbDerivedKey)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags)) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func OpenAlgorithmProvider(phAlgorithm *ALG_HANDLE, pszAlgId *uint16, pszImplementation *uint16, dwFlags AlgorithmProviderFlags) (s error) { ++func OpenAlgorithmProvider(phAlgorithm *ALG_HANDLE, pszAlgId *uint16, pszImplementation *uint16, dwFlags AlgorithmProviderFlags) (ntstatus error) { + r0, _, _ := syscall.Syscall6(procBCryptOpenAlgorithmProvider.Addr(), 4, uintptr(unsafe.Pointer(phAlgorithm)), uintptr(unsafe.Pointer(pszAlgId)), uintptr(unsafe.Pointer(pszImplementation)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func SecretAgreement(hPrivKey KEY_HANDLE, hPubKey KEY_HANDLE, phAgreedSecret *SECRET_HANDLE, dwFlags uint32) (s error) { ++func SecretAgreement(hPrivKey KEY_HANDLE, hPubKey KEY_HANDLE, phAgreedSecret *SECRET_HANDLE, dwFlags uint32) (ntstatus error) { + r0, _, _ := syscall.Syscall6(procBCryptSecretAgreement.Addr(), 4, uintptr(hPrivKey), uintptr(hPubKey), uintptr(unsafe.Pointer(phAgreedSecret)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func SetProperty(hObject HANDLE, pszProperty *uint16, pbInput []byte, dwFlags uint32) (s error) { ++func SetProperty(hObject HANDLE, pszProperty *uint16, pbInput []byte, dwFlags uint32) (ntstatus error) { + var _p0 *byte + if len(pbInput) > 0 { + _p0 = &pbInput[0] + } + r0, _, _ := syscall.Syscall6(procBCryptSetProperty.Addr(), 5, uintptr(hObject), uintptr(unsafe.Pointer(pszProperty)), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(dwFlags), 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func SignHash(hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbInput []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (s error) { ++func SignHash(hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbInput []byte, pbOutput []byte, pcbResult *uint32, dwFlags PadMode) (ntstatus error) { + var _p0 *byte + if len(pbInput) > 0 { + _p0 = &pbInput[0] @@ -11421,12 +11374,12 @@ index 00000000000000..3c6a5764eb92ec + } + r0, _, _ := syscall.Syscall9(procBCryptSignHash.Addr(), 8, uintptr(hKey), uintptr(pPaddingInfo), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbInput)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbOutput)), uintptr(unsafe.Pointer(pcbResult)), uintptr(dwFlags), 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) + } + return +} + -+func VerifySignature(hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbHash []byte, pbSignature []byte, dwFlags PadMode) (s error) { ++func VerifySignature(hKey KEY_HANDLE, pPaddingInfo unsafe.Pointer, pbHash []byte, pbSignature []byte, dwFlags PadMode) (ntstatus error) { + var _p0 *byte + if len(pbHash) > 0 { + _p0 = &pbHash[0] @@ -11437,10 +11390,29 @@ index 00000000000000..3c6a5764eb92ec + } + r0, _, _ := syscall.Syscall9(procBCryptVerifySignature.Addr(), 7, uintptr(hKey), uintptr(pPaddingInfo), uintptr(unsafe.Pointer(_p0)), uintptr(len(pbHash)), uintptr(unsafe.Pointer(_p1)), uintptr(len(pbSignature)), uintptr(dwFlags), 0, 0) + if r0 != 0 { -+ s = syscall.Errno(r0) ++ ntstatus = NTStatus(r0) ++ } ++ return ++} ++ ++func formatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) { ++ var _p0 *uint16 ++ if len(buf) > 0 { ++ _p0 = &buf[0] ++ } ++ r0, _, e1 := syscall.Syscall9(procFormatMessageW.Addr(), 7, uintptr(flags), uintptr(msgsrc), uintptr(msgid), uintptr(langid), uintptr(unsafe.Pointer(_p0)), uintptr(len(buf)), uintptr(unsafe.Pointer(args)), 0, 0) ++ n = uint32(r0) ++ if n == 0 { ++ err = errnoErr(e1) + } + return +} ++ ++func rtlNtStatusToDosErrorNoTeb(ntstatus NTStatus) (ret syscall.Errno) { ++ r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(ntstatus), 0, 0) ++ ret = syscall.Errno(r0) ++ return ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/internal/subtle/aliasing.go b/src/vendor/github.com/microsoft/go-crypto-winnative/internal/subtle/aliasing.go new file mode 100644 index 00000000000000..db09e4aae64f8c @@ -11541,15 +11513,15 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 1c8de570cc2f1f..9df7e15cd2ddde 100644 +index 1c8de570cc2f1f..5b05c5eed355ca 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From 3e731cf4825e8436f491b77b4ed3e9aa697cf073 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 8 Jan 2025 16:09:43 +0000 Subject: [PATCH 171/887] Update submodule to latest master (39f2032c): testing/synctest: add some examples --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 4b652e9f5f5..39f2032c175 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 4b652e9f5f5c0793f2e41cd2876bce5a241b2c95 +Subproject commit 39f2032c17516a55c165d329dd5e2e07f49132b0 From a4f8099b5dc631bb4324e395f52e8d1003402694 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 9 Jan 2025 09:57:06 +0000 Subject: [PATCH 172/887] fix: move go.mod and go.sum changes back to respective patch files --- patches/0004-Add-OpenSSL-crypto-backend.patch | 6 ++-- patches/0005-Add-CNG-crypto-backend.patch | 12 +++---- patches/0006-Vendor-crypto-backends.patch | 35 +------------------ 3 files changed, 10 insertions(+), 43 deletions(-) diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 9b01a2e7b5e..2653fef1da7 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -499,7 +499,7 @@ index 7a1318dcac32ba..186ced4a1123a8 100644 go 1.24 require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 golang.org/x/crypto v0.30.0 golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) @@ -508,8 +508,8 @@ index 9e661352f16e0b..0a58eccb57a869 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index c2c4ab8e704..8019bd12e7a 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -489,8 +489,8 @@ index 186ced4a1123a8..e9da0eb1301b93 100644 @@ -4,6 +4,7 @@ go 1.24 require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf -+ github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 + github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 golang.org/x/crypto v0.30.0 golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) @@ -499,10 +499,10 @@ index 0a58eccb57a869..b464f023942b74 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= - github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 h1:fMAxrMWT19/kkIZIuB9cjqW8SqRxCH2+2ZiZr5qrpuI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= + github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= + github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 5a08acdfbfc..24e3632a13f 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -5,8 +5,6 @@ Subject: [PATCH] Vendor crypto backends To reproduce, run 'go mod vendor' in 'go/src'. --- - src/go.mod | 4 +- - src/go.sum | 8 +- .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + @@ -71,7 +69,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 11 + - 66 files changed, 10981 insertions(+), 6 deletions(-) + 64 files changed, 10969 insertions(+), 6 deletions(-) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -136,37 +134,6 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/subtle/aliasing.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go -diff --git a/src/go.mod b/src/go.mod -index e9da0eb1301b93..96bdcd421e1129 100644 ---- a/src/go.mod -+++ b/src/go.mod -@@ -3,8 +3,8 @@ module std - go 1.24 - - require ( -- github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf -- github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 - golang.org/x/crypto v0.30.0 - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 - ) -diff --git a/src/go.sum b/src/go.sum -index b464f023942b74..abebb59dcd7739 100644 ---- a/src/go.sum -+++ b/src/go.sum -@@ -1,7 +1,7 @@ --github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf h1:gkjE7LMxjlaSn8fdvbT/HJrpGcW/ZnwYpps7sSBhLD4= --github.com/golang-fips/openssl/v2 v2.0.4-0.20241211125030-65f2a3ae34cf/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= --github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383 h1:fMAxrMWT19/kkIZIuB9cjqW8SqRxCH2+2ZiZr5qrpuI= --github.com/microsoft/go-crypto-winnative v0.0.0-20241212090637-6d419040e383/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= - golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= - golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore new file mode 100644 index 00000000000000..79b5594df7fa29 From 0ec037fddf7a29b2620bfd56d8cff326764bb82a Mon Sep 17 00:00:00 2001 From: qmuntal Date: Thu, 9 Jan 2025 17:13:51 +0100 Subject: [PATCH 173/887] implement TLS 1.3 key schedule using crypto/hkdf --- .../0002-Add-crypto-backend-foundation.patch | 296 +++++++++++++++++- 1 file changed, 279 insertions(+), 17 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index a9ae91f13d4..08067460993 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -63,20 +63,23 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/cipher_suites.go | 2 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- - src/crypto/tls/handshake_client.go | 10 +- - src/crypto/tls/handshake_client_tls13.go | 14 +- + src/crypto/tls/handshake_client.go | 12 +- + src/crypto/tls/handshake_client_tls13.go | 16 +- src/crypto/tls/handshake_server.go | 10 +- - src/crypto/tls/handshake_server_tls13.go | 25 +- + src/crypto/tls/handshake_server_tls13.go | 27 ++- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- + src/crypto/tls/internal/tls13/doc.go | 18 ++ + src/crypto/tls/internal/tls13/tls13.go | 182 ++++++++++++++ + src/crypto/tls/key_schedule.go | 2 +- src/crypto/tls/prf.go | 41 ++++ - src/go/build/deps_test.go | 8 +- + src/go/build/deps_test.go | 9 +- src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + src/hash/marshal_test.go | 9 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 72 files changed, 1217 insertions(+), 89 deletions(-) + 75 files changed, 1422 insertions(+), 93 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -90,6 +93,8 @@ Subject: [PATCH] Add crypto backend foundation create mode 100644 src/crypto/internal/backend/fips140/nosystemcrypto.go create mode 100644 src/crypto/internal/backend/nobackend.go create mode 100644 src/crypto/internal/backend/stub.s + create mode 100644 src/crypto/tls/internal/tls13/doc.go + create mode 100644 src/crypto/tls/internal/tls13/tls13.go create mode 100644 src/hash/boring_test.go create mode 100644 src/hash/notboring_test.go @@ -556,10 +561,10 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index 0f9749975ffba9..41ac17df22d7d7 100644 +index f682e6b1c6cfa6..049da55bd70f2c 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go -@@ -18,8 +18,8 @@ import ( +@@ -20,8 +20,8 @@ import ( "crypto" "crypto/ecdh" "crypto/elliptic" @@ -2189,9 +2194,22 @@ index 027bc22c33c921..eba08da985f832 100644 package fipsonly diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 38bd417a0dca72..9eec202234fa94 100644 +index 38bd417a0dca72..8c1ae3c7ec5485 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go +@@ -11,11 +11,11 @@ import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/internal/fips140/mlkem" +- "crypto/internal/fips140/tls13" + "crypto/internal/hpke" + "crypto/rsa" + "crypto/subtle" + "crypto/tls/internal/fips140tls" ++ "crypto/tls/internal/tls13" + "crypto/x509" + "errors" + "fmt" @@ -549,7 +549,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { // Does the handshake, either a full one or resumes old session. Requires hs.c, @@ -2210,10 +2228,10 @@ index 38bd417a0dca72..9eec202234fa94 100644 isResume, err := hs.processServerHello() diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go -index c0396e75796add..819bc54822f0cb 100644 +index c0396e75796add..2c00e119cb66e4 100644 --- a/src/crypto/tls/handshake_client_tls13.go +++ b/src/crypto/tls/handshake_client_tls13.go -@@ -8,8 +8,8 @@ import ( +@@ -8,12 +8,12 @@ import ( "bytes" "context" "crypto" @@ -2221,8 +2239,13 @@ index c0396e75796add..819bc54822f0cb 100644 "crypto/hmac" - "crypto/internal/fips140/hkdf" "crypto/internal/fips140/mlkem" - "crypto/internal/fips140/tls13" +- "crypto/internal/fips140/tls13" "crypto/rsa" + "crypto/subtle" ++ "crypto/tls/internal/tls13" + "errors" + "hash" + "slices" @@ -90,8 +90,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error { confTranscript.Write(hs.serverHello.original[:30]) confTranscript.Write(make([]byte, 8)) @@ -2273,10 +2296,10 @@ index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 if err := hs.processClientHello(); err != nil { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 76fff6974e7403..bccf52fb28fcc5 100644 +index 76fff6974e7403..3ef8b56e5c7898 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go -@@ -8,8 +8,9 @@ import ( +@@ -8,13 +8,14 @@ import ( "bytes" "context" "crypto" @@ -2285,8 +2308,14 @@ index 76fff6974e7403..bccf52fb28fcc5 100644 - "crypto/internal/fips140/hkdf" + boring "crypto/internal/backend" "crypto/internal/fips140/mlkem" - "crypto/internal/fips140/tls13" +- "crypto/internal/fips140/tls13" "crypto/internal/hpke" + "crypto/rsa" + "crypto/tls/internal/fips140tls" ++ "crypto/tls/internal/tls13" + "errors" + "hash" + "internal/byteorder" @@ -470,15 +471,19 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { // interfaces implemented by standard library hashes to clone the state of in // to a new instance of h. It returns nil if the operation fails. @@ -2360,6 +2389,231 @@ index 24d78d60cf5b64..a6bfd3f17c1911 100644 Force() } } +diff --git a/src/crypto/tls/internal/tls13/doc.go b/src/crypto/tls/internal/tls13/doc.go +new file mode 100644 +index 00000000000000..1adf3098356307 +--- /dev/null ++++ b/src/crypto/tls/internal/tls13/doc.go +@@ -0,0 +1,18 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++/* ++Microsoft Go only package. ++ ++TLS 1.3 Key Schedule is normally not part of the FIPS boundary, but upstream Go ++decided to include it in the FIPS boundary to facilitate the FIPS 140-3 certification ++process. ++ ++The problem is that crypto/internal/fips140/tls13 uses crypto/internal/fips140/hkdf, ++which can't be patched to use other backends. ++ ++To solve this problem, we created this package, which is a direct copy of ++crypto/internal/fips140/tls13, but uses crypto/hkdf instead of crypto/internal/fips140/hkdf. ++*/ ++package tls13 +diff --git a/src/crypto/tls/internal/tls13/tls13.go b/src/crypto/tls/internal/tls13/tls13.go +new file mode 100644 +index 00000000000000..573896b9c1e6a8 +--- /dev/null ++++ b/src/crypto/tls/internal/tls13/tls13.go +@@ -0,0 +1,182 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, ++// Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. ++package tls13 ++ ++import ( ++ "crypto/hkdf" ++ "hash" ++ "internal/byteorder" ++) ++ ++// We don't set the service indicator in this package but we delegate that to ++// the underlying functions because the TLS 1.3 KDF does not have a standard of ++// its own. ++ ++// ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. ++func ExpandLabel[H hash.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte { ++ if len("tls13 ")+len(label) > 255 || len(context) > 255 { ++ // It should be impossible for this to panic: labels are fixed strings, ++ // and context is either a fixed-length computed hash, or parsed from a ++ // field which has the same length limitation. ++ // ++ // Another reasonable approach might be to return a randomized slice if ++ // we encounter an error, which would break the connection, but avoid ++ // panicking. This would perhaps be safer but significantly more ++ // confusing to users. ++ panic("tls13: label or context too long") ++ } ++ hkdfLabel := make([]byte, 0, 2+1+len("tls13 ")+len(label)+1+len(context)) ++ hkdfLabel = byteorder.BEAppendUint16(hkdfLabel, uint16(length)) ++ hkdfLabel = append(hkdfLabel, byte(len("tls13 ")+len(label))) ++ hkdfLabel = append(hkdfLabel, "tls13 "...) ++ hkdfLabel = append(hkdfLabel, label...) ++ hkdfLabel = append(hkdfLabel, byte(len(context))) ++ hkdfLabel = append(hkdfLabel, context...) ++ key, err := hkdf.Expand(hash, secret, string(hkdfLabel), length) ++ if err != nil { ++ panic(err) ++ } ++ return key ++} ++ ++func extract[H hash.Hash](hash func() H, newSecret, currentSecret []byte) []byte { ++ if newSecret == nil { ++ newSecret = make([]byte, hash().Size()) ++ } ++ prk, err := hkdf.Extract(hash, newSecret, currentSecret) ++ if err != nil { ++ panic(err) ++ } ++ return prk ++} ++ ++func deriveSecret[H hash.Hash](hash func() H, secret []byte, label string, transcript hash.Hash) []byte { ++ if transcript == nil { ++ transcript = hash() ++ } ++ return ExpandLabel(hash, secret, label, transcript.Sum(nil), transcript.Size()) ++} ++ ++const ( ++ resumptionBinderLabel = "res binder" ++ clientEarlyTrafficLabel = "c e traffic" ++ clientHandshakeTrafficLabel = "c hs traffic" ++ serverHandshakeTrafficLabel = "s hs traffic" ++ clientApplicationTrafficLabel = "c ap traffic" ++ serverApplicationTrafficLabel = "s ap traffic" ++ earlyExporterLabel = "e exp master" ++ exporterLabel = "exp master" ++ resumptionLabel = "res master" ++) ++ ++type EarlySecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++func NewEarlySecret[H hash.Hash](h func() H, psk []byte) *EarlySecret { ++ return &EarlySecret{ ++ secret: extract(h, psk, nil), ++ hash: func() hash.Hash { return h() }, ++ } ++} ++ ++func (s *EarlySecret) ResumptionBinderKey() []byte { ++ return deriveSecret(s.hash, s.secret, resumptionBinderLabel, nil) ++} ++ ++// ClientEarlyTrafficSecret derives the client_early_traffic_secret from the ++// early secret and the transcript up to the ClientHello. ++func (s *EarlySecret) ClientEarlyTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, clientEarlyTrafficLabel, transcript) ++} ++ ++type HandshakeSecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret { ++ derived := deriveSecret(s.hash, s.secret, "derived", nil) ++ return &HandshakeSecret{ ++ secret: extract(s.hash, sharedSecret, derived), ++ hash: s.hash, ++ } ++} ++ ++// ClientHandshakeTrafficSecret derives the client_handshake_traffic_secret from ++// the handshake secret and the transcript up to the ServerHello. ++func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, clientHandshakeTrafficLabel, transcript) ++} ++ ++// ServerHandshakeTrafficSecret derives the server_handshake_traffic_secret from ++// the handshake secret and the transcript up to the ServerHello. ++func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, serverHandshakeTrafficLabel, transcript) ++} ++ ++type MasterSecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++func (s *HandshakeSecret) MasterSecret() *MasterSecret { ++ derived := deriveSecret(s.hash, s.secret, "derived", nil) ++ return &MasterSecret{ ++ secret: extract(s.hash, nil, derived), ++ hash: s.hash, ++ } ++} ++ ++// ClientApplicationTrafficSecret derives the client_application_traffic_secret_0 ++// from the master secret and the transcript up to the server Finished. ++func (s *MasterSecret) ClientApplicationTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, clientApplicationTrafficLabel, transcript) ++} ++ ++// ServerApplicationTrafficSecret derives the server_application_traffic_secret_0 ++// from the master secret and the transcript up to the server Finished. ++func (s *MasterSecret) ServerApplicationTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, serverApplicationTrafficLabel, transcript) ++} ++ ++// ResumptionMasterSecret derives the resumption_master_secret from the master secret ++// and the transcript up to the client Finished. ++func (s *MasterSecret) ResumptionMasterSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, resumptionLabel, transcript) ++} ++ ++type ExporterMasterSecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++// ExporterMasterSecret derives the exporter_master_secret from the master secret ++// and the transcript up to the server Finished. ++func (s *MasterSecret) ExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret { ++ return &ExporterMasterSecret{ ++ secret: deriveSecret(s.hash, s.secret, exporterLabel, transcript), ++ hash: s.hash, ++ } ++} ++ ++// EarlyExporterMasterSecret derives the exporter_master_secret from the early secret ++// and the transcript up to the ClientHello. ++func (s *EarlySecret) EarlyExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret { ++ return &ExporterMasterSecret{ ++ secret: deriveSecret(s.hash, s.secret, earlyExporterLabel, transcript), ++ hash: s.hash, ++ } ++} ++ ++func (s *ExporterMasterSecret) Exporter(label string, context []byte, length int) []byte { ++ secret := deriveSecret(s.hash, s.secret, label, nil) ++ h := s.hash() ++ h.Write(context) ++ return ExpandLabel(s.hash, secret, "exporter", h.Sum(nil), length) ++} +diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go +index 38d6d3f7be1673..b236ae44a34030 100644 +--- a/src/crypto/tls/key_schedule.go ++++ b/src/crypto/tls/key_schedule.go +@@ -8,7 +8,7 @@ import ( + "crypto/ecdh" + "crypto/hmac" + "crypto/internal/fips140/mlkem" +- "crypto/internal/fips140/tls13" ++ "crypto/tls/internal/tls13" + "errors" + "hash" + "io" diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go index e7369542a73270..ff52175e4ac636 100644 --- a/src/crypto/tls/prf.go @@ -2430,7 +2684,7 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index d9d985dca4ade4..de88160bcf3a1c 100644 +index a62a5173b9c6bc..9ef5b8ea058783 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` @@ -2458,7 +2712,15 @@ index d9d985dca4ade4..de88160bcf3a1c 100644 < crypto/boring < crypto/aes, crypto/des, -@@ -534,6 +539,7 @@ var depsRules = ` +@@ -526,6 +531,7 @@ var depsRules = ` + crypto/pbkdf2, + crypto/ecdh, + crypto/mlkem ++ < crypto/tls/internal/tls13 + < CRYPTO; + + CGO, fmt, net !< CRYPTO; +@@ -534,6 +540,7 @@ var depsRules = ` CRYPTO, FMT, math/big < crypto/internal/boring/bbig @@ -2466,7 +2728,7 @@ index d9d985dca4ade4..de88160bcf3a1c 100644 < crypto/rand < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 -@@ -547,7 +553,7 @@ var depsRules = ` +@@ -547,7 +554,7 @@ var depsRules = ` # TLS, Prince of Dependencies. From 8eaffdaf1f929104dbf28fa43ff1571531951c72 Mon Sep 17 00:00:00 2001 From: mertakman Date: Fri, 10 Jan 2025 13:04:15 +0000 Subject: [PATCH 174/887] fix:patches --- .../0002-Add-crypto-backend-foundation.patch | 22 +++---- .../0003-Add-BoringSSL-crypto-backend.patch | 26 ++++---- patches/0004-Add-OpenSSL-crypto-backend.patch | 60 ++++++++++++------- patches/0005-Add-CNG-crypto-backend.patch | 32 +++++----- 4 files changed, 79 insertions(+), 61 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index a9ae91f13d4..e0581f7df9e 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -556,10 +556,10 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index 0f9749975ffba9..41ac17df22d7d7 100644 +index f682e6b1c6cfa6..049da55bd70f2c 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go -@@ -18,8 +18,8 @@ import ( +@@ -20,8 +20,8 @@ import ( "crypto" "crypto/ecdh" "crypto/elliptic" @@ -590,7 +590,7 @@ index 039bd82ed21f9f..69a97d9bf250be 100644 panic("boringcrypto: not available") diff --git a/src/crypto/ed25519/boring.go b/src/crypto/ed25519/boring.go new file mode 100644 -index 00000000000000..3a7d7b76c8d8d7 +index 00000000000000..cce33e4d6cc927 --- /dev/null +++ b/src/crypto/ed25519/boring.go @@ -0,0 +1,71 @@ @@ -633,7 +633,7 @@ index 00000000000000..3a7d7b76c8d8d7 + + b = new(boringPub) + copy(b.orig[:], pub) -+ key, err := boring.NewPublicKeyEd25119(b.orig[:]) ++ key, err := boring.NewPublicKeyEd25519(b.orig[:]) + if err != nil { + return nil, err + } @@ -657,7 +657,7 @@ index 00000000000000..3a7d7b76c8d8d7 + + b = new(boringPriv) + copy(b.orig[:], priv) -+ key, err := boring.NewPrivateKeyEd25119(b.orig[:]) ++ key, err := boring.NewPrivateKeyEd25519(b.orig[:]) + if err != nil { + return nil, err + } @@ -666,7 +666,7 @@ index 00000000000000..3a7d7b76c8d8d7 + return key, nil +} diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go -index c1f8ff784e4a5c..308d814ff6302b 100644 +index c1f8ff784e4a5c..6476bfbe896d6c 100644 --- a/src/crypto/ed25519/ed25519.go +++ b/src/crypto/ed25519/ed25519.go @@ -17,6 +17,7 @@ package ed25519 @@ -767,7 +767,7 @@ index c1f8ff784e4a5c..308d814ff6302b 100644 + 0x22, 0xab, 0xbe, 0xe6, 0x85, 0xfd, 0xa4, 0x42, 0x0f, 0x88, 0x34, + 0xb1, 0x08, 0xc3, 0xbd, 0xae, 0x36, 0x9e, 0xf5, 0x49, 0xfa, + } -+ pub, err := boring.NewPublicKeyEd25119(pkey) ++ pub, err := boring.NewPublicKeyEd25519(pkey) + if err != nil { + return false + } @@ -1148,7 +1148,7 @@ index 00000000000000..83691d7dd42d51 +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..71e0ec9dc25a02 +index 00000000000000..2ad15a0d1e370e --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,229 @@ @@ -1331,11 +1331,11 @@ index 00000000000000..71e0ec9dc25a02 + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { + panic("cryptobackend: not available") +} + @@ -2430,7 +2430,7 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index d9d985dca4ade4..de88160bcf3a1c 100644 +index a62a5173b9c6bc..b39db00839ab43 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index d60a06344d5..3364c1c161c 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,9 +5,9 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 263 ++++++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 265 ++++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + - 3 files changed, 286 insertions(+) + 3 files changed, 288 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go create mode 100644 src/crypto/internal/backend/fips140/boring.go @@ -32,10 +32,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..b1bd6d5ba756d7 +index 00000000000000..e1ebc95a1db0e9 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,263 @@ +@@ -0,0 +1,265 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -76,12 +76,14 @@ index 00000000000000..b1bd6d5ba756d7 +func NewSHA384() hash.Hash { return boring.NewSHA384() } +func NewSHA512() hash.Hash { return boring.NewSHA512() } + -+func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } -+func SHA1(p []byte) (sum [20]byte) { return boring.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { return boring.SHA224(p) } -+func SHA256(p []byte) (sum [32]byte) { return boring.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return boring.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return boring.SHA512(p) } ++func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } ++func SHA1(p []byte) (sum [20]byte) { return boring.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { return boring.SHA224(p) } ++func SHA256(p []byte) (sum [32]byte) { return boring.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return boring.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return boring.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } + +func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return boring.NewHMAC(h, key) } + @@ -249,11 +251,11 @@ index 00000000000000..b1bd6d5ba756d7 + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { + panic("cryptobackend: not available") +} + diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 2653fef1da7..592110ad461 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -9,7 +9,7 @@ Subject: [PATCH] Add OpenSSL crypto backend src/cmd/link/internal/ld/lib.go | 1 + .../internal/backend/bbig/big_openssl.go | 12 + .../internal/backend/fips140/openssl.go | 41 +++ - src/crypto/internal/backend/openssl_linux.go | 331 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 345 ++++++++++++++++++ src/crypto/rsa/rsa_test.go | 3 + src/go.mod | 1 + src/go.sum | 2 + @@ -19,7 +19,7 @@ Subject: [PATCH] Add OpenSSL crypto backend .../goexperiment/exp_opensslcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 15 files changed, 436 insertions(+), 5 deletions(-) + 15 files changed, 450 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -27,7 +27,7 @@ Subject: [PATCH] Add OpenSSL crypto backend create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 06bd01bc5bb995..9561bf2bca9a9d 100644 +index 0c992118f4287b..0de6e80fd985a3 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go @@ -1324,12 +1324,11 @@ func (t *tester) registerCgoTests(heading string) { @@ -142,10 +142,10 @@ index 00000000000000..118efa3a492a7d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..d3a663737a1ce3 +index 00000000000000..44d91d5b7ba3d5 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,331 @@ +@@ -0,0 +1,345 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -233,19 +233,23 @@ index 00000000000000..d3a663737a1ce3 + return openssl.SupportsHash(h) +} + -+func NewMD5() hash.Hash { return openssl.NewMD5() } -+func NewSHA1() hash.Hash { return openssl.NewSHA1() } -+func NewSHA224() hash.Hash { return openssl.NewSHA224() } -+func NewSHA256() hash.Hash { return openssl.NewSHA256() } -+func NewSHA384() hash.Hash { return openssl.NewSHA384() } -+func NewSHA512() hash.Hash { return openssl.NewSHA512() } -+ -+func MD5(p []byte) (sum [16]byte) { return openssl.MD5(p) } -+func SHA1(p []byte) (sum [20]byte) { return openssl.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { return openssl.SHA224(p) } -+func SHA256(p []byte) (sum [32]byte) { return openssl.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return openssl.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return openssl.SHA512(p) } ++func NewMD5() hash.Hash { return openssl.NewMD5() } ++func NewSHA1() hash.Hash { return openssl.NewSHA1() } ++func NewSHA224() hash.Hash { return openssl.NewSHA224() } ++func NewSHA256() hash.Hash { return openssl.NewSHA256() } ++func NewSHA384() hash.Hash { return openssl.NewSHA384() } ++func NewSHA512() hash.Hash { return openssl.NewSHA512() } ++func NewSHA512_224() hash.Hash { return openssl.NewSHA512_224() } ++func NewSHA512_256() hash.Hash { return openssl.NewSHA512_256() } ++ ++func MD5(p []byte) (sum [16]byte) { return openssl.MD5(p) } ++func SHA1(p []byte) (sum [20]byte) { return openssl.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { return openssl.SHA224(p) } ++func SHA256(p []byte) (sum [32]byte) { return openssl.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return openssl.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return openssl.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { return openssl.SHA512_224(p) } ++func SHA512_256(p []byte) (sum [32]byte) { return openssl.SHA512_256(p) } + +func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return openssl.NewHMAC(h, key) } + @@ -411,12 +415,22 @@ index 00000000000000..d3a663737a1ce3 + return openssl.GenerateKeyEd25519() +} + ++// Deprecated: use NewPrivateKeyEd25519 instead. +func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { -+ return openssl.NewPrivateKeyEd25119(priv) ++ return openssl.NewPrivateKeyEd25519(priv) +} + ++// Deprecated: use NewPublicKeyEd25519 instead. +func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { -+ return openssl.NewPublicKeyEd25119(pub) ++ return openssl.NewPublicKeyEd25519(pub) ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++ return openssl.NewPrivateKeyEd25519(priv) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++ return openssl.NewPublicKeyEd25519(pub) +} + +func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { @@ -492,7 +506,7 @@ index f9543d9cc89e7b..f07c75821aab13 100644 msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..186ced4a1123a8 100644 +index 7a1318dcac32ba..f12d9b4d9172ab 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std @@ -504,7 +518,7 @@ index 7a1318dcac32ba..186ced4a1123a8 100644 golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..0a58eccb57a869 100644 +index 9e661352f16e0b..e51f0f57540a83 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ @@ -514,7 +528,7 @@ index 9e661352f16e0b..0a58eccb57a869 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index de88160bcf3a1c..339cb53d8a1468 100644 +index b39db00839ab43..392f8d8c52c4b6 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -509,12 +509,14 @@ var depsRules = ` diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 8019bd12e7a..f3114593f35 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -7,7 +7,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/ecdsa/badlinkname.go | 17 + src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 316 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 318 ++++++++++++++++++ src/crypto/internal/backend/common.go | 9 +- src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/rsa/pss_test.go | 2 +- @@ -18,7 +18,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 14 files changed, 416 insertions(+), 5 deletions(-) + 14 files changed, 418 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -84,10 +84,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..c37247c8a2c7c6 +index 00000000000000..2c22deb7f14aaf --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,316 @@ +@@ -0,0 +1,318 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -141,12 +141,14 @@ index 00000000000000..c37247c8a2c7c6 +func NewSHA384() hash.Hash { return cng.NewSHA384() } +func NewSHA512() hash.Hash { return cng.NewSHA512() } + -+func MD5(p []byte) (sum [16]byte) { return cng.MD5(p) } -+func SHA1(p []byte) (sum [20]byte) { return cng.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } -+func SHA256(p []byte) (sum [32]byte) { return cng.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return cng.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return cng.SHA512(p) } ++func MD5(p []byte) (sum [16]byte) { return cng.MD5(p) } ++func SHA1(p []byte) (sum [20]byte) { return cng.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } ++func SHA256(p []byte) (sum [32]byte) { return cng.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return cng.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return cng.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cngcrypto: not available") } + +func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { + return cng.NewHMAC(h, key) @@ -349,11 +351,11 @@ index 00000000000000..c37247c8a2c7c6 + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { + panic("cryptobackend: not available") +} + @@ -483,7 +485,7 @@ index a4af0a2144870a..7d7115cff81cea 100644 t.Fatal(err) } diff --git a/src/go.mod b/src/go.mod -index 186ced4a1123a8..e9da0eb1301b93 100644 +index f12d9b4d9172ab..96bdcd421e1129 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 @@ -495,7 +497,7 @@ index 186ced4a1123a8..e9da0eb1301b93 100644 golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) diff --git a/src/go.sum b/src/go.sum -index 0a58eccb57a869..b464f023942b74 100644 +index e51f0f57540a83..abebb59dcd7739 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ @@ -507,7 +509,7 @@ index 0a58eccb57a869..b464f023942b74 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 339cb53d8a1468..1fcadbf6c19d79 100644 +index 392f8d8c52c4b6..997244c84e57c5 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -515,6 +515,10 @@ var depsRules = ` From b574a60b6d3f6f85b8c9c6d0cd7fe3e4aea32482 Mon Sep 17 00:00:00 2001 From: mertakman Date: Fri, 10 Jan 2025 13:20:54 +0000 Subject: [PATCH 175/887] fix:update patches --- .../0002-Add-crypto-backend-foundation.patch | 40 ++++++++++--------- .../0003-Add-BoringSSL-crypto-backend.patch | 22 +++++----- patches/0005-Add-CNG-crypto-backend.patch | 22 +++++----- 3 files changed, 46 insertions(+), 38 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index e0581f7df9e..6ece5815652 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -34,7 +34,7 @@ Subject: [PATCH] Add crypto backend foundation .../internal/backend/fips140/isrequirefips.go | 9 + .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + - src/crypto/internal/backend/nobackend.go | 229 ++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 233 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- @@ -68,7 +68,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_server.go | 10 +- src/crypto/tls/handshake_server_tls13.go | 25 +- src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- - src/crypto/tls/prf.go | 41 ++++ + src/crypto/tls/prf.go | 41 +++ src/go/build/deps_test.go | 8 +- src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + @@ -76,7 +76,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 72 files changed, 1217 insertions(+), 89 deletions(-) + 72 files changed, 1221 insertions(+), 89 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -1148,10 +1148,10 @@ index 00000000000000..83691d7dd42d51 +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..2ad15a0d1e370e +index 00000000000000..3ebb6d5e4b4bb5 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,229 @@ +@@ -0,0 +1,233 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -1180,19 +1180,23 @@ index 00000000000000..2ad15a0d1e370e + +func SupportsHash(h crypto.Hash) bool { panic("cryptobackend: not available") } + -+func NewMD5() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA1() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA224() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA256() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA384() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA512() hash.Hash { panic("cryptobackend: not available") } -+ -+func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } -+func SHA1(p []byte) (sum [20]byte) { panic("cryptobackend: not available") } -+func SHA224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } -+func SHA256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } -+func SHA384(p []byte) (sum [48]byte) { panic("cryptobackend: not available") } -+func SHA512(p []byte) (sum [64]byte) { panic("cryptobackend: not available") } ++func NewMD5() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA1() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA224() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA256() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA384() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512_224() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512_256() hash.Hash { panic("cryptobackend: not available") } ++ ++func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } ++func SHA1(p []byte) (sum [20]byte) { panic("cryptobackend: not available") } ++func SHA224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } ++func SHA384(p []byte) (sum [48]byte) { panic("cryptobackend: not available") } ++func SHA512(p []byte) (sum [64]byte) { panic("cryptobackend: not available") } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } + +func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { panic("cryptobackend: not available") } + diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 3364c1c161c..ca91aaff124 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -5,9 +5,9 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 265 ++++++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 267 ++++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + - 3 files changed, 288 insertions(+) + 3 files changed, 290 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go create mode 100644 src/crypto/internal/backend/fips140/boring.go @@ -32,10 +32,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..e1ebc95a1db0e9 +index 00000000000000..94bc444f10eb2b --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,265 @@ +@@ -0,0 +1,267 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -69,12 +69,14 @@ index 00000000000000..e1ebc95a1db0e9 + } +} + -+func NewMD5() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA1() hash.Hash { return boring.NewSHA1() } -+func NewSHA224() hash.Hash { return boring.NewSHA224() } -+func NewSHA256() hash.Hash { return boring.NewSHA256() } -+func NewSHA384() hash.Hash { return boring.NewSHA384() } -+func NewSHA512() hash.Hash { return boring.NewSHA512() } ++func NewMD5() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA1() hash.Hash { return boring.NewSHA1() } ++func NewSHA224() hash.Hash { return boring.NewSHA224() } ++func NewSHA256() hash.Hash { return boring.NewSHA256() } ++func NewSHA384() hash.Hash { return boring.NewSHA384() } ++func NewSHA512() hash.Hash { return boring.NewSHA512() } ++func NewSHA512_224() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512_256() hash.Hash { panic("cryptobackend: not available") } + +func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } +func SHA1(p []byte) (sum [20]byte) { return boring.SHA1(p) } diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index f3114593f35..bffe90d870b 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -7,7 +7,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/ecdsa/badlinkname.go | 17 + src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 318 ++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 320 ++++++++++++++++++ src/crypto/internal/backend/common.go | 9 +- src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/rsa/pss_test.go | 2 +- @@ -18,7 +18,7 @@ Subject: [PATCH] Add CNG crypto backend .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 14 files changed, 418 insertions(+), 5 deletions(-) + 14 files changed, 420 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -84,10 +84,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..2c22deb7f14aaf +index 00000000000000..495260a08dd029 --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,318 @@ +@@ -0,0 +1,320 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -134,12 +134,14 @@ index 00000000000000..2c22deb7f14aaf + return cng.SupportsHash(h) +} + -+func NewMD5() hash.Hash { return cng.NewMD5() } -+func NewSHA1() hash.Hash { return cng.NewSHA1() } -+func NewSHA224() hash.Hash { panic("cngcrypto: not available") } -+func NewSHA256() hash.Hash { return cng.NewSHA256() } -+func NewSHA384() hash.Hash { return cng.NewSHA384() } -+func NewSHA512() hash.Hash { return cng.NewSHA512() } ++func NewMD5() hash.Hash { return cng.NewMD5() } ++func NewSHA1() hash.Hash { return cng.NewSHA1() } ++func NewSHA224() hash.Hash { panic("cngcrypto: not available") } ++func NewSHA256() hash.Hash { return cng.NewSHA256() } ++func NewSHA384() hash.Hash { return cng.NewSHA384() } ++func NewSHA512() hash.Hash { return cng.NewSHA512() } ++func NewSHA512_224() hash.Hash { panic("cngcrypto: not available") } ++func NewSHA512_256() hash.Hash { panic("cngcrypto: not available") } + +func MD5(p []byte) (sum [16]byte) { return cng.MD5(p) } +func SHA1(p []byte) (sum [20]byte) { return cng.SHA1(p) } From 275f45435345cecae939b1891904d0ec5db603b7 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Fri, 10 Jan 2025 10:34:12 -0800 Subject: [PATCH 176/887] 1ES PT compliance: split internal publish job, half is a release job --- eng/pipeline/stages/builders-to-stages.yml | 3 +- ...h-stage.yml => internal-publish-stage.yml} | 131 +++++++++--------- .../steps/download-signed-binaries-task.yml | 31 ++++- eng/pipeline/variables/publish-internal.yml | 15 ++ 4 files changed, 111 insertions(+), 69 deletions(-) rename eng/pipeline/stages/{publish-stage.yml => internal-publish-stage.yml} (67%) create mode 100644 eng/pipeline/variables/publish-internal.yml diff --git a/eng/pipeline/stages/builders-to-stages.yml b/eng/pipeline/stages/builders-to-stages.yml index 84943fc740b..5234e5f4b75 100644 --- a/eng/pipeline/stages/builders-to-stages.yml +++ b/eng/pipeline/stages/builders-to-stages.yml @@ -70,11 +70,10 @@ stages: - template: pool.yml parameters: inner: - template: publish-stage.yml + template: internal-publish-stage.yml parameters: builder: { os: windows, arch: amd64 } official: true - public: false builders: - ${{ each builder in parameters.builders }}: - ${{ if eq(builder.config, 'buildandpack') }}: diff --git a/eng/pipeline/stages/publish-stage.yml b/eng/pipeline/stages/internal-publish-stage.yml similarity index 67% rename from eng/pipeline/stages/publish-stage.yml rename to eng/pipeline/stages/internal-publish-stage.yml index 7b74f02dae5..68de6916585 100644 --- a/eng/pipeline/stages/publish-stage.yml +++ b/eng/pipeline/stages/internal-publish-stage.yml @@ -5,9 +5,6 @@ # Create a build asset JSON file as a pipeline artifact and publish build artifacts to blob storage. parameters: - - name: public - type: boolean - - name: pool type: object @@ -28,34 +25,19 @@ parameters: default: false stages: - - stage: Publish${{ parameters.public }} - ${{ if parameters.public }}: - displayName: Publish Public - ${{ else }}: - displayName: Publish Internal + - stage: PrePublish + displayName: Pre Internal Publish ${{ if eq(parameters.publishExistingRunID, 'nil') }}: dependsOn: Sign ${{ else }}: dependsOn: [] + jobs: - - job: Publish + - job: PrePublish pool: ${{ parameters.pool }} variables: - - name: blobBackupAccount - value: golangartifactsbackup - - name: blobContainer - ${{ if parameters.public }}: - value: 'https://dotnetbuildoutput.blob.core.windows.net/golang/microsoft' - ${{ else }}: - value: 'https://$(blobBackupAccount).blob.core.windows.net/microsoft' - - - name: blobPrefix - value: '$(PublishBranchAlias)/$(Build.BuildNumber)' - - name: blobDestinationUrl - value: '$(blobContainer)/$(blobPrefix)' - - - group: go-storage + - template: ../variables/publish-internal.yml workspace: clean: all @@ -68,17 +50,11 @@ stages: # Single file publish requires folder to be specified. # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/sbom#specifying-sbom-build-drop-path-build-component-path-package-name-and-package-version-per-1es-pt-output sbomBuildDropPath: $(Pipeline.Workspace)/Binaries Signed - ${{ if parameters.public }}: - artifact: BuildAssets - ${{ else }}: - artifact: BuildAssetsInternal + artifact: BuildAssetsInternal - ${{ if parameters.publishSymbols }}: - output: pipelineArtifact path: $(Pipeline.Workspace)/Symbols - ${{ if parameters.public }}: - artifact: Symbols - ${{ else }}: - artifact: SymbolsInternal + artifact: SymbolsInternal steps: - template: ../steps/checkout-windows-task.yml @@ -96,40 +72,9 @@ stages: -destination-url '$(blobDestinationUrl)' ` -branch '$(PublishBranchAlias)' ` -o '$(Pipeline.Workspace)/Binaries Signed/assets.json' - displayName: 'Create build asset JSON' - - - ${{ if parameters.public }}: - - task: AzureCLI@2 - displayName: Upload to blob storage - inputs: - azureSubscription: GoLang - scriptType: bash - scriptLocation: inlineScript - # Send literal '*' to az: it handles the wildcard itself. Az copy only accepts one - # "from" argument, so we can't use the shell's wildcard expansion. - inlineScript: | - az storage copy -s '*' -d '$(blobDestinationUrl)' --sas-token '$(dotnetbuildoutput-golang-write-sas-query)' - workingDirectory: '$(Pipeline.Workspace)/Binaries Signed/' - - ${{ else }}: - - task: AzureFileCopy@6 - displayName: Upload to blob storage - inputs: - Destination: AzureBlob - azureSubscription: golang-pme-storage - storage: $(blobBackupAccount) - ContainerName: microsoft - SourcePath: '$(Pipeline.Workspace)/Binaries Signed/*' - BlobPrefix: $(blobPrefix) - - - pwsh: | - Write-Host 'Generated links to artifacts in blob storage:' - Write-Host '' - Get-ChildItem -File -Path '.' | %{ - Write-Host "$(blobDestinationUrl)/$($_.Name)" - } - displayName: Show expected uploaded URLs - workingDirectory: '$(Pipeline.Workspace)/Binaries Signed/' + displayName: '🧾 Create build asset JSON' + # Gather symbols from all builders. - ${{ if eq(parameters.publishSymbols, true) }}: - ${{ each builder in parameters.builders }}: - ${{ if eq(parameters.publishExistingRunID, 'nil') }}: @@ -164,8 +109,62 @@ stages: } Copy-Item $_.FullName $flatDir } - displayName: 'Flatten: Symbols ${{ builder.id }}' + displayName: '🫓 Flatten: Symbols ${{ builder.id }}' workingDirectory: '$(Pipeline.Workspace)' + + - stage: Publish + displayName: Publish Internal + dependsOn: PrePublish + + jobs: + - job: Publish + pool: ${{ parameters.pool }} + + variables: + - template: ../variables/publish-internal.yml + + workspace: + clean: all + + templateContext: + type: releaseJob # https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/1es-pipeline-templates/features/releasepipelines/releaseworkflows/releasejob + isProduction: true + inputs: + - input: pipelineArtifact + artifactName: BuildAssetsInternal + - ${{ if parameters.publishSymbols }}: + - input: pipelineArtifact + artifactName: SymbolsInternal + path: $(Pipeline.Workspace)/Symbols + + steps: + - template: ../steps/find-PublishBranchAlias-task.yml + + - template: ../steps/download-signed-binaries-task.yml + parameters: + runID: ${{ parameters.publishExistingRunID }} + ReleaseJob: true + + - task: AzureFileCopy@6 + displayName: ↗️ Upload to blob storage + inputs: + Destination: AzureBlob + azureSubscription: golang-pme-storage + storage: $(blobBackupAccount) + ContainerName: microsoft + SourcePath: '$(Pipeline.Workspace)/Binaries Signed/*' + BlobPrefix: $(blobPrefix) + + - pwsh: | + Write-Host 'Generated links to artifacts in blob storage:' + Write-Host '' + Get-ChildItem -File -Path '.' | %{ + Write-Host "$(blobDestinationUrl)/$($_.Name)" + } + displayName: 🧾 Show expected uploaded URLs + workingDirectory: '$(Pipeline.Workspace)/Binaries Signed/' + + - ${{ if parameters.publishSymbols }}: - task: PublishSymbols@2 inputs: SymbolsFolder: $(Pipeline.Workspace)/Symbols @@ -175,4 +174,4 @@ stages: # in the AzDO repo, but we pull them at build time using a git submodule. # See https://github.com/microsoft/go-lab/issues/67. IndexSources: false - displayName: Publish symbols + displayName: ↗️ Publish symbols diff --git a/eng/pipeline/steps/download-signed-binaries-task.yml b/eng/pipeline/steps/download-signed-binaries-task.yml index dd3ca27a4a3..314f45ba12a 100644 --- a/eng/pipeline/steps/download-signed-binaries-task.yml +++ b/eng/pipeline/steps/download-signed-binaries-task.yml @@ -9,14 +9,43 @@ parameters: type: string default: 'nil' + - name: ReleaseJob + type: boolean + default: false + steps: - - ${{ if eq(parameters.runID, 'nil') }}: + - ${{ if parameters.ReleaseJob }}: + + - task: 1ES.DownloadPipelineArtifact@1 + displayName: 'Download: Binaries Signed' + inputs: + ${{ if eq(parameters.runID, 'nil') }}: + buildType: current + ${{ else }}: + buildType: specific + runVersion: 'specific' + runId: ${{ parameters.runID }} + project: $(System.TeamProject) + definition: $(System.DefinitionId) + artifactName: Binaries Signed + targetPath: '$(Pipeline.Workspace)/Binaries Signed' + + # The 1ES step tries to validate the SBOM manifests after download, so we can't assign + # 'patterns' to filter them out. Instead, remove them after validation is done. + - pwsh: | + Remove-Item -Path '$(Pipeline.Workspace)/Binaries Signed/_manifest' -Recurse -Force + displayName: Delete SBOM manifests + + - ${{ elseif eq(parameters.runID, 'nil') }}: + - download: current artifact: Binaries Signed # Filter out manifests added by 1ES pipeline template. patterns: '!_manifest/**' displayName: 'Download: Binaries Signed' + - ${{ else }}: + - task: DownloadPipelineArtifact@2 displayName: 'Download: Binaries Signed (Specific)' inputs: diff --git a/eng/pipeline/variables/publish-internal.yml b/eng/pipeline/variables/publish-internal.yml new file mode 100644 index 00000000000..e3fb6321b3d --- /dev/null +++ b/eng/pipeline/variables/publish-internal.yml @@ -0,0 +1,15 @@ +# Copyright (c) Microsoft Corporation. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +# Variables that determine where to publish internal artifacts. + +variables: + - name: blobBackupAccount + value: golangartifactsbackup + - name: blobContainer + value: 'https://$(blobBackupAccount).blob.core.windows.net/microsoft' + - name: blobPrefix + value: '$(PublishBranchAlias)/$(Build.BuildNumber)' + - name: blobDestinationUrl + value: '$(blobContainer)/$(blobPrefix)' From c27a861f11d05d6837e5167a648e77842616ce9b Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 13 Jan 2025 09:24:18 +0100 Subject: [PATCH 177/887] update submodule to 44a6f817ea --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 39f2032c175..44a6f817ea0 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 39f2032c17516a55c165d329dd5e2e07f49132b0 +Subproject commit 44a6f817ea0fbeb3ba4aa398794c4e80dba13b1e From 07598476a64f611e79846aedf0dd9d1b40ace872 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 13 Jan 2025 09:32:42 +0100 Subject: [PATCH 178/887] fix conflicts --- .../0002-Add-crypto-backend-foundation.patch | 131 ++++++++++-------- patches/0004-Add-OpenSSL-crypto-backend.patch | 18 +-- patches/0005-Add-CNG-crypto-backend.patch | 10 +- 3 files changed, 91 insertions(+), 68 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index d5a9f151c16..99140818363 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -38,7 +38,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/internal/backend/stub.s | 10 + src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- - src/crypto/md5/md5.go | 7 + + src/crypto/md5/md5.go | 10 + src/crypto/md5/md5_test.go | 21 ++ src/crypto/pbkdf2/pbkdf2.go | 4 + src/crypto/pbkdf2/pbkdf2_test.go | 2 +- @@ -54,7 +54,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/pss_test.go | 5 + src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 12 +- - src/crypto/sha1/sha1.go | 2 +- + src/crypto/sha1/sha1.go | 8 +- src/crypto/sha1/sha1_test.go | 19 +- src/crypto/sha256/sha256.go | 6 +- src/crypto/sha256/sha256_test.go | 29 +++ @@ -66,8 +66,8 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/tls/handshake_client.go | 12 +- src/crypto/tls/handshake_client_tls13.go | 16 +- src/crypto/tls/handshake_server.go | 10 +- - src/crypto/tls/handshake_server_tls13.go | 27 ++- - src/crypto/tls/internal/fips140tls/fipstls.go | 3 + src/crypto/tls/handshake_server_tls13.go | 27 +- + src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- src/crypto/tls/internal/tls13/doc.go | 18 ++ src/crypto/tls/internal/tls13/tls13.go | 182 ++++++++++++++ src/crypto/tls/key_schedule.go | 2 +- @@ -79,7 +79,7 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 75 files changed, 1426 insertions(+), 93 deletions(-) + 75 files changed, 1432 insertions(+), 96 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ed25519/boring.go @@ -561,7 +561,7 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index f682e6b1c6cfa6..049da55bd70f2c 100644 +index cb308b41e9df86..8f73855aa738de 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -20,8 +20,8 @@ import ( @@ -573,8 +573,8 @@ index f682e6b1c6cfa6..049da55bd70f2c 100644 + boring "crypto/internal/backend" + "crypto/internal/backend/bbig" "crypto/internal/fips140/ecdsa" + "crypto/internal/fips140hash" "crypto/internal/fips140only" - "crypto/internal/randutil" diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go index 039bd82ed21f9f..69a97d9bf250be 100644 --- a/src/crypto/ecdsa/notboring.go @@ -819,7 +819,7 @@ index 00000000000000..b0cdd44d81c753 + panic("boringcrypto: not available") +} diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go -index 7cfbe2c60de356..78139ed6170da5 100644 +index 6b02522866d57f..37e67ec184af5d 100644 --- a/src/crypto/hkdf/hkdf.go +++ b/src/crypto/hkdf/hkdf.go @@ -11,6 +11,7 @@ @@ -828,40 +828,40 @@ index 7cfbe2c60de356..78139ed6170da5 100644 import ( + boring "crypto/internal/backend" "crypto/internal/fips140/hkdf" + "crypto/internal/fips140hash" "crypto/internal/fips140only" - "errors" -@@ -27,6 +28,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { - if err := checkFIPS140Only(h, secret); err != nil { +@@ -29,6 +30,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { + if err := checkFIPS140Only(fh, secret); err != nil { return nil, err } + if boring.Enabled && boring.SupportsHKDF() { -+ return boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) ++ return boring.ExtractHKDF(fh, secret, salt) + } - return hkdf.Extract(h, secret, salt), nil + return hkdf.Extract(fh, secret, salt), nil } -@@ -47,6 +51,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen +@@ -50,6 +54,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen return nil, errors.New("hkdf: requested key length too large") } + if boring.Enabled && boring.SupportsHKDF() { -+ return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) ++ return boring.ExpandHKDF(fh, pseudorandomKey, []byte(info), keyLength) + } - return hkdf.Expand(h, pseudorandomKey, info, keyLength), nil + return hkdf.Expand(fh, pseudorandomKey, info, keyLength), nil } -@@ -63,6 +70,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen +@@ -67,6 +74,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen return nil, errors.New("hkdf: requested key length too large") } + if boring.Enabled && boring.SupportsHKDF() { -+ pseudorandomKey, err := boring.ExtractHKDF(func() hash.Hash { return h() }, secret, salt) ++ pseudorandomKey, err := boring.ExtractHKDF(fh, secret, salt) + if err != nil { + return nil, err + } -+ return boring.ExpandHKDF(func() hash.Hash { return h() }, pseudorandomKey, []byte(info), keyLength) ++ return boring.ExpandHKDF(fh, pseudorandomKey, []byte(info), keyLength) + } - return hkdf.Key(h, secret, salt, info, keyLength), nil + return hkdf.Key(fh, secret, salt, info, keyLength), nil } diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go @@ -878,7 +878,7 @@ index 201b440289bb2d..4ed4960ff35b66 100644 "crypto/md5" "crypto/sha1" diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go -index 72f5a4abea9d35..c88c6cbd128451 100644 +index 554c8c9b78940b..c68a394280cc2c 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -22,7 +22,7 @@ timing side-channels: @@ -888,8 +888,8 @@ index 72f5a4abea9d35..c88c6cbd128451 100644 - "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/fips140/hmac" + "crypto/internal/fips140hash" "crypto/internal/fips140only" - "crypto/subtle" diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go index 7accad763244a1..dd3211f2c37af3 100644 --- a/src/crypto/hmac/hmac_test.go @@ -1433,7 +1433,7 @@ index 3fa730459050f6..1f28f12a6e7b4f 100644 "internal/goos" "internal/testenv" diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go -index 75e1fc7404724a..60428f8e1201de 100644 +index a0384e175f31bd..f7aa6da36f02de 100644 --- a/src/crypto/md5/md5.go +++ b/src/crypto/md5/md5.go @@ -12,6 +12,7 @@ package md5 @@ -1444,21 +1444,24 @@ index 75e1fc7404724a..60428f8e1201de 100644 "crypto/internal/fips140only" "errors" "hash" -@@ -107,6 +108,9 @@ func New() hash.Hash { - if fips140only.Enabled { - panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") - } +@@ -104,6 +105,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. + func New() hash.Hash { + if boring.Enabled && boring.SupportsHash(crypto.MD5) { + return boring.NewMD5() + } d := new(digest) d.Reset() return d -@@ -187,6 +191,9 @@ func Sum(data []byte) [Size]byte { - if fips140only.Enabled { - panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") - } +@@ -188,6 +192,12 @@ func (d *digest) checkSum() [Size]byte { + + // Sum returns the MD5 checksum of the data. + func Sum(data []byte) [Size]byte { + if boring.Enabled && boring.SupportsHash(crypto.MD5) { ++ if fips140only.Enabled { ++ panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") ++ } + return boring.MD5(data) + } var d digest @@ -1535,7 +1538,7 @@ index 437d9b9d4c0e0d..ee28c55f846e81 100644 continue } diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go -index d40daab5e5b879..c32b3fd82b99b0 100644 +index 271d2b03312ef0..ff76299fbe4782 100644 --- a/src/crypto/pbkdf2/pbkdf2.go +++ b/src/crypto/pbkdf2/pbkdf2.go @@ -11,6 +11,7 @@ @@ -1544,16 +1547,16 @@ index d40daab5e5b879..c32b3fd82b99b0 100644 import ( + boring "crypto/internal/backend" "crypto/internal/fips140/pbkdf2" + "crypto/internal/fips140hash" "crypto/internal/fips140only" - "errors" -@@ -45,5 +46,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL +@@ -47,5 +48,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL return nil, errors.New("crypto/pbkdf2: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") } } + if boring.Enabled && boring.SupportsPBKDF2() { -+ return boring.PBKDF2([]byte(password), salt, iter, keyLength, func() hash.Hash { return h() }) ++ return boring.PBKDF2([]byte(password), salt, iter, keyLength, fh) + } - return pbkdf2.Key(h, password, salt, iter, keyLength) + return pbkdf2.Key(fh, password, salt, iter, keyLength) } diff --git a/src/crypto/pbkdf2/pbkdf2_test.go b/src/crypto/pbkdf2/pbkdf2_test.go index 03980c7e54d3be..4968a666fad4e5 100644 @@ -1686,7 +1689,7 @@ index 838fcc1244bdbe..d89f732345e8a3 100644 // Note: Can run these tests against the non-BoringCrypto // version of the code by using "CGO_ENABLED=0 go test". diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go -index 24dfb38cf625bd..ccb027810a7e07 100644 +index 8373c125ae3096..bcc534151f9ac3 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -6,7 +6,7 @@ package rsa @@ -1696,9 +1699,9 @@ index 24dfb38cf625bd..ccb027810a7e07 100644 - "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/fips140/rsa" + "crypto/internal/fips140hash" "crypto/internal/fips140only" - "errors" -@@ -78,7 +78,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, +@@ -70,7 +70,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, hash = opts.Hash } @@ -1707,8 +1710,8 @@ index 24dfb38cf625bd..ccb027810a7e07 100644 bkey, err := boringPrivateKey(priv) if err != nil { return nil, err -@@ -136,7 +136,7 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts - return errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") +@@ -133,7 +133,7 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts + return err } - if boring.Enabled { @@ -1716,8 +1719,8 @@ index 24dfb38cf625bd..ccb027810a7e07 100644 bkey, err := boringPublicKey(pub) if err != nil { return err -@@ -249,7 +249,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l - } +@@ -250,7 +250,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l + return nil, err } - if boring.Enabled { @@ -1725,8 +1728,8 @@ index 24dfb38cf625bd..ccb027810a7e07 100644 k := priv.Size() if len(ciphertext) > k || k < hash.Size()*2+2 { -@@ -305,7 +305,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ - return nil, errors.New("crypto/rsa: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") +@@ -312,7 +312,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ + return nil, err } - if boring.Enabled { @@ -1830,7 +1833,7 @@ index e03f4ab06603c6..a4af0a2144870a 100644 err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) good := test.good diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index fb23f003a6f217..be374dad6969d5 100644 +index 95bb4becd2ff8c..73991434dabaf1 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -42,8 +42,8 @@ package rsa @@ -1845,7 +1848,7 @@ index fb23f003a6f217..be374dad6969d5 100644 "crypto/internal/fips140/rsa" "crypto/internal/fips140only" diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 2535661040273a..f9543d9cc89e7b 100644 +index 73b0c3749eedb2..b527a355074482 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -8,7 +8,7 @@ import ( @@ -1857,7 +1860,7 @@ index 2535661040273a..f9543d9cc89e7b 100644 "crypto/internal/cryptotest" "crypto/rand" . "crypto/rsa" -@@ -129,6 +129,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { +@@ -146,6 +146,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { if priv.D.Cmp(priv.N) > 0 { t.Errorf("private exponent too large") } @@ -1869,7 +1872,7 @@ index 2535661040273a..f9543d9cc89e7b 100644 msg := []byte("hi!") enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) -@@ -209,6 +214,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { +@@ -226,6 +231,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { if err := priv.Validate(); err != nil { t.Errorf("Validate() failed: %s", err) } @@ -1882,7 +1885,7 @@ index 2535661040273a..f9543d9cc89e7b 100644 msg := []byte("test") enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go -index b799f0d2fb1548..9aa23e9aa17e89 100644 +index d2ffaac0aeb674..23d8ad44d0bd9a 100644 --- a/src/crypto/sha1/sha1.go +++ b/src/crypto/sha1/sha1.go @@ -10,7 +10,7 @@ package sha1 @@ -1894,6 +1897,22 @@ index b799f0d2fb1548..9aa23e9aa17e89 100644 "crypto/internal/fips140only" "errors" "hash" +@@ -266,12 +266,12 @@ func (d *digest) constSum() [Size]byte { + + // Sum returns the SHA-1 checksum of the data. + func Sum(data []byte) [Size]byte { +- if boring.Enabled { +- return boring.SHA1(data) +- } + if fips140only.Enabled { + panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode") + } ++ if boring.Enabled { ++ return boring.SHA1(data) ++ } + var d digest + d.Reset() + d.Write(data) diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go index 9d707b7cde5c2d..8da08b3d860a85 100644 --- a/src/crypto/sha1/sha1_test.go @@ -2688,7 +2707,7 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index a62a5173b9c6bc..9ef5b8ea058783 100644 +index e3e01077c18b17..30811455e88418 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` @@ -2700,7 +2719,7 @@ index a62a5173b9c6bc..9ef5b8ea058783 100644 FIPS, internal/godebug < crypto/fips140; crypto, hash !< FIPS; -@@ -506,12 +508,15 @@ var depsRules = ` +@@ -506,7 +508,9 @@ var depsRules = ` FIPS, internal/godebug, hash, embed, crypto/internal/boring/sig, crypto/internal/boring/syso, @@ -2710,13 +2729,15 @@ index a62a5173b9c6bc..9ef5b8ea058783 100644 < crypto/internal/fips140only < crypto < crypto/subtle +@@ -514,6 +518,7 @@ var depsRules = ` + < crypto/internal/fips140hash < crypto/cipher < crypto/internal/boring + < crypto/internal/backend < crypto/boring < crypto/aes, crypto/des, -@@ -526,6 +531,7 @@ var depsRules = ` +@@ -527,6 +532,7 @@ var depsRules = ` crypto/pbkdf2, crypto/ecdh, crypto/mlkem @@ -2724,7 +2745,7 @@ index a62a5173b9c6bc..9ef5b8ea058783 100644 < CRYPTO; CGO, fmt, net !< CRYPTO; -@@ -534,6 +540,7 @@ var depsRules = ` +@@ -535,6 +541,7 @@ var depsRules = ` CRYPTO, FMT, math/big < crypto/internal/boring/bbig @@ -2732,7 +2753,7 @@ index a62a5173b9c6bc..9ef5b8ea058783 100644 < crypto/rand < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 -@@ -547,7 +554,7 @@ var depsRules = ` +@@ -548,7 +555,7 @@ var depsRules = ` # TLS, Prince of Dependencies. diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 592110ad461..823455a0f40 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -492,10 +492,10 @@ index 00000000000000..44d91d5b7ba3d5 + return openssl.VerifyDSA(pub, hashed, sig) +} diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index f9543d9cc89e7b..f07c75821aab13 100644 +index b527a355074482..906c469482030a 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go -@@ -846,6 +846,9 @@ func TestDecryptOAEP(t *testing.T) { +@@ -863,6 +863,9 @@ func TestDecryptOAEP(t *testing.T) { } func Test2DecryptOAEP(t *testing.T) { @@ -528,10 +528,10 @@ index 9e661352f16e0b..e51f0f57540a83 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index b39db00839ab43..392f8d8c52c4b6 100644 +index 30811455e88418..3de94c93629e3d 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -509,12 +509,14 @@ var depsRules = ` +@@ -509,7 +509,7 @@ var depsRules = ` crypto/internal/boring/sig, crypto/internal/boring/syso, encoding/binary, @@ -540,14 +540,16 @@ index b39db00839ab43..392f8d8c52c4b6 100644 crypto/internal/backend/fips140 < crypto/internal/fips140only < crypto - < crypto/subtle +@@ -517,6 +517,8 @@ var depsRules = ` + < crypto/sha3 + < crypto/internal/fips140hash < crypto/cipher + < github.com/golang-fips/openssl/v2/internal/subtle + < github.com/golang-fips/openssl/v2 < crypto/internal/boring < crypto/internal/backend < crypto/boring -@@ -538,6 +540,7 @@ var depsRules = ` +@@ -540,6 +542,7 @@ var depsRules = ` # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -555,7 +557,7 @@ index b39db00839ab43..392f8d8c52c4b6 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -842,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -844,7 +847,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -564,7 +566,7 @@ index b39db00839ab43..392f8d8c52c4b6 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -852,7 +855,7 @@ func findImports(pkg string) ([]string, error) { +@@ -854,7 +857,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index bffe90d870b..fb3554d8d1b 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -511,12 +511,12 @@ index e51f0f57540a83..abebb59dcd7739 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 392f8d8c52c4b6..997244c84e57c5 100644 +index 3de94c93629e3d..8effe9041f3f5f 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -515,6 +515,10 @@ var depsRules = ` - < crypto - < crypto/subtle +@@ -517,6 +517,10 @@ var depsRules = ` + < crypto/sha3 + < crypto/internal/fips140hash < crypto/cipher + < github.com/microsoft/go-crypto-winnative/internal/subtle + < github.com/microsoft/go-crypto-winnative/internal/sysdll @@ -525,7 +525,7 @@ index 392f8d8c52c4b6..997244c84e57c5 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -540,6 +544,7 @@ var depsRules = ` +@@ -542,6 +546,7 @@ var depsRules = ` # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. CRYPTO, FMT, math/big From b3541eb79231412946575f30255c4d61e4aed801 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 13 Jan 2025 10:33:57 +0100 Subject: [PATCH 179/887] centralize crypto backends GOEXPERIMENT definitions --- .../0001-Add-systemcrypto-GOEXPERIMENT.patch | 104 ++++++++++++++---- patches/0004-Add-OpenSSL-crypto-backend.patch | 49 +-------- patches/0005-Add-CNG-crypto-backend.patch | 71 ++---------- 3 files changed, 97 insertions(+), 127 deletions(-) diff --git a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch b/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch index 1c2e50368f3..38e1ae8445b 100644 --- a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch +++ b/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch @@ -3,7 +3,7 @@ From: Davis Goodin Date: Wed, 31 May 2023 16:54:31 -0500 Subject: [PATCH] Add systemcrypto GOEXPERIMENT -Adds systemcrypto GOEXPERIMENT and modifies tag handling to make +Adds crypto backend GOEXPERIMENTs and modifies tag handling to make goexperiment.systemcrypto behave as an alias that enables the recommended backend for the target GOOS. See src/internal/goexperiment/flags.go for more information about the behavior. @@ -19,24 +19,32 @@ maintain this feature. For more information, see the test files. .../testdata/backendtags_openssl/openssl.go | 3 + .../build/testdata/backendtags_system/main.go | 3 + .../backendtags_system/systemcrypto.go | 3 + - .../goexperiment/exp_systemcrypto_off.go | 9 +++ - .../goexperiment/exp_systemcrypto_on.go | 9 +++ - src/internal/goexperiment/flags.go | 15 ++++ - 11 files changed, 292 insertions(+) + .../goexperiment/exp_cngcrypto_off.go | 8 ++ + src/internal/goexperiment/exp_cngcrypto_on.go | 8 ++ + .../goexperiment/exp_opensslcrypto_off.go | 8 ++ + .../goexperiment/exp_opensslcrypto_on.go | 8 ++ + .../goexperiment/exp_systemcrypto_off.go | 8 ++ + .../goexperiment/exp_systemcrypto_on.go | 8 ++ + src/internal/goexperiment/flags.go | 17 +++++ + 15 files changed, 324 insertions(+) create mode 100644 src/cmd/go/internal/modindex/build_test.go create mode 100644 src/go/build/buildbackend_test.go create mode 100644 src/go/build/testdata/backendtags_openssl/main.go create mode 100644 src/go/build/testdata/backendtags_openssl/openssl.go create mode 100644 src/go/build/testdata/backendtags_system/main.go create mode 100644 src/go/build/testdata/backendtags_system/systemcrypto.go + create mode 100644 src/internal/goexperiment/exp_cngcrypto_off.go + create mode 100644 src/internal/goexperiment/exp_cngcrypto_on.go + create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go + create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go create mode 100644 src/internal/goexperiment/exp_systemcrypto_off.go create mode 100644 src/internal/goexperiment/exp_systemcrypto_on.go diff --git a/src/cmd/go/internal/modindex/build.go b/src/cmd/go/internal/modindex/build.go -index b57f2f6368f0fe..9ddde1ce9a2286 100644 +index b4dacb0f523a8d..615ae461eb8cdc 100644 --- a/src/cmd/go/internal/modindex/build.go +++ b/src/cmd/go/internal/modindex/build.go -@@ -880,13 +880,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { +@@ -886,13 +886,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { name = "goexperiment.boringcrypto" // boringcrypto is an old name for goexperiment.boringcrypto } @@ -184,10 +192,10 @@ index 00000000000000..1756c5d027fee0 + } +} diff --git a/src/go/build/build.go b/src/go/build/build.go -index dd6cdc903a21a8..48adcfed5cf3cb 100644 +index 9ffffda08a99b1..570937cba3cb85 100644 --- a/src/go/build/build.go +++ b/src/go/build/build.go -@@ -1947,13 +1947,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { +@@ -1984,13 +1984,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { name = "goexperiment.boringcrypto" // boringcrypto is an old name for goexperiment.boringcrypto } @@ -363,16 +371,71 @@ index 00000000000000..eb8a026982259c +//go:build goexperiment.systemcrypto + +package main +diff --git a/src/internal/goexperiment/exp_cngcrypto_off.go b/src/internal/goexperiment/exp_cngcrypto_off.go +new file mode 100644 +index 00000000000000..eb879f94fa0c42 +--- /dev/null ++++ b/src/internal/goexperiment/exp_cngcrypto_off.go +@@ -0,0 +1,8 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build !goexperiment.cngcrypto ++ ++package goexperiment ++ ++const CNGCrypto = false ++const CNGCryptoInt = 0 +diff --git a/src/internal/goexperiment/exp_cngcrypto_on.go b/src/internal/goexperiment/exp_cngcrypto_on.go +new file mode 100644 +index 00000000000000..5b0a55d6c5772e +--- /dev/null ++++ b/src/internal/goexperiment/exp_cngcrypto_on.go +@@ -0,0 +1,8 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build goexperiment.cngcrypto ++ ++package goexperiment ++ ++const CNGCrypto = true ++const CNGCryptoInt = 1 +diff --git a/src/internal/goexperiment/exp_opensslcrypto_off.go b/src/internal/goexperiment/exp_opensslcrypto_off.go +new file mode 100644 +index 00000000000000..b28c0976a94cb0 +--- /dev/null ++++ b/src/internal/goexperiment/exp_opensslcrypto_off.go +@@ -0,0 +1,8 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build !goexperiment.opensslcrypto ++ ++package goexperiment ++ ++const OpenSSLCrypto = false ++const OpenSSLCryptoInt = 0 +diff --git a/src/internal/goexperiment/exp_opensslcrypto_on.go b/src/internal/goexperiment/exp_opensslcrypto_on.go +new file mode 100644 +index 00000000000000..154386b3de81ea +--- /dev/null ++++ b/src/internal/goexperiment/exp_opensslcrypto_on.go +@@ -0,0 +1,8 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build goexperiment.opensslcrypto ++ ++package goexperiment ++ ++const OpenSSLCrypto = true ++const OpenSSLCryptoInt = 1 diff --git a/src/internal/goexperiment/exp_systemcrypto_off.go b/src/internal/goexperiment/exp_systemcrypto_off.go new file mode 100644 -index 00000000000000..bd33cd6159c166 +index 00000000000000..6afc2ef2c5822e --- /dev/null +++ b/src/internal/goexperiment/exp_systemcrypto_off.go -@@ -0,0 +1,9 @@ +@@ -0,0 +1,8 @@ +// Code generated by mkconsts.go. DO NOT EDIT. + +//go:build !goexperiment.systemcrypto -+// +build !goexperiment.systemcrypto + +package goexperiment + @@ -380,27 +443,29 @@ index 00000000000000..bd33cd6159c166 +const SystemCryptoInt = 0 diff --git a/src/internal/goexperiment/exp_systemcrypto_on.go b/src/internal/goexperiment/exp_systemcrypto_on.go new file mode 100644 -index 00000000000000..9c5b0bbc7b99dc +index 00000000000000..fcd4cb9da0d162 --- /dev/null +++ b/src/internal/goexperiment/exp_systemcrypto_on.go -@@ -0,0 +1,9 @@ +@@ -0,0 +1,8 @@ +// Code generated by mkconsts.go. DO NOT EDIT. + +//go:build goexperiment.systemcrypto -+// +build goexperiment.systemcrypto + +package goexperiment + +const SystemCrypto = true +const SystemCryptoInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index ae3cbaf89fa5dd..de79140b2d4780 100644 +index 31b3d0315b64f8..8c140f0dbed134 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go -@@ -60,6 +60,21 @@ type Flags struct { +@@ -59,6 +59,23 @@ type Flags struct { + PreemptibleLoops bool StaticLockRanking bool BoringCrypto bool - ++ OpenSSLCrypto bool ++ CNGCrypto bool ++ + // SystemCrypto enables the OpenSSL or CNG crypto experiment depending on + // which one is appropriate on the target GOOS. + // @@ -415,7 +480,6 @@ index ae3cbaf89fa5dd..de79140b2d4780 100644 + // "any crypto backend is enabled", even if GOEXPERIMENT=systemcrypto is not + // being used to build the Go program. + SystemCrypto bool -+ + // Regabi is split into several sub-experiments that can be // enabled individually. Not all combinations work. - // The "regabi" GOEXPERIMENT is an alias for all "working" diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 823455a0f40..4f0f799e95f 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -15,16 +15,11 @@ Subject: [PATCH] Add OpenSSL crypto backend src/go.sum | 2 + src/go/build/deps_test.go | 9 +- src/go/build/vendor_test.go | 1 + - .../goexperiment/exp_opensslcrypto_off.go | 9 + - .../goexperiment/exp_opensslcrypto_on.go | 9 + - src/internal/goexperiment/flags.go | 1 + src/os/exec/exec_test.go | 9 + - 15 files changed, 450 insertions(+), 5 deletions(-) + 12 files changed, 431 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go - create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go - create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go index 0c992118f4287b..0de6e80fd985a3 100644 @@ -587,48 +582,6 @@ index 7f6237ffd59c11..7c821ae4bc5727 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/internal/goexperiment/exp_opensslcrypto_off.go b/src/internal/goexperiment/exp_opensslcrypto_off.go -new file mode 100644 -index 00000000000000..62033547c6143a ---- /dev/null -+++ b/src/internal/goexperiment/exp_opensslcrypto_off.go -@@ -0,0 +1,9 @@ -+// Code generated by mkconsts.go. DO NOT EDIT. -+ -+//go:build !goexperiment.opensslcrypto -+// +build !goexperiment.opensslcrypto -+ -+package goexperiment -+ -+const OpenSSLCrypto = false -+const OpenSSLCryptoInt = 0 -diff --git a/src/internal/goexperiment/exp_opensslcrypto_on.go b/src/internal/goexperiment/exp_opensslcrypto_on.go -new file mode 100644 -index 00000000000000..a7f2712e9e1464 ---- /dev/null -+++ b/src/internal/goexperiment/exp_opensslcrypto_on.go -@@ -0,0 +1,9 @@ -+// Code generated by mkconsts.go. DO NOT EDIT. -+ -+//go:build goexperiment.opensslcrypto -+// +build goexperiment.opensslcrypto -+ -+package goexperiment -+ -+const OpenSSLCrypto = true -+const OpenSSLCryptoInt = 1 -diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index e126e388e84025..233a12ee542328 100644 ---- a/src/internal/goexperiment/flags.go -+++ b/src/internal/goexperiment/flags.go -@@ -59,6 +59,7 @@ type Flags struct { - PreemptibleLoops bool - StaticLockRanking bool - BoringCrypto bool -+ OpenSSLCrypto bool - - // SystemCrypto enables the OpenSSL or CNG crypto experiment depending on - // which one is appropriate on the target GOOS. diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go index 8c623871932f7d..2fa55073f5c19c 100644 --- a/src/os/exec/exec_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index fb3554d8d1b..4bdd4c4811b 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -4,27 +4,22 @@ Date: Tue, 19 Jul 2022 15:58:02 +0200 Subject: [PATCH] Add CNG crypto backend --- - src/crypto/ecdsa/badlinkname.go | 17 + - src/crypto/internal/backend/backend_test.go | 4 +- - src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 320 ++++++++++++++++++ - src/crypto/internal/backend/common.go | 9 +- - src/crypto/internal/backend/fips140/cng.go | 33 ++ - src/crypto/rsa/pss_test.go | 2 +- - src/go.mod | 1 + - src/go.sum | 2 + - src/go/build/deps_test.go | 5 + - src/go/build/vendor_test.go | 1 + - .../goexperiment/exp_cngcrypto_off.go | 9 + - src/internal/goexperiment/exp_cngcrypto_on.go | 9 + - src/internal/goexperiment/flags.go | 1 + - 14 files changed, 420 insertions(+), 5 deletions(-) + src/crypto/ecdsa/badlinkname.go | 17 ++ + src/crypto/internal/backend/backend_test.go | 4 +- + src/crypto/internal/backend/bbig/big_cng.go | 12 + + src/crypto/internal/backend/cng_windows.go | 320 ++++++++++++++++++++ + src/crypto/internal/backend/common.go | 9 +- + src/crypto/internal/backend/fips140/cng.go | 33 ++ + src/crypto/rsa/pss_test.go | 2 +- + src/go.mod | 1 + + src/go.sum | 2 + + src/go/build/deps_test.go | 5 + + src/go/build/vendor_test.go | 1 + + 11 files changed, 401 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go create mode 100644 src/crypto/internal/backend/fips140/cng.go - create mode 100644 src/internal/goexperiment/exp_cngcrypto_off.go - create mode 100644 src/internal/goexperiment/exp_cngcrypto_on.go diff --git a/src/crypto/ecdsa/badlinkname.go b/src/crypto/ecdsa/badlinkname.go new file mode 100644 @@ -545,45 +540,3 @@ index 7c821ae4bc5727..1d0b9b20e9b1d4 100644 } // Verify that the vendor directories contain only packages matching the list above. -diff --git a/src/internal/goexperiment/exp_cngcrypto_off.go b/src/internal/goexperiment/exp_cngcrypto_off.go -new file mode 100644 -index 00000000000000..831460053281e2 ---- /dev/null -+++ b/src/internal/goexperiment/exp_cngcrypto_off.go -@@ -0,0 +1,9 @@ -+// Code generated by mkconsts.go. DO NOT EDIT. -+ -+//go:build !goexperiment.cngcrypto -+// +build !goexperiment.cngcrypto -+ -+package goexperiment -+ -+const CNGCrypto = false -+const CNGCryptoInt = 0 -diff --git a/src/internal/goexperiment/exp_cngcrypto_on.go b/src/internal/goexperiment/exp_cngcrypto_on.go -new file mode 100644 -index 00000000000000..99ee2542ca38a9 ---- /dev/null -+++ b/src/internal/goexperiment/exp_cngcrypto_on.go -@@ -0,0 +1,9 @@ -+// Code generated by mkconsts.go. DO NOT EDIT. -+ -+//go:build goexperiment.cngcrypto -+// +build goexperiment.cngcrypto -+ -+package goexperiment -+ -+const CNGCrypto = true -+const CNGCryptoInt = 1 -diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index 233a12ee542328..8c140f0dbed134 100644 ---- a/src/internal/goexperiment/flags.go -+++ b/src/internal/goexperiment/flags.go -@@ -60,6 +60,7 @@ type Flags struct { - StaticLockRanking bool - BoringCrypto bool - OpenSSLCrypto bool -+ CNGCrypto bool - - // SystemCrypto enables the OpenSSL or CNG crypto experiment depending on - // which one is appropriate on the target GOOS. From 1debdcc219c0dda014c80246fd28c8e595d00b64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 10:36:18 +0000 Subject: [PATCH 180/887] build(deps): bump github/codeql-action from 3.28.0 to 3.28.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.0 to 3.28.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/48ab28a6f5dbc2a99bf1e0131198dd8f1df78169...b6a472f63d85b9c78a3ac5e89422239fc15e9b3c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d61b4590e0f..b0538026046 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Initialize CodeQL - uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 with: category: /language:go From 09f1d99312b2bad603c8a506059dfe5f74a59f54 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 13 Jan 2025 20:31:14 +0100 Subject: [PATCH 181/887] Rename patch file --- ...MENT.patch => 0001-Add-crypto-backend-GOEXPERIMENTs.patch} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename patches/{0001-Add-systemcrypto-GOEXPERIMENT.patch => 0001-Add-crypto-backend-GOEXPERIMENTs.patch} (99%) diff --git a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch b/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch similarity index 99% rename from patches/0001-Add-systemcrypto-GOEXPERIMENT.patch rename to patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch index 38e1ae8445b..27387faef14 100644 --- a/patches/0001-Add-systemcrypto-GOEXPERIMENT.patch +++ b/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch @@ -1,7 +1,7 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 31 May 2023 16:54:31 -0500 -Subject: [PATCH] Add systemcrypto GOEXPERIMENT +Subject: [PATCH] Add crypto backend GOEXPERIMENTs Adds crypto backend GOEXPERIMENTs and modifies tag handling to make goexperiment.systemcrypto behave as an alias that enables the recommended @@ -482,4 +482,4 @@ index 31b3d0315b64f8..8c140f0dbed134 100644 + SystemCrypto bool // Regabi is split into several sub-experiments that can be - // enabled individually. Not all combinations work. + // enabled individually. Not all combinations work. \ No newline at end of file From 8fe8183d617f8f456f96cd0ff2ca58f57b5f5907 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 13 Jan 2025 20:34:50 +0100 Subject: [PATCH 182/887] Fix newline at end of file From bc5af7d4cfcaf689130183105cb13b13d057d7e5 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Mon, 13 Jan 2025 20:38:06 +0100 Subject: [PATCH 183/887] add newline --- patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch b/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch index 27387faef14..8d07cee4e4e 100644 --- a/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch +++ b/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch @@ -482,4 +482,4 @@ index 31b3d0315b64f8..8c140f0dbed134 100644 + SystemCrypto bool // Regabi is split into several sub-experiments that can be - // enabled individually. Not all combinations work. \ No newline at end of file + // enabled individually. Not all combinations work. From 7ef39ed1ba33de557048ec76709b9c7147780248 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 14 Jan 2025 08:52:21 +0100 Subject: [PATCH 184/887] Add backend external deps in the vendor patch (#1483) * add backend external deps in the vendor patch * Update CNG crypto backend and foundation dates * Apply suggestions from code review Co-authored-by: Davis Goodin * fix comments --------- Co-authored-by: Davis Goodin --- ...atch => 0002-Vendor-crypto-backends.patch} | 56 ++++++++++++++++++- ... 0003-Add-crypto-backend-foundation.patch} | 0 ...> 0004-Add-BoringSSL-crypto-backend.patch} | 0 ... => 0005-Add-OpenSSL-crypto-backend.patch} | 26 +-------- ...atch => 0006-Add-CNG-crypto-backend.patch} | 28 +--------- 5 files changed, 56 insertions(+), 54 deletions(-) rename patches/{0006-Vendor-crypto-backends.patch => 0002-Vendor-crypto-backends.patch} (99%) rename patches/{0002-Add-crypto-backend-foundation.patch => 0003-Add-crypto-backend-foundation.patch} (100%) rename patches/{0003-Add-BoringSSL-crypto-backend.patch => 0004-Add-BoringSSL-crypto-backend.patch} (100%) rename patches/{0004-Add-OpenSSL-crypto-backend.patch => 0005-Add-OpenSSL-crypto-backend.patch} (94%) rename patches/{0005-Add-CNG-crypto-backend.patch => 0006-Add-CNG-crypto-backend.patch} (92%) diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch similarity index 99% rename from patches/0006-Vendor-crypto-backends.patch rename to patches/0002-Vendor-crypto-backends.patch index 24e3632a13f..264f3b12012 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -3,8 +3,12 @@ From: Quim Muntal Date: Mon, 23 May 2022 12:59:36 +0000 Subject: [PATCH] Vendor crypto backends -To reproduce, run 'go mod vendor' in 'go/src'. +To reproduce changes in 'src/vendor', run 'go mod vendor' in 'src'. +Use a 'go' that was recently built by the current branch to ensure stable results. --- + src/crypto/internal/backend/deps_ignore.go | 16 + + src/go.mod | 5 + + src/go.sum | 4 + .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + @@ -69,7 +73,8 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 11 + - 64 files changed, 10969 insertions(+), 6 deletions(-) + 67 files changed, 11000 insertions(+) + create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -134,6 +139,53 @@ To reproduce, run 'go mod vendor' in 'go/src'. create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/subtle/aliasing.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go +diff --git a/src/crypto/internal/backend/deps_ignore.go b/src/crypto/internal/backend/deps_ignore.go +new file mode 100644 +index 00000000000000..7e537a55af954e +--- /dev/null ++++ b/src/crypto/internal/backend/deps_ignore.go +@@ -0,0 +1,16 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build ignore ++ ++package backend ++ ++import ( ++ _ "github.com/golang-fips/openssl/v2" ++ _ "github.com/microsoft/go-crypto-winnative/cng" ++) ++ ++// This file is here just to declare the external dependencies ++// that are used by the backend package. This allows to track ++// their versions in a single patch file. +diff --git a/src/go.mod b/src/go.mod +index 7a1318dcac32ba..4ca039fa96ba3c 100644 +--- a/src/go.mod ++++ b/src/go.mod +@@ -11,3 +11,8 @@ require ( + golang.org/x/sys v0.28.0 // indirect + golang.org/x/text v0.21.0 // indirect + ) ++ ++require ( ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 ++) +diff --git a/src/go.sum b/src/go.sum +index 9e661352f16e0b..abebb59dcd7739 100644 +--- a/src/go.sum ++++ b/src/go.sum +@@ -1,3 +1,7 @@ ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= + golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= + golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= + golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore new file mode 100644 index 00000000000000..79b5594df7fa29 diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0003-Add-crypto-backend-foundation.patch similarity index 100% rename from patches/0002-Add-crypto-backend-foundation.patch rename to patches/0003-Add-crypto-backend-foundation.patch diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0004-Add-BoringSSL-crypto-backend.patch similarity index 100% rename from patches/0003-Add-BoringSSL-crypto-backend.patch rename to patches/0004-Add-BoringSSL-crypto-backend.patch diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0005-Add-OpenSSL-crypto-backend.patch similarity index 94% rename from patches/0004-Add-OpenSSL-crypto-backend.patch rename to patches/0005-Add-OpenSSL-crypto-backend.patch index 4f0f799e95f..648570df40b 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0005-Add-OpenSSL-crypto-backend.patch @@ -11,12 +11,10 @@ Subject: [PATCH] Add OpenSSL crypto backend .../internal/backend/fips140/openssl.go | 41 +++ src/crypto/internal/backend/openssl_linux.go | 345 ++++++++++++++++++ src/crypto/rsa/rsa_test.go | 3 + - src/go.mod | 1 + - src/go.sum | 2 + src/go/build/deps_test.go | 9 +- src/go/build/vendor_test.go | 1 + src/os/exec/exec_test.go | 9 + - 12 files changed, 431 insertions(+), 5 deletions(-) + 10 files changed, 428 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -500,28 +498,6 @@ index b527a355074482..906c469482030a 100644 random := rand.Reader msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} -diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..f12d9b4d9172ab 100644 ---- a/src/go.mod -+++ b/src/go.mod -@@ -3,6 +3,7 @@ module std - go 1.24 - - require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 - golang.org/x/crypto v0.30.0 - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 - ) -diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..e51f0f57540a83 100644 ---- a/src/go.sum -+++ b/src/go.sum -@@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= - golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= - golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 30811455e88418..3de94c93629e3d 100644 --- a/src/go/build/deps_test.go diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0006-Add-CNG-crypto-backend.patch similarity index 92% rename from patches/0005-Add-CNG-crypto-backend.patch rename to patches/0006-Add-CNG-crypto-backend.patch index 4bdd4c4811b..5b5ed57f448 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0006-Add-CNG-crypto-backend.patch @@ -11,11 +11,9 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/common.go | 9 +- src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/rsa/pss_test.go | 2 +- - src/go.mod | 1 + - src/go.sum | 2 + src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + - 11 files changed, 401 insertions(+), 5 deletions(-) + 9 files changed, 398 insertions(+), 5 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -481,30 +479,6 @@ index a4af0a2144870a..7d7115cff81cea 100644 if err != nil { t.Fatal(err) } -diff --git a/src/go.mod b/src/go.mod -index f12d9b4d9172ab..96bdcd421e1129 100644 ---- a/src/go.mod -+++ b/src/go.mod -@@ -4,6 +4,7 @@ go 1.24 - - require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 - golang.org/x/crypto v0.30.0 - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 - ) -diff --git a/src/go.sum b/src/go.sum -index e51f0f57540a83..abebb59dcd7739 100644 ---- a/src/go.sum -+++ b/src/go.sum -@@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= - github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= - golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= - golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 3de94c93629e3d..8effe9041f3f5f 100644 --- a/src/go/build/deps_test.go From 9cf47877181eb12dea68893654f8d371beda6a42 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 14 Jan 2025 10:45:11 +0100 Subject: [PATCH 185/887] clean up patch files --- patches/0002-Vendor-crypto-backends.patch | 16 ++- .../0003-Add-crypto-backend-foundation.patch | 135 +++++++++++++----- .../0004-Add-BoringSSL-crypto-backend.patch | 16 ++- patches/0005-Add-OpenSSL-crypto-backend.patch | 71 +++------ patches/0006-Add-CNG-crypto-backend.patch | 112 ++------------- 5 files changed, 154 insertions(+), 196 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 264f3b12012..27f1d7f925f 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -9,6 +9,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result src/crypto/internal/backend/deps_ignore.go | 16 + src/go.mod | 5 + src/go.sum | 4 + + src/go/build/vendor_test.go | 2 + .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + @@ -73,7 +74,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 11 + - 67 files changed, 11000 insertions(+) + 68 files changed, 11002 insertions(+) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -186,6 +187,19 @@ index 9e661352f16e0b..abebb59dcd7739 100644 golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= +diff --git a/src/go/build/vendor_test.go b/src/go/build/vendor_test.go +index 7f6237ffd59c11..1d0b9b20e9b1d4 100644 +--- a/src/go/build/vendor_test.go ++++ b/src/go/build/vendor_test.go +@@ -22,6 +22,8 @@ var allowedPackagePrefixes = []string{ + "github.com/google/pprof", + "github.com/ianlancetaylor/demangle", + "rsc.io/markdown", ++ "github.com/golang-fips/openssl", ++ "github.com/microsoft/go-crypto-winnative", + } + + // Verify that the vendor directories contain only packages matching the list above. diff --git a/src/vendor/github.com/golang-fips/openssl/v2/.gitignore b/src/vendor/github.com/golang-fips/openssl/v2/.gitignore new file mode 100644 index 00000000000000..79b5594df7fa29 diff --git a/patches/0003-Add-crypto-backend-foundation.patch b/patches/0003-Add-crypto-backend-foundation.patch index 99140818363..32a93ef2774 100644 --- a/patches/0003-Add-crypto-backend-foundation.patch +++ b/patches/0003-Add-crypto-backend-foundation.patch @@ -6,6 +6,7 @@ Subject: [PATCH] Add crypto backend foundation --- src/cmd/api/boring_test.go | 2 +- src/cmd/go/go_boring_test.go | 2 +- + .../go/testdata/script/gopath_std_vendor.txt | 9 + src/crypto/aes/aes.go | 2 +- src/crypto/boring/boring.go | 4 +- src/crypto/cipher/ctr_aes_test.go | 2 +- @@ -17,6 +18,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/ecdh/ecdh.go | 2 +- src/crypto/ecdh/ecdh_test.go | 4 + src/crypto/ecdh/nist.go | 2 +- + src/crypto/ecdsa/badlinkname.go | 19 ++ src/crypto/ecdsa/boring.go | 6 +- src/crypto/ecdsa/ecdsa.go | 4 +- src/crypto/ecdsa/notboring.go | 4 +- @@ -29,12 +31,12 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/hmac/hmac_test.go | 2 +- src/crypto/internal/backend/backend_test.go | 30 +++ src/crypto/internal/backend/bbig/big.go | 17 ++ - src/crypto/internal/backend/common.go | 72 ++++++ - .../internal/backend/fips140/fips140.go | 55 +++++ + src/crypto/internal/backend/common.go | 58 +++++ + .../internal/backend/fips140/fips140.go | 55 ++++ .../internal/backend/fips140/isrequirefips.go | 9 + .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + - src/crypto/internal/backend/nobackend.go | 233 ++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 236 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- @@ -51,9 +53,9 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/notboring.go | 4 +- src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pkcs1v15_test.go | 5 + - src/crypto/rsa/pss_test.go | 5 + + src/crypto/rsa/pss_test.go | 9 +- src/crypto/rsa/rsa.go | 4 +- - src/crypto/rsa/rsa_test.go | 12 +- + src/crypto/rsa/rsa_test.go | 15 +- src/crypto/sha1/sha1.go | 8 +- src/crypto/sha1/sha1_test.go | 19 +- src/crypto/sha256/sha256.go | 6 +- @@ -79,9 +81,10 @@ Subject: [PATCH] Add crypto backend foundation src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++-- src/runtime/runtime_boring.go | 5 + - 75 files changed, 1432 insertions(+), 96 deletions(-) + 77 files changed, 1455 insertions(+), 97 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go + create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -124,6 +127,25 @@ index ed0fbf3d53d75b..06478963f4be44 100644 package main_test +diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt +index 4aaf46b5d0f0dc..ec58a217400caa 100644 +--- a/src/cmd/go/testdata/script/gopath_std_vendor.txt ++++ b/src/cmd/go/testdata/script/gopath_std_vendor.txt +@@ -1,5 +1,14 @@ + env GO111MODULE=off + ++# Disable systemcrypto while evaluating test dependencies to avoid importing ++# vendored crypto module dependencies like golang-fips/openssl. This test script ++# is not set up to handle any vendored libraries being imported other than ++# golang.org/x/net/http2/hpack, so we must make sure it is the only one. ++# ++# See https://github.com/microsoft/go/issues/481 for more details, such as the ++# dependency chain that would cause the failure if the gocrypt tag isn't used. ++env GOEXPERIMENT=none ++ + [!compiler:gc] skip + + go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go index 5bc2d13d673e0a..b803c77be62a66 100644 --- a/src/crypto/aes/aes.go @@ -539,6 +561,31 @@ index acef8298943c2b..ca6171cf775117 100644 "crypto/internal/fips140/ecdh" "crypto/internal/fips140only" "errors" +diff --git a/src/crypto/ecdsa/badlinkname.go b/src/crypto/ecdsa/badlinkname.go +new file mode 100644 +index 00000000000000..1dc05d09b2062d +--- /dev/null ++++ b/src/crypto/ecdsa/badlinkname.go +@@ -0,0 +1,19 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.systemcrypto ++ ++package ecdsa ++ ++import _ "unsafe" ++ ++// The symbols below are pulled by some crypto backend in the Microsoft Go compiler. ++// We provide a push linkname here, to keep them accessible with pull linknames. ++ ++//go:linkname encodeSignature ++//go:linkname parseSignature ++ ++// This supplements other linknames that are already added by ++// https://github.com/golang/go/commit/41aab30bd260297ad8ddad47e98fdf8390a9a67e ++// See that commit for more information. diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go index 275c60b4de49eb..ff8bddf28c4545 100644 --- a/src/crypto/ecdsa/boring.go @@ -964,10 +1011,10 @@ index 00000000000000..20251a290dc2e0 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..858e76e3c51c06 +index 00000000000000..0402524861dc53 --- /dev/null +++ b/src/crypto/internal/backend/common.go -@@ -0,0 +1,72 @@ +@@ -0,0 +1,58 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -977,7 +1024,6 @@ index 00000000000000..858e76e3c51c06 +import ( + "crypto/internal/backend/fips140" + "crypto/internal/boring/sig" -+ "internal/goexperiment" + "runtime" +) + @@ -1014,7 +1060,11 @@ index 00000000000000..858e76e3c51c06 +// UnreachableExceptTests marks code that should be unreachable +// when backend is in use. It panics. +func UnreachableExceptTests() { -+ if Enabled { ++ // runtime_arg0 is not supported on windows. ++ // We are going through the same code patch on linux, ++ // so if we are unintentionally calling an 'unreachable' function, ++ // we will catch it there. ++ if Enabled && runtime.GOOS != "windows" { + name := runtime_arg0() + // If ran on Windows we'd need to allow _test.exe and .test.exe as well. + if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { @@ -1023,23 +1073,6 @@ index 00000000000000..858e76e3c51c06 + } + } +} -+ -+func IsRSAKeySupported(primes int) bool { -+ if goexperiment.BoringCrypto { -+ return true -+ } -+ // CNG only supports 2-prime RSA keys. -+ // The built-in OpenSSL 3 providers and OpenSSL 1 do support n-prime RSA keys, -+ // but the SymCrypt provider for OpenSSL only supports 2-prime RSA keys. -+ // Only 2-prime RSA keys are FIPS compliant, other n having compatibility -+ // and security issues. Even crypto/rsa deprecated rsa.GenerateMultiPrimeKey as of Go 1.21. -+ // Given the above reasons, we only support 2-prime RSA keys. -+ return primes == 2 -+} -+ -+func IsSaltSupported(salt int) bool { -+ return true -+} diff --git a/src/crypto/internal/backend/fips140/fips140.go b/src/crypto/internal/backend/fips140/fips140.go new file mode 100644 index 00000000000000..f54d39970319af @@ -1153,10 +1186,10 @@ index 00000000000000..83691d7dd42d51 +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..3ebb6d5e4b4bb5 +index 00000000000000..4a3d8b729da30f --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,233 @@ +@@ -0,0 +1,236 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -1228,6 +1261,9 @@ index 00000000000000..3ebb6d5e4b4bb5 + panic("cryptobackend: not available") +} + ++func SupportsRSAKeyPrimes(primes int) bool { panic("cryptobackend: not available") } ++func SupportsRSASaltLength(salt int) bool { panic("cryptobackend: not available") } ++ +type PublicKeyRSA struct{ _ int } +type PrivateKeyRSA struct{ _ int } + @@ -1689,7 +1725,7 @@ index 838fcc1244bdbe..d89f732345e8a3 100644 // Note: Can run these tests against the non-BoringCrypto // version of the code by using "CGO_ENABLED=0 go test". diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go -index 8373c125ae3096..bcc534151f9ac3 100644 +index 8373c125ae3096..cee523891d5897 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -6,7 +6,7 @@ package rsa @@ -1706,7 +1742,7 @@ index 8373c125ae3096..bcc534151f9ac3 100644 } - if boring.Enabled && rand == boring.RandReader { -+ if boring.Enabled && rand == boring.RandReader && boring.IsRSAKeySupported(len(priv.Primes)) && boring.SupportsHash(hash) { ++ if boring.Enabled && rand == boring.RandReader && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsHash(hash) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1715,7 +1751,7 @@ index 8373c125ae3096..bcc534151f9ac3 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.IsSaltSupported(opts.saltLength()) && boring.SupportsHash(hash) { ++ if boring.Enabled && boring.SupportsRSASaltLength(opts.saltLength()) && boring.SupportsHash(hash) { bkey, err := boringPublicKey(pub) if err != nil { return err @@ -1724,7 +1760,7 @@ index 8373c125ae3096..bcc534151f9ac3 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { k := priv.Size() if len(ciphertext) > k || k < hash.Size()*2+2 { @@ -1733,7 +1769,7 @@ index 8373c125ae3096..bcc534151f9ac3 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1756,7 +1792,7 @@ index 2abc0436405f8a..3e4d6f3eef61e6 100644 func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { panic("boringcrypto: not available") diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index f1e4ef48a4fd1c..cb5aa30920bb7d 100644 +index f1e4ef48a4fd1c..a179a4388e3ee5 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -5,7 +5,7 @@ @@ -1773,7 +1809,7 @@ index f1e4ef48a4fd1c..cb5aa30920bb7d 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1782,7 +1818,7 @@ index f1e4ef48a4fd1c..cb5aa30920bb7d 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { var bkey *boring.PrivateKeyRSA bkey, err = boringPrivateKey(priv) if err != nil { @@ -1810,7 +1846,7 @@ index c65552cd93526a..910416abe842f5 100644 ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") _, err := DecryptPKCS1v15(nil, test512Key, ciphertext) diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index e03f4ab06603c6..a4af0a2144870a 100644 +index e03f4ab06603c6..f31d492d53cf96 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go @@ -8,6 +8,7 @@ import ( @@ -1832,6 +1868,17 @@ index e03f4ab06603c6..a4af0a2144870a 100644 opts.SaltLength = test.verifySaltLength err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) good := test.good +@@ -241,7 +246,9 @@ func fromHex(hexStr string) []byte { + + func TestInvalidPSSSaltLength(t *testing.T) { + t.Setenv("GODEBUG", "rsa1024min=0") +- key, err := GenerateKey(rand.Reader, 245) ++ // Most crypto backends don't support generating RSA keys with a bit size ++ // lower than 512, so we use 512 here. ++ key, err := GenerateKey(rand.Reader, 512) + if err != nil { + t.Fatal(err) + } diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go index 95bb4becd2ff8c..73991434dabaf1 100644 --- a/src/crypto/rsa/rsa.go @@ -1848,7 +1895,7 @@ index 95bb4becd2ff8c..73991434dabaf1 100644 "crypto/internal/fips140/rsa" "crypto/internal/fips140only" diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 73b0c3749eedb2..b527a355074482 100644 +index 73b0c3749eedb2..1a712a0e1c5d95 100644 --- a/src/crypto/rsa/rsa_test.go +++ b/src/crypto/rsa/rsa_test.go @@ -8,7 +8,7 @@ import ( @@ -1884,6 +1931,16 @@ index 73b0c3749eedb2..b527a355074482 100644 msg := []byte("test") enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) +@@ -853,6 +863,9 @@ func TestDecryptOAEP(t *testing.T) { + } + + func Test2DecryptOAEP(t *testing.T) { ++ if boring.Enabled { ++ t.Skip("Some crypto backends don't supports OAEPOptions.MGFHash.") ++ } + random := rand.Reader + + msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go index d2ffaac0aeb674..23d8ad44d0bd9a 100644 --- a/src/crypto/sha1/sha1.go diff --git a/patches/0004-Add-BoringSSL-crypto-backend.patch b/patches/0004-Add-BoringSSL-crypto-backend.patch index ca91aaff124..7ab03583455 100644 --- a/patches/0004-Add-BoringSSL-crypto-backend.patch +++ b/patches/0004-Add-BoringSSL-crypto-backend.patch @@ -5,9 +5,9 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 267 ++++++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 275 ++++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + - 3 files changed, 290 insertions(+) + 3 files changed, 298 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go create mode 100644 src/crypto/internal/backend/fips140/boring.go @@ -32,10 +32,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..94bc444f10eb2b +index 00000000000000..c49291c2f62b4c --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,267 @@ +@@ -0,0 +1,275 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -116,6 +116,14 @@ index 00000000000000..94bc444f10eb2b + return boring.VerifyECDSA(pub, hash, sig) +} + ++func SupportsRSAKeyPrimes(primes int) bool { ++ return true ++} ++ ++func SupportsRSASaltLength(salt int) bool { ++ return true ++} ++ +type PublicKeyRSA = boring.PublicKeyRSA +type PrivateKeyRSA = boring.PrivateKeyRSA + diff --git a/patches/0005-Add-OpenSSL-crypto-backend.patch b/patches/0005-Add-OpenSSL-crypto-backend.patch index 648570df40b..b353bd0cfea 100644 --- a/patches/0005-Add-OpenSSL-crypto-backend.patch +++ b/patches/0005-Add-OpenSSL-crypto-backend.patch @@ -5,16 +5,13 @@ Subject: [PATCH] Add OpenSSL crypto backend --- src/cmd/dist/test.go | 3 +- - .../go/testdata/script/gopath_std_vendor.txt | 9 + src/cmd/link/internal/ld/lib.go | 1 + .../internal/backend/bbig/big_openssl.go | 12 + - .../internal/backend/fips140/openssl.go | 41 +++ - src/crypto/internal/backend/openssl_linux.go | 345 ++++++++++++++++++ - src/crypto/rsa/rsa_test.go | 3 + + .../internal/backend/fips140/openssl.go | 41 ++ + src/crypto/internal/backend/openssl_linux.go | 358 ++++++++++++++++++ src/go/build/deps_test.go | 9 +- - src/go/build/vendor_test.go | 1 + src/os/exec/exec_test.go | 9 + - 10 files changed, 428 insertions(+), 5 deletions(-) + 7 files changed, 428 insertions(+), 5 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -37,25 +34,6 @@ index 0c992118f4287b..0de6e80fd985a3 100644 // Static linking tests if goos != "android" && p != "netbsd/arm" && !t.msan && !t.asan { // TODO(#56629): Why does this fail on netbsd-arm? -diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt -index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 ---- a/src/cmd/go/testdata/script/gopath_std_vendor.txt -+++ b/src/cmd/go/testdata/script/gopath_std_vendor.txt -@@ -1,5 +1,14 @@ - env GO111MODULE=off - -+# Disable OpenSSLCrypto backend while evaluating test dependencies to avoid importing -+# vendored crypto module dependencies like golang-fips/openssl. This test script -+# is not set up to handle any vendored libraries being imported other than -+# golang.org/x/net/http2/hpack, so we must make sure it is the only one. -+# -+# See https://github.com/microsoft/go/issues/481 for more details, such as the -+# dependency chain that would cause the failure if the gocrypt tag isn't used. -+env GOEXPERIMENT=none -+ - [!compiler:gc] skip - - go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go index 2d8f964f3594c6..a587e1abde57c9 100644 --- a/src/cmd/link/internal/ld/lib.go @@ -135,10 +113,10 @@ index 00000000000000..118efa3a492a7d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..44d91d5b7ba3d5 +index 00000000000000..0f3aea733ac2a5 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,345 @@ +@@ -0,0 +1,358 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -273,6 +251,19 @@ index 00000000000000..44d91d5b7ba3d5 + return openssl.VerifyECDSA(pub, hash, sig) +} + ++func SupportsRSAKeyPrimes(primes int) bool { ++ // The built-in OpenSSL 3 providers and OpenSSL 1 do support n-prime RSA keys, ++ // but SCOSSL only supports 2-prime RSA keys. ++ // Only 2-prime RSA keys are FIPS compliant, other n having compatibility ++ // and security issues. Even crypto/rsa deprecated rsa.GenerateMultiPrimeKey as of Go 1.21. ++ // Given the above reasons, we only support what SCOSSL supports. ++ return primes == 2 ++} ++ ++func SupportsRSASaltLength(salt int) bool { ++ return true ++} ++ +type PublicKeyRSA = openssl.PublicKeyRSA +type PrivateKeyRSA = openssl.PrivateKeyRSA + @@ -484,20 +475,6 @@ index 00000000000000..44d91d5b7ba3d5 + + return openssl.VerifyDSA(pub, hashed, sig) +} -diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index b527a355074482..906c469482030a 100644 ---- a/src/crypto/rsa/rsa_test.go -+++ b/src/crypto/rsa/rsa_test.go -@@ -863,6 +863,9 @@ func TestDecryptOAEP(t *testing.T) { - } - - func Test2DecryptOAEP(t *testing.T) { -+ if boring.Enabled { -+ t.Skip("OpenSSL backend does not supports OAEPOptions.MGFHash yet.") -+ } - random := rand.Reader - - msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 30811455e88418..3de94c93629e3d 100644 --- a/src/go/build/deps_test.go @@ -546,18 +523,6 @@ index 30811455e88418..3de94c93629e3d 100644 haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports } fset := token.NewFileSet() -diff --git a/src/go/build/vendor_test.go b/src/go/build/vendor_test.go -index 7f6237ffd59c11..7c821ae4bc5727 100644 ---- a/src/go/build/vendor_test.go -+++ b/src/go/build/vendor_test.go -@@ -22,6 +22,7 @@ var allowedPackagePrefixes = []string{ - "github.com/google/pprof", - "github.com/ianlancetaylor/demangle", - "rsc.io/markdown", -+ "github.com/golang-fips/openssl", - } - - // Verify that the vendor directories contain only packages matching the list above. diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go index 8c623871932f7d..2fa55073f5c19c 100644 --- a/src/os/exec/exec_test.go diff --git a/patches/0006-Add-CNG-crypto-backend.patch b/patches/0006-Add-CNG-crypto-backend.patch index 5b5ed57f448..256c9bef28d 100644 --- a/patches/0006-Add-CNG-crypto-backend.patch +++ b/patches/0006-Add-CNG-crypto-backend.patch @@ -4,59 +4,15 @@ Date: Tue, 19 Jul 2022 15:58:02 +0200 Subject: [PATCH] Add CNG crypto backend --- - src/crypto/ecdsa/badlinkname.go | 17 ++ - src/crypto/internal/backend/backend_test.go | 4 +- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 320 ++++++++++++++++++++ - src/crypto/internal/backend/common.go | 9 +- + src/crypto/internal/backend/cng_windows.go | 329 ++++++++++++++++++++ src/crypto/internal/backend/fips140/cng.go | 33 ++ - src/crypto/rsa/pss_test.go | 2 +- src/go/build/deps_test.go | 5 + - src/go/build/vendor_test.go | 1 + - 9 files changed, 398 insertions(+), 5 deletions(-) - create mode 100644 src/crypto/ecdsa/badlinkname.go + 4 files changed, 379 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go create mode 100644 src/crypto/internal/backend/fips140/cng.go -diff --git a/src/crypto/ecdsa/badlinkname.go b/src/crypto/ecdsa/badlinkname.go -new file mode 100644 -index 00000000000000..0d00b7bb3a7fc8 ---- /dev/null -+++ b/src/crypto/ecdsa/badlinkname.go -@@ -0,0 +1,17 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package ecdsa -+ -+import _ "unsafe" -+ -+// The symbols below are pulled by the CNG backend in the Microsoft Go compiler. -+// We provide a push linkname here, to keep them accessible with pull linknames. -+ -+//go:linkname encodeSignature -+//go:linkname parseSignature -+ -+// This supplements other linknames that are already added by -+// https://github.com/golang/go/commit/41aab30bd260297ad8ddad47e98fdf8390a9a67e -+// See that commit for more information. -diff --git a/src/crypto/internal/backend/backend_test.go b/src/crypto/internal/backend/backend_test.go -index c2c06d3bff8c74..837cff477e257e 100644 ---- a/src/crypto/internal/backend/backend_test.go -+++ b/src/crypto/internal/backend/backend_test.go -@@ -4,9 +4,7 @@ - - package backend - --import ( -- "testing" --) -+import "testing" - - // Test that Unreachable panics. - func TestUnreachable(t *testing.T) { diff --git a/src/crypto/internal/backend/bbig/big_cng.go b/src/crypto/internal/backend/bbig/big_cng.go new file mode 100644 index 00000000000000..92623031fd87d0 @@ -77,10 +33,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..495260a08dd029 +index 00000000000000..6bfbdc57f0518b --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,320 @@ +@@ -0,0 +1,329 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -206,6 +162,15 @@ index 00000000000000..495260a08dd029 + return cng.VerifyECDSA(pub, hash, r, s) +} + ++func SupportsRSAKeyPrimes(primes int) bool { ++ // CNG only supports 2-prime RSA keys. ++ return primes == 2 ++} ++ ++func SupportsRSASaltLength(salt int) bool { ++ return salt != 0 // rsa.PSSSaltLengthAuto ++} ++ +type PublicKeyRSA = cng.PublicKeyRSA +type PrivateKeyRSA = cng.PrivateKeyRSA + @@ -401,32 +366,6 @@ index 00000000000000..495260a08dd029 +func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt, encodeSignature func(r, s cng.BigInt) ([]byte, error)) bool { + return cng.VerifyDSA(pub, hashed, r, s) +} -diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index 858e76e3c51c06..91223c0ef0f810 100644 ---- a/src/crypto/internal/backend/common.go -+++ b/src/crypto/internal/backend/common.go -@@ -44,7 +44,11 @@ func hasSuffix(s, t string) bool { - // UnreachableExceptTests marks code that should be unreachable - // when backend is in use. It panics. - func UnreachableExceptTests() { -- if Enabled { -+ // runtime_arg0 is not supported on windows. -+ // We are going through the same code patch on linux, -+ // so if we are unintentionally calling an 'unreachable' function, -+ // we will catch it there. -+ if Enabled && !goexperiment.CNGCrypto { - name := runtime_arg0() - // If ran on Windows we'd need to allow _test.exe and .test.exe as well. - if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { -@@ -68,5 +72,8 @@ func IsRSAKeySupported(primes int) bool { - } - - func IsSaltSupported(salt int) bool { -+ if goexperiment.CNGCrypto { -+ return salt != 0 // rsa.PSSSaltLengthAuto -+ } - return true - } diff --git a/src/crypto/internal/backend/fips140/cng.go b/src/crypto/internal/backend/fips140/cng.go new file mode 100644 index 00000000000000..f769d15f94ab05 @@ -466,19 +405,6 @@ index 00000000000000..f769d15f94ab05 + } + return enabled != 0 +} -diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index a4af0a2144870a..7d7115cff81cea 100644 ---- a/src/crypto/rsa/pss_test.go -+++ b/src/crypto/rsa/pss_test.go -@@ -246,7 +246,7 @@ func fromHex(hexStr string) []byte { - - func TestInvalidPSSSaltLength(t *testing.T) { - t.Setenv("GODEBUG", "rsa1024min=0") -- key, err := GenerateKey(rand.Reader, 245) -+ key, err := GenerateKey(rand.Reader, 512) - if err != nil { - t.Fatal(err) - } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 3de94c93629e3d..8effe9041f3f5f 100644 --- a/src/go/build/deps_test.go @@ -502,15 +428,3 @@ index 3de94c93629e3d..8effe9041f3f5f 100644 < github.com/golang-fips/openssl/v2/bbig < crypto/internal/boring/bbig < crypto/internal/backend/bbig -diff --git a/src/go/build/vendor_test.go b/src/go/build/vendor_test.go -index 7c821ae4bc5727..1d0b9b20e9b1d4 100644 ---- a/src/go/build/vendor_test.go -+++ b/src/go/build/vendor_test.go -@@ -23,6 +23,7 @@ var allowedPackagePrefixes = []string{ - "github.com/ianlancetaylor/demangle", - "rsc.io/markdown", - "github.com/golang-fips/openssl", -+ "github.com/microsoft/go-crypto-winnative", - } - - // Verify that the vendor directories contain only packages matching the list above. From dfd8d2d855938ea180ce386e57ad5fe98d6c3d7f Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 14 Jan 2025 13:37:44 +0100 Subject: [PATCH 186/887] split crypto backend foundation patch (#1485) --- .../0003-Add-crypto-backend-foundation.patch | 2448 +---------------- patches/0005-Add-OpenSSL-crypto-backend.patch | 24 +- patches/0007-Use-crypto-backends.patch | 2443 ++++++++++++++++ ....patch => 0008-Add-backend-code-gen.patch} | 0 ...patch => 0009-Update-default-go.env.patch} | 0 ... 0010-Skip-failing-tests-on-Windows.patch} | 0 ...OFIPS-when-running-the-Go-toolchain.patch} | 0 ...pport-for-logging-used-Windows-APIs.patch} | 0 ... 0013-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 ...21-when-TLS-fipsonly-mode-is-enable.patch} | 0 11 files changed, 2464 insertions(+), 2451 deletions(-) create mode 100644 patches/0007-Use-crypto-backends.patch rename patches/{0007-Add-backend-code-gen.patch => 0008-Add-backend-code-gen.patch} (100%) rename patches/{0008-Update-default-go.env.patch => 0009-Update-default-go.env.patch} (100%) rename patches/{0009-Skip-failing-tests-on-Windows.patch => 0010-Skip-failing-tests-on-Windows.patch} (100%) rename patches/{0010-unset-GOFIPS-when-running-the-Go-toolchain.patch => 0011-unset-GOFIPS-when-running-the-Go-toolchain.patch} (100%) rename patches/{0011-add-support-for-logging-used-Windows-APIs.patch => 0012-add-support-for-logging-used-Windows-APIs.patch} (100%) rename patches/{0012-remove-long-path-support-hack.patch => 0013-remove-long-path-support-hack.patch} (100%) rename patches/{0013-Omit-internal-go.mod-files-used-for-codegen.patch => 0014-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) rename patches/{0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch => 0015-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch} (100%) diff --git a/patches/0003-Add-crypto-backend-foundation.patch b/patches/0003-Add-crypto-backend-foundation.patch index 32a93ef2774..2d37ac5751f 100644 --- a/patches/0003-Add-crypto-backend-foundation.patch +++ b/patches/0003-Add-crypto-backend-foundation.patch @@ -1,34 +1,9 @@ From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: qmuntal -Date: Thu, 30 Jun 2022 10:03:03 +0200 +Date: Tue, 14 Jan 2025 11:09:56 +0100 Subject: [PATCH] Add crypto backend foundation --- - src/cmd/api/boring_test.go | 2 +- - src/cmd/go/go_boring_test.go | 2 +- - .../go/testdata/script/gopath_std_vendor.txt | 9 + - src/crypto/aes/aes.go | 2 +- - src/crypto/boring/boring.go | 4 +- - src/crypto/cipher/ctr_aes_test.go | 2 +- - src/crypto/cipher/gcm_test.go | 2 +- - src/crypto/des/cipher.go | 7 + - src/crypto/dsa/boring.go | 113 +++++++++ - src/crypto/dsa/dsa.go | 88 +++++++ - src/crypto/dsa/notboring.go | 16 ++ - src/crypto/ecdh/ecdh.go | 2 +- - src/crypto/ecdh/ecdh_test.go | 4 + - src/crypto/ecdh/nist.go | 2 +- - src/crypto/ecdsa/badlinkname.go | 19 ++ - src/crypto/ecdsa/boring.go | 6 +- - src/crypto/ecdsa/ecdsa.go | 4 +- - src/crypto/ecdsa/notboring.go | 4 +- - src/crypto/ed25519/boring.go | 71 ++++++ - src/crypto/ed25519/ed25519.go | 73 ++++++ - src/crypto/ed25519/notboring.go | 16 ++ - src/crypto/hkdf/hkdf.go | 14 ++ - src/crypto/hkdf/hkdf_test.go | 2 +- - src/crypto/hmac/hmac.go | 2 +- - src/crypto/hmac/hmac_test.go | 2 +- src/crypto/internal/backend/backend_test.go | 30 +++ src/crypto/internal/backend/bbig/big.go | 17 ++ src/crypto/internal/backend/common.go | 58 +++++ @@ -38,55 +13,9 @@ Subject: [PATCH] Add crypto backend foundation .../backend/fips140/nosystemcrypto.go | 11 + src/crypto/internal/backend/nobackend.go | 236 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + - src/crypto/internal/cryptotest/allocations.go | 2 +- - .../internal/cryptotest/implementations.go | 2 +- - src/crypto/md5/md5.go | 10 + - src/crypto/md5/md5_test.go | 21 ++ - src/crypto/pbkdf2/pbkdf2.go | 4 + - src/crypto/pbkdf2/pbkdf2_test.go | 2 +- - src/crypto/purego_test.go | 2 +- - src/crypto/rand/rand.go | 2 +- - src/crypto/rc4/rc4.go | 18 ++ - src/crypto/rsa/boring.go | 6 +- - src/crypto/rsa/boring_test.go | 2 +- - src/crypto/rsa/fips.go | 10 +- - src/crypto/rsa/notboring.go | 4 +- - src/crypto/rsa/pkcs1v15.go | 6 +- - src/crypto/rsa/pkcs1v15_test.go | 5 + - src/crypto/rsa/pss_test.go | 9 +- - src/crypto/rsa/rsa.go | 4 +- - src/crypto/rsa/rsa_test.go | 15 +- - src/crypto/sha1/sha1.go | 8 +- - src/crypto/sha1/sha1_test.go | 19 +- - src/crypto/sha256/sha256.go | 6 +- - src/crypto/sha256/sha256_test.go | 29 +++ - src/crypto/sha512/sha512.go | 2 +- - src/crypto/sha512/sha512_test.go | 29 +++ - src/crypto/tls/cipher_suites.go | 2 +- - src/crypto/tls/fipsonly/fipsonly.go | 2 +- - src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- - src/crypto/tls/handshake_client.go | 12 +- - src/crypto/tls/handshake_client_tls13.go | 16 +- - src/crypto/tls/handshake_server.go | 10 +- - src/crypto/tls/handshake_server_tls13.go | 27 +- - src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- - src/crypto/tls/internal/tls13/doc.go | 18 ++ - src/crypto/tls/internal/tls13/tls13.go | 182 ++++++++++++++ - src/crypto/tls/key_schedule.go | 2 +- - src/crypto/tls/prf.go | 41 +++ - src/go/build/deps_test.go | 9 +- - src/hash/boring_test.go | 9 + - src/hash/example_test.go | 2 + - src/hash/marshal_test.go | 9 + - src/hash/notboring_test.go | 9 + - src/net/smtp/smtp_test.go | 72 ++++-- + src/go/build/deps_test.go | 7 +- src/runtime/runtime_boring.go | 5 + - 77 files changed, 1455 insertions(+), 97 deletions(-) - create mode 100644 src/crypto/dsa/boring.go - create mode 100644 src/crypto/dsa/notboring.go - create mode 100644 src/crypto/ecdsa/badlinkname.go - create mode 100644 src/crypto/ed25519/boring.go - create mode 100644 src/crypto/ed25519/notboring.go + 11 files changed, 446 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/bbig/big.go create mode 100644 src/crypto/internal/backend/common.go @@ -96,860 +25,7 @@ Subject: [PATCH] Add crypto backend foundation create mode 100644 src/crypto/internal/backend/fips140/nosystemcrypto.go create mode 100644 src/crypto/internal/backend/nobackend.go create mode 100644 src/crypto/internal/backend/stub.s - create mode 100644 src/crypto/tls/internal/tls13/doc.go - create mode 100644 src/crypto/tls/internal/tls13/tls13.go - create mode 100644 src/hash/boring_test.go - create mode 100644 src/hash/notboring_test.go -diff --git a/src/cmd/api/boring_test.go b/src/cmd/api/boring_test.go -index f0e3575637c62a..9eab3b4e66e60b 100644 ---- a/src/cmd/api/boring_test.go -+++ b/src/cmd/api/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package main - -diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go -index ed0fbf3d53d75b..06478963f4be44 100644 ---- a/src/cmd/go/go_boring_test.go -+++ b/src/cmd/go/go_boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package main_test - -diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt -index 4aaf46b5d0f0dc..ec58a217400caa 100644 ---- a/src/cmd/go/testdata/script/gopath_std_vendor.txt -+++ b/src/cmd/go/testdata/script/gopath_std_vendor.txt -@@ -1,5 +1,14 @@ - env GO111MODULE=off - -+# Disable systemcrypto while evaluating test dependencies to avoid importing -+# vendored crypto module dependencies like golang-fips/openssl. This test script -+# is not set up to handle any vendored libraries being imported other than -+# golang.org/x/net/http2/hpack, so we must make sure it is the only one. -+# -+# See https://github.com/microsoft/go/issues/481 for more details, such as the -+# dependency chain that would cause the failure if the gocrypt tag isn't used. -+env GOEXPERIMENT=none -+ - [!compiler:gc] skip - - go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack -diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go -index 5bc2d13d673e0a..b803c77be62a66 100644 ---- a/src/crypto/aes/aes.go -+++ b/src/crypto/aes/aes.go -@@ -15,7 +15,7 @@ package aes - - import ( - "crypto/cipher" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/aes" - "strconv" - ) -diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go -index 097c37e343fdb8..a5d603896d3890 100644 ---- a/src/crypto/boring/boring.go -+++ b/src/crypto/boring/boring.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - // Package boring exposes functions that are only available when building with - // Go+BoringCrypto. This package is available on all targets as long as the -@@ -13,7 +13,7 @@ - // is satisfied, so that applications can tag files that use this package. - package boring - --import "crypto/internal/boring" -+import boring "crypto/internal/backend" - - // Enabled reports whether BoringCrypto handles supported crypto operations. - func Enabled() bool { -diff --git a/src/crypto/cipher/ctr_aes_test.go b/src/crypto/cipher/ctr_aes_test.go -index 33942467784ad3..0282ffa9fa23c8 100644 ---- a/src/crypto/cipher/ctr_aes_test.go -+++ b/src/crypto/cipher/ctr_aes_test.go -@@ -14,7 +14,7 @@ import ( - "bytes" - "crypto/aes" - "crypto/cipher" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - fipsaes "crypto/internal/fips140/aes" - "encoding/hex" -diff --git a/src/crypto/cipher/gcm_test.go b/src/crypto/cipher/gcm_test.go -index ea2b4e29e2b67f..f884b0d0fbefe7 100644 ---- a/src/crypto/cipher/gcm_test.go -+++ b/src/crypto/cipher/gcm_test.go -@@ -8,7 +8,7 @@ import ( - "bytes" - "crypto/aes" - "crypto/cipher" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "crypto/internal/fips140" - fipsaes "crypto/internal/fips140/aes" -diff --git a/src/crypto/des/cipher.go b/src/crypto/des/cipher.go -index 21303b384cf757..0d3c4f810cfd8f 100644 ---- a/src/crypto/des/cipher.go -+++ b/src/crypto/des/cipher.go -@@ -6,6 +6,7 @@ package des - - import ( - "crypto/cipher" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/alias" - "crypto/internal/fips140only" - "errors" -@@ -36,6 +37,9 @@ func NewCipher(key []byte) (cipher.Block, error) { - if len(key) != 8 { - return nil, KeySizeError(len(key)) - } -+ if boring.Enabled && boring.SupportsDESCipher() { -+ return boring.NewDESCipher(key) -+ } - - c := new(desCipher) - c.generateSubkeys(key) -@@ -84,6 +88,9 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { - if len(key) != 24 { - return nil, KeySizeError(len(key)) - } -+ if boring.Enabled && boring.SupportsTripleDESCipher() { -+ return boring.NewTripleDESCipher(key) -+ } - - c := new(tripleDESCipher) - c.cipher1.generateSubkeys(key[:8]) -diff --git a/src/crypto/dsa/boring.go b/src/crypto/dsa/boring.go -new file mode 100644 -index 00000000000000..7ea0c8c423e9ee ---- /dev/null -+++ b/src/crypto/dsa/boring.go -@@ -0,0 +1,113 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.systemcrypto -+ -+package dsa -+ -+import ( -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" -+ "crypto/internal/boring/bcache" -+ "math/big" -+) -+ -+// Cached conversions from Go PublicKey/PrivateKey to BoringCrypto. -+// -+// The first operation on a PublicKey or PrivateKey makes a parallel -+// BoringCrypto key and saves it in pubCache or privCache. -+// -+// We could just assume that once used in a sign/verify/encrypt/decrypt operation, -+// a particular key is never again modified, but that has not been a -+// stated assumption before. Just in case there is any existing code that -+// does modify the key between operations, we save the original values -+// alongside the cached BoringCrypto key and check that the real key -+// still matches before using the cached key. The theory is that the real -+// operations are significantly more expensive than the comparison. -+ -+type boringPub struct { -+ key *boring.PublicKeyDSA -+ orig PublicKey -+} -+ -+var pubCache bcache.Cache[PublicKey, boringPub] -+var privCache bcache.Cache[PrivateKey, boringPriv] -+ -+func init() { -+ pubCache.Register() -+ privCache.Register() -+} -+ -+func boringPublicKey(pub *PublicKey) (*boring.PublicKeyDSA, error) { -+ b := pubCache.Get(pub) -+ if b != nil && publicKeyEqual(&b.orig, pub) { -+ return b.key, nil -+ } -+ -+ b = new(boringPub) -+ b.orig = copyPublicKey(pub) -+ key, err := boring.NewPublicKeyDSA(bbig.Enc(b.orig.P), bbig.Enc(b.orig.Q), bbig.Enc(b.orig.G), bbig.Enc(b.orig.Y)) -+ if err != nil { -+ return nil, err -+ } -+ b.key = key -+ pubCache.Put(pub, b) -+ return key, nil -+} -+ -+type boringPriv struct { -+ key *boring.PrivateKeyDSA -+ orig PrivateKey -+} -+ -+func boringPrivateKey(priv *PrivateKey) (*boring.PrivateKeyDSA, error) { -+ b := privCache.Get(priv) -+ if b != nil && privateKeyEqual(&b.orig, priv) { -+ return b.key, nil -+ } -+ -+ b = new(boringPriv) -+ b.orig = copyPrivateKey(priv) -+ -+ P := b.orig.P -+ Q := b.orig.Q -+ G := b.orig.G -+ X := b.orig.X -+ Y := b.orig.Y -+ -+ key, err := boring.NewPrivateKeyDSA(bbig.Enc(P), bbig.Enc(Q), bbig.Enc(G), bbig.Enc(X), bbig.Enc(Y)) -+ if err != nil { -+ return nil, err -+ } -+ b.key = key -+ privCache.Put(priv, b) -+ return key, nil -+} -+ -+func publicKeyEqual(k1, k2 *PublicKey) bool { -+ return k1.Y != nil && k1.Y.Cmp(k2.Y) == 0 && k1.P.Cmp(k2.P) == 0 && k1.Q.Cmp(k2.Q) == 0 && k1.G.Cmp(k2.G) == 0 -+} -+ -+func copyPublicKey(k *PublicKey) PublicKey { -+ return PublicKey{ -+ Parameters: Parameters{ -+ P: new(big.Int).Set(k.P), -+ Q: new(big.Int).Set(k.Q), -+ G: new(big.Int).Set(k.G), -+ }, -+ Y: new(big.Int).Set(k.Y), -+ } -+} -+ -+func privateKeyEqual(k1, k2 *PrivateKey) bool { -+ return publicKeyEqual(&k1.PublicKey, &k2.PublicKey) && -+ k1.X.Cmp(k2.X) == 0 -+} -+ -+func copyPrivateKey(k *PrivateKey) PrivateKey { -+ return PrivateKey{ -+ PublicKey: copyPublicKey(&k.PublicKey), -+ X: new(big.Int).Set(k.X), -+ } -+} -diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go -index 000becc82dfb79..6430bb3ea5e437 100644 ---- a/src/crypto/dsa/dsa.go -+++ b/src/crypto/dsa/dsa.go -@@ -18,8 +18,13 @@ import ( - "io" - "math/big" - -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/fips140only" - "crypto/internal/randutil" -+ -+ "golang.org/x/crypto/cryptobyte" -+ "golang.org/x/crypto/cryptobyte/asn1" - ) - - // Parameters represents the domain parameters for a key. These parameters can -@@ -91,6 +96,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes - return errors.New("crypto/dsa: invalid ParameterSizes") - } - -+ if boring.Enabled && boring.SupportsDSA(L, N) { -+ p, q, g, err := boring.GenerateParametersDSA(L, N) -+ if err != nil { -+ return err -+ } -+ params.P = bbig.Dec(p) -+ params.Q = bbig.Dec(q) -+ params.G = bbig.Dec(g) -+ return nil -+ } -+ - qBytes := make([]byte, N/8) - pBytes := make([]byte, L/8) - -@@ -170,6 +186,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { - return errors.New("crypto/dsa: parameters not set up before generating key") - } - -+ if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { -+ x, y, err := boring.GenerateKeyDSA(bbig.Enc(priv.P), bbig.Enc(priv.Q), bbig.Enc(priv.G)) -+ if err != nil { -+ return err -+ } -+ priv.X = bbig.Dec(x) -+ priv.Y = bbig.Dec(y) -+ -+ return nil -+ } -+ - x := new(big.Int) - xBytes := make([]byte, priv.Q.BitLen()/8) - -@@ -225,6 +252,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err - err = ErrInvalidPublicKey - return - } -+ -+ if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { -+ b, err := boringPrivateKey(priv) -+ if err != nil { -+ return nil, nil, err -+ } -+ -+ r, s, err := boring.SignDSA(b, hash, parseSignature) -+ -+ return bbig.Dec(r), bbig.Dec(s), err -+ } -+ - n >>= 3 - - var attempts int -@@ -288,6 +327,14 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { - panic("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode") - } - -+ if boring.Enabled && boring.SupportsDSA(pub.P.BitLen(), pub.Q.BitLen()) { -+ bkey, err := boringPublicKey(pub) -+ if err != nil { -+ return false -+ } -+ -+ return boring.VerifyDSA(bkey, hash, bbig.Enc(r), bbig.Enc(s), encodeSignature) -+ } - // FIPS 186-3, section 4.7 - - if pub.P.Sign() == 0 { -@@ -324,3 +371,44 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { - - return v.Cmp(r) == 0 - } -+ -+func parseSignature(sig []byte) (boring.BigInt, boring.BigInt, error) { -+ var r, s []byte -+ var inner cryptobyte.String -+ input := cryptobyte.String(sig) -+ if !input.ReadASN1(&inner, asn1.SEQUENCE) || -+ !input.Empty() || -+ !inner.ReadASN1Integer(&r) || -+ !inner.ReadASN1Integer(&s) || -+ !inner.Empty() { -+ return nil, nil, errors.New("invalid ASN.1") -+ } -+ return bbig.Enc(new(big.Int).SetBytes(r)), bbig.Enc(new(big.Int).SetBytes(s)), nil -+} -+ -+func encodeSignature(r, s boring.BigInt) ([]byte, error) { -+ var b cryptobyte.Builder -+ b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { -+ addASN1IntBytes(b, bbig.Dec(r).Bytes()) -+ addASN1IntBytes(b, bbig.Dec(s).Bytes()) -+ }) -+ return b.Bytes() -+} -+ -+// addASN1IntBytes encodes in ASN.1 a positive integer represented as -+// a big-endian byte slice with zero or more leading zeroes. -+func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) { -+ for len(bytes) > 0 && bytes[0] == 0 { -+ bytes = bytes[1:] -+ } -+ if len(bytes) == 0 { -+ b.SetError(errors.New("invalid integer")) -+ return -+ } -+ b.AddASN1(asn1.INTEGER, func(c *cryptobyte.Builder) { -+ if bytes[0]&0x80 != 0 { -+ c.AddUint8(0) -+ } -+ c.AddBytes(bytes) -+ }) -+} -diff --git a/src/crypto/dsa/notboring.go b/src/crypto/dsa/notboring.go -new file mode 100644 -index 00000000000000..cd02ff5a00c3dc ---- /dev/null -+++ b/src/crypto/dsa/notboring.go -@@ -0,0 +1,16 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !goexperiment.systemcrypto -+ -+package dsa -+ -+import boring "crypto/internal/backend" -+ -+func boringPublicKey(*PublicKey) (*boring.PublicKeyDSA, error) { -+ panic("boringcrypto: not available") -+} -+func boringPrivateKey(*PrivateKey) (*boring.PrivateKeyDSA, error) { -+ panic("boringcrypto: not available") -+} -diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go -index 231f1ea04c1010..cfa113e2345816 100644 ---- a/src/crypto/ecdh/ecdh.go -+++ b/src/crypto/ecdh/ecdh.go -@@ -8,7 +8,7 @@ package ecdh - - import ( - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/ecdh" - "crypto/subtle" - "errors" -diff --git a/src/crypto/ecdh/ecdh_test.go b/src/crypto/ecdh/ecdh_test.go -index 75d2480775669f..6a4d26fbafe090 100644 ---- a/src/crypto/ecdh/ecdh_test.go -+++ b/src/crypto/ecdh/ecdh_test.go -@@ -9,6 +9,7 @@ import ( - "crypto" - "crypto/cipher" - "crypto/ecdh" -+ boring "crypto/internal/backend" - "crypto/rand" - "crypto/sha256" - "encoding/hex" -@@ -280,6 +281,9 @@ var invalidPrivateKeys = map[ecdh.Curve][]string{ - } - - func TestNewPrivateKey(t *testing.T) { -+ if boring.Enabled { -+ t.Skip("skipping test with different results when using different backends") -+ } - testAllCurves(t, func(t *testing.T, curve ecdh.Curve) { - for _, input := range invalidPrivateKeys[curve] { - k, err := curve.NewPrivateKey(hexDecode(t, input)) -diff --git a/src/crypto/ecdh/nist.go b/src/crypto/ecdh/nist.go -index acef8298943c2b..ca6171cf775117 100644 ---- a/src/crypto/ecdh/nist.go -+++ b/src/crypto/ecdh/nist.go -@@ -6,7 +6,7 @@ package ecdh - - import ( - "bytes" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/ecdh" - "crypto/internal/fips140only" - "errors" -diff --git a/src/crypto/ecdsa/badlinkname.go b/src/crypto/ecdsa/badlinkname.go -new file mode 100644 -index 00000000000000..1dc05d09b2062d ---- /dev/null -+++ b/src/crypto/ecdsa/badlinkname.go -@@ -0,0 +1,19 @@ -+// Copyright 2025 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.systemcrypto -+ -+package ecdsa -+ -+import _ "unsafe" -+ -+// The symbols below are pulled by some crypto backend in the Microsoft Go compiler. -+// We provide a push linkname here, to keep them accessible with pull linknames. -+ -+//go:linkname encodeSignature -+//go:linkname parseSignature -+ -+// This supplements other linknames that are already added by -+// https://github.com/golang/go/commit/41aab30bd260297ad8ddad47e98fdf8390a9a67e -+// See that commit for more information. -diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go -index 275c60b4de49eb..ff8bddf28c4545 100644 ---- a/src/crypto/ecdsa/boring.go -+++ b/src/crypto/ecdsa/boring.go -@@ -2,13 +2,13 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package ecdsa - - import ( -- "crypto/internal/boring" -- "crypto/internal/boring/bbig" -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/boring/bcache" - "math/big" - ) -diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index cb308b41e9df86..8f73855aa738de 100644 ---- a/src/crypto/ecdsa/ecdsa.go -+++ b/src/crypto/ecdsa/ecdsa.go -@@ -20,8 +20,8 @@ import ( - "crypto" - "crypto/ecdh" - "crypto/elliptic" -- "crypto/internal/boring" -- "crypto/internal/boring/bbig" -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/fips140/ecdsa" - "crypto/internal/fips140hash" - "crypto/internal/fips140only" -diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go -index 039bd82ed21f9f..69a97d9bf250be 100644 ---- a/src/crypto/ecdsa/notboring.go -+++ b/src/crypto/ecdsa/notboring.go -@@ -2,11 +2,11 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !goexperiment.systemcrypto - - package ecdsa - --import "crypto/internal/boring" -+import boring "crypto/internal/backend" - - func boringPublicKey(*PublicKey) (*boring.PublicKeyECDSA, error) { - panic("boringcrypto: not available") -diff --git a/src/crypto/ed25519/boring.go b/src/crypto/ed25519/boring.go -new file mode 100644 -index 00000000000000..cce33e4d6cc927 ---- /dev/null -+++ b/src/crypto/ed25519/boring.go -@@ -0,0 +1,71 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.systemcrypto -+ -+package ed25519 -+ -+import ( -+ boring "crypto/internal/backend" -+ "crypto/internal/boring/bcache" -+ "unsafe" -+) -+ -+var pubCache bcache.Cache[byte, boringPub] -+var privCache bcache.Cache[byte, boringPriv] -+ -+func init() { -+ if boring.Enabled && boring.SupportsEd25519() { -+ pubCache.Register() -+ privCache.Register() -+ } -+} -+ -+type boringPub struct { -+ key *boring.PublicKeyEd25519 -+ orig [PublicKeySize]byte -+} -+ -+func boringPublicKey(pub PublicKey) (*boring.PublicKeyEd25519, error) { -+ // Use the pointer to the underlying pub array as key. -+ p := unsafe.SliceData(pub) -+ b := pubCache.Get(p) -+ if b != nil && PublicKey(b.orig[:]).Equal(pub) { -+ return b.key, nil -+ } -+ -+ b = new(boringPub) -+ copy(b.orig[:], pub) -+ key, err := boring.NewPublicKeyEd25519(b.orig[:]) -+ if err != nil { -+ return nil, err -+ } -+ b.key = key -+ pubCache.Put(p, b) -+ return key, nil -+} -+ -+type boringPriv struct { -+ key *boring.PrivateKeyEd25519 -+ orig [PrivateKeySize]byte -+} -+ -+func boringPrivateKey(priv PrivateKey) (*boring.PrivateKeyEd25519, error) { -+ // Use the pointer to the underlying priv array as key. -+ p := unsafe.SliceData(priv) -+ b := privCache.Get(p) -+ if b != nil && PrivateKey(b.orig[:]).Equal(priv) { -+ return b.key, nil -+ } -+ -+ b = new(boringPriv) -+ copy(b.orig[:], priv) -+ key, err := boring.NewPrivateKeyEd25519(b.orig[:]) -+ if err != nil { -+ return nil, err -+ } -+ b.key = key -+ privCache.Put(p, b) -+ return key, nil -+} -diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go -index c1f8ff784e4a5c..6476bfbe896d6c 100644 ---- a/src/crypto/ed25519/ed25519.go -+++ b/src/crypto/ed25519/ed25519.go -@@ -17,6 +17,7 @@ package ed25519 - - import ( - "crypto" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/ed25519" - "crypto/internal/fips140only" - cryptorand "crypto/rand" -@@ -24,6 +25,7 @@ import ( - "errors" - "io" - "strconv" -+ "sync" - ) - - const ( -@@ -138,6 +140,22 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { - if rand == nil { - rand = cryptorand.Reader - } -+ if boring.Enabled && boring.SupportsEd25519() { -+ if rand == boring.RandReader { -+ priv, err := boring.GenerateKeyEd25519() -+ if err != nil { -+ return nil, nil, err -+ } -+ privData, err := priv.Bytes() -+ if err != nil { -+ return nil, nil, err -+ } -+ privKey := PrivateKey(privData) -+ pubKey := privKey.Public().(PublicKey) -+ return pubKey, privKey, err -+ } -+ boring.UnreachableExceptTests() -+ } - - seed := make([]byte, SeedSize) - if _, err := io.ReadFull(rand, seed); err != nil { -@@ -154,6 +172,17 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { - // with RFC 8032. RFC 8032's private keys correspond to seeds in this - // package. - func NewKeyFromSeed(seed []byte) PrivateKey { -+ if boring.Enabled && boring.SupportsEd25519() { -+ key, err := boring.NewPrivateKeyEd25519FromSeed(seed) -+ if err != nil { -+ panic(err) -+ } -+ d, err := key.Bytes() -+ if err != nil { -+ panic(err) -+ } -+ return PrivateKey(d) -+ } - // Outline the function body so that the returned key can be stack-allocated. - privateKey := make([]byte, PrivateKeySize) - newKeyFromSeed(privateKey, seed) -@@ -172,6 +201,17 @@ func newKeyFromSeed(privateKey, seed []byte) { - // Sign signs the message with privateKey and returns a signature. It will - // panic if len(privateKey) is not [PrivateKeySize]. - func Sign(privateKey PrivateKey, message []byte) []byte { -+ if boring.Enabled && boring.SupportsEd25519() { -+ priv, err := boringPrivateKey(privateKey) -+ if err != nil { -+ panic(err) -+ } -+ signature, err := boring.SignEd25519(priv, message) -+ if err != nil { -+ panic(err) -+ } -+ return signature -+ } - // Outline the function body so that the returned signature can be - // stack-allocated. - signature := make([]byte, SignatureSize) -@@ -200,6 +240,32 @@ func Verify(publicKey PublicKey, message, sig []byte) bool { - return VerifyWithOptions(publicKey, message, sig, &Options{Hash: crypto.Hash(0)}) == nil - } - -+// testMalleability returns true if the crypto backend correctly rejects -+// malleable signatures. The only known backend that fails to do so is -+// OpenSSL version 1.1.1a or lower. -+// See https://github.com/openssl/openssl/issues/7693. -+var testMalleability = sync.OnceValue(func() bool { -+ msg := []byte{0x54, 0x65, 0x73, 0x74} -+ sig := []byte{ -+ 0x7c, 0x38, 0xe0, 0x26, 0xf2, 0x9e, 0x14, 0xaa, 0xbd, 0x05, 0x9a, -+ 0x0f, 0x2d, 0xb8, 0xb0, 0xcd, 0x78, 0x30, 0x40, 0x60, 0x9a, 0x8b, -+ 0xe6, 0x84, 0xdb, 0x12, 0xf8, 0x2a, 0x27, 0x77, 0x4a, 0xb0, 0x67, -+ 0x65, 0x4b, 0xce, 0x38, 0x32, 0xc2, 0xd7, 0x6f, 0x8f, 0x6f, 0x5d, -+ 0xaf, 0xc0, 0x8d, 0x93, 0x39, 0xd4, 0xee, 0xf6, 0x76, 0x57, 0x33, -+ 0x36, 0xa5, 0xc5, 0x1e, 0xb6, 0xf9, 0x46, 0xb3, 0x1d, -+ } -+ pkey := []byte{ -+ 0x7d, 0x4d, 0x0e, 0x7f, 0x61, 0x53, 0xa6, 0x9b, 0x62, 0x42, 0xb5, -+ 0x22, 0xab, 0xbe, 0xe6, 0x85, 0xfd, 0xa4, 0x42, 0x0f, 0x88, 0x34, -+ 0xb1, 0x08, 0xc3, 0xbd, 0xae, 0x36, 0x9e, 0xf5, 0x49, 0xfa, -+ } -+ pub, err := boring.NewPublicKeyEd25519(pkey) -+ if err != nil { -+ return false -+ } -+ return boring.VerifyEd25519(pub, msg, sig) != nil -+}) -+ - // VerifyWithOptions reports whether sig is a valid signature of message by - // publicKey. A valid signature is indicated by returning a nil error. It will - // panic if len(publicKey) is not [PublicKeySize]. -@@ -228,6 +294,13 @@ func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) - } - return ed25519.VerifyCtx(k, message, sig, opts.Context) - case opts.Hash == crypto.Hash(0): // Ed25519 -+ if boring.Enabled && boring.SupportsEd25519() && testMalleability() { -+ pub, err := boringPublicKey(publicKey) -+ if err != nil { -+ return err -+ } -+ return boring.VerifyEd25519(pub, message, sig) -+ } - return ed25519.Verify(k, message, sig) - default: - return errors.New("ed25519: expected opts.Hash zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)") -diff --git a/src/crypto/ed25519/notboring.go b/src/crypto/ed25519/notboring.go -new file mode 100644 -index 00000000000000..b0cdd44d81c753 ---- /dev/null -+++ b/src/crypto/ed25519/notboring.go -@@ -0,0 +1,16 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !goexperiment.systemcrypto -+ -+package ed25519 -+ -+import boring "crypto/internal/backend" -+ -+func boringPublicKey(PublicKey) (*boring.PublicKeyEd25519, error) { -+ panic("boringcrypto: not available") -+} -+func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) { -+ panic("boringcrypto: not available") -+} -diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go -index 6b02522866d57f..37e67ec184af5d 100644 ---- a/src/crypto/hkdf/hkdf.go -+++ b/src/crypto/hkdf/hkdf.go -@@ -11,6 +11,7 @@ - package hkdf - - import ( -+ boring "crypto/internal/backend" - "crypto/internal/fips140/hkdf" - "crypto/internal/fips140hash" - "crypto/internal/fips140only" -@@ -29,6 +30,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { - if err := checkFIPS140Only(fh, secret); err != nil { - return nil, err - } -+ if boring.Enabled && boring.SupportsHKDF() { -+ return boring.ExtractHKDF(fh, secret, salt) -+ } - return hkdf.Extract(fh, secret, salt), nil - } - -@@ -50,6 +54,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen - return nil, errors.New("hkdf: requested key length too large") - } - -+ if boring.Enabled && boring.SupportsHKDF() { -+ return boring.ExpandHKDF(fh, pseudorandomKey, []byte(info), keyLength) -+ } - return hkdf.Expand(fh, pseudorandomKey, info, keyLength), nil - } - -@@ -67,6 +74,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen - return nil, errors.New("hkdf: requested key length too large") - } - -+ if boring.Enabled && boring.SupportsHKDF() { -+ pseudorandomKey, err := boring.ExtractHKDF(fh, secret, salt) -+ if err != nil { -+ return nil, err -+ } -+ return boring.ExpandHKDF(fh, pseudorandomKey, []byte(info), keyLength) -+ } - return hkdf.Key(fh, secret, salt, info, keyLength), nil - } - -diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go -index 201b440289bb2d..4ed4960ff35b66 100644 ---- a/src/crypto/hkdf/hkdf_test.go -+++ b/src/crypto/hkdf/hkdf_test.go -@@ -6,7 +6,7 @@ package hkdf - - import ( - "bytes" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140" - "crypto/md5" - "crypto/sha1" -diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go -index 554c8c9b78940b..c68a394280cc2c 100644 ---- a/src/crypto/hmac/hmac.go -+++ b/src/crypto/hmac/hmac.go -@@ -22,7 +22,7 @@ timing side-channels: - package hmac - - import ( -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/hmac" - "crypto/internal/fips140hash" - "crypto/internal/fips140only" -diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go -index 7accad763244a1..dd3211f2c37af3 100644 ---- a/src/crypto/hmac/hmac_test.go -+++ b/src/crypto/hmac/hmac_test.go -@@ -5,7 +5,7 @@ - package hmac - - import ( -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "crypto/md5" - "crypto/sha1" diff --git a/src/crypto/internal/backend/backend_test.go b/src/crypto/internal/backend/backend_test.go new file mode 100644 index 00000000000000..c2c06d3bff8c74 @@ -1442,1329 +518,8 @@ index 00000000000000..5e4b436554d44d +// Having this assembly file keeps the go command +// from complaining about the missing body +// (because the implementation might be here). -diff --git a/src/crypto/internal/cryptotest/allocations.go b/src/crypto/internal/cryptotest/allocations.go -index 70055af70b42ec..3c4b4fbaa98ded 100644 ---- a/src/crypto/internal/cryptotest/allocations.go -+++ b/src/crypto/internal/cryptotest/allocations.go -@@ -5,7 +5,7 @@ - package cryptotest - - import ( -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "internal/asan" - "internal/msan" - "internal/race" -diff --git a/src/crypto/internal/cryptotest/implementations.go b/src/crypto/internal/cryptotest/implementations.go -index 3fa730459050f6..1f28f12a6e7b4f 100644 ---- a/src/crypto/internal/cryptotest/implementations.go -+++ b/src/crypto/internal/cryptotest/implementations.go -@@ -5,7 +5,7 @@ - package cryptotest - - import ( -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/impl" - "internal/goos" - "internal/testenv" -diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go -index a0384e175f31bd..f7aa6da36f02de 100644 ---- a/src/crypto/md5/md5.go -+++ b/src/crypto/md5/md5.go -@@ -12,6 +12,7 @@ package md5 - - import ( - "crypto" -+ boring "crypto/internal/backend" - "crypto/internal/fips140only" - "errors" - "hash" -@@ -104,6 +105,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { - // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal - // state of the hash. - func New() hash.Hash { -+ if boring.Enabled && boring.SupportsHash(crypto.MD5) { -+ return boring.NewMD5() -+ } - d := new(digest) - d.Reset() - return d -@@ -188,6 +192,12 @@ func (d *digest) checkSum() [Size]byte { - - // Sum returns the MD5 checksum of the data. - func Sum(data []byte) [Size]byte { -+ if boring.Enabled && boring.SupportsHash(crypto.MD5) { -+ if fips140only.Enabled { -+ panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") -+ } -+ return boring.MD5(data) -+ } - var d digest - d.Reset() - d.Write(data) -diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 437d9b9d4c0e0d..ee28c55f846e81 100644 ---- a/src/crypto/md5/md5_test.go -+++ b/src/crypto/md5/md5_test.go -@@ -6,12 +6,14 @@ package md5 - - import ( - "bytes" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "crypto/rand" - "encoding" - "fmt" - "hash" - "io" -+ "strings" - "testing" - "unsafe" - ) -@@ -88,6 +90,11 @@ func TestGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - for _, g := range golden { - h := New() - h2 := New() -@@ -96,6 +103,9 @@ func TestGoldenMarshal(t *testing.T) { - - state, err := h.(encoding.BinaryMarshaler).MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("could not marshal: %v", err) - continue - } -@@ -157,6 +167,9 @@ func TestLarge(t *testing.T) { - - // Tests that blockGeneric (pure Go) and block (in assembly for amd64, 386, arm) match. - func TestBlockGeneric(t *testing.T) { -+ if boring.Enabled { -+ t.Skip("digest is not used when boring.Enabled is set") -+ } - gen, asm := New().(*digest), New().(*digest) - buf := make([]byte, BlockSize*20) // arbitrary factor - rand.Read(buf) -@@ -204,10 +217,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { -+ t.Skip("BinaryUnmarshaler not implemented") -+ } -+ } - for i, test := range largeUnmarshalTests { - - h := New() - if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("test %d could not unmarshal: %v", i, err) - continue - } -diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go -index 271d2b03312ef0..ff76299fbe4782 100644 ---- a/src/crypto/pbkdf2/pbkdf2.go -+++ b/src/crypto/pbkdf2/pbkdf2.go -@@ -11,6 +11,7 @@ - package pbkdf2 - - import ( -+ boring "crypto/internal/backend" - "crypto/internal/fips140/pbkdf2" - "crypto/internal/fips140hash" - "crypto/internal/fips140only" -@@ -47,5 +48,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL - return nil, errors.New("crypto/pbkdf2: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") - } - } -+ if boring.Enabled && boring.SupportsPBKDF2() { -+ return boring.PBKDF2([]byte(password), salt, iter, keyLength, fh) -+ } - return pbkdf2.Key(fh, password, salt, iter, keyLength) - } -diff --git a/src/crypto/pbkdf2/pbkdf2_test.go b/src/crypto/pbkdf2/pbkdf2_test.go -index 03980c7e54d3be..4968a666fad4e5 100644 ---- a/src/crypto/pbkdf2/pbkdf2_test.go -+++ b/src/crypto/pbkdf2/pbkdf2_test.go -@@ -6,7 +6,7 @@ package pbkdf2_test - - import ( - "bytes" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140" - "crypto/pbkdf2" - "crypto/sha1" -diff --git a/src/crypto/purego_test.go b/src/crypto/purego_test.go -index 62be347e0c6822..d284b5cf7814a6 100644 ---- a/src/crypto/purego_test.go -+++ b/src/crypto/purego_test.go -@@ -41,7 +41,7 @@ func TestPureGoTag(t *testing.T) { - } - - for _, pkgName := range pkgs { -- if strings.Contains(pkgName, "/boring") { -+ if strings.Contains(pkgName, "/boring") || strings.Contains(pkgName, "/internal/backend") || strings.Contains(pkgName, "tls/fipsonly") { - continue - } - -diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go -index 1ca16caa9563e6..3ef22b5ff8222b 100644 ---- a/src/crypto/rand/rand.go -+++ b/src/crypto/rand/rand.go -@@ -7,7 +7,7 @@ - package rand - - import ( -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140" - "crypto/internal/fips140/drbg" - "crypto/internal/sysrand" -diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go -index 90943a0935befb..09ebdfd733e5d6 100644 ---- a/src/crypto/rc4/rc4.go -+++ b/src/crypto/rc4/rc4.go -@@ -10,6 +10,7 @@ - package rc4 - - import ( -+ boring "crypto/internal/backend" - "crypto/internal/fips140/alias" - "crypto/internal/fips140only" - "errors" -@@ -20,6 +21,8 @@ import ( - type Cipher struct { - s [256]uint32 - i, j uint8 -+ -+ boring *boring.RC4Cipher - } - - type KeySizeError int -@@ -38,6 +41,13 @@ func NewCipher(key []byte) (*Cipher, error) { - if k < 1 || k > 256 { - return nil, KeySizeError(k) - } -+ if boring.Enabled && boring.SupportsRC4() { -+ c, err := boring.NewRC4Cipher(key) -+ if err != nil { -+ return nil, err -+ } -+ return &Cipher{boring: c}, nil -+ } - var c Cipher - for i := 0; i < 256; i++ { - c.s[i] = uint32(i) -@@ -55,6 +65,10 @@ func NewCipher(key []byte) (*Cipher, error) { - // Deprecated: Reset can't guarantee that the key will be entirely removed from - // the process's memory. - func (c *Cipher) Reset() { -+ if boring.Enabled && boring.SupportsRC4() { -+ c.boring.Reset() -+ return -+ } - for i := range c.s { - c.s[i] = 0 - } -@@ -64,6 +78,10 @@ func (c *Cipher) Reset() { - // XORKeyStream sets dst to the result of XORing src with the key stream. - // Dst and src must overlap entirely or not at all. - func (c *Cipher) XORKeyStream(dst, src []byte) { -+ if boring.Enabled && boring.SupportsRC4() { -+ c.boring.XORKeyStream(dst, src) -+ return -+ } - if len(src) == 0 { - return - } -diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go -index b9f9d3154f2589..d52faddef45549 100644 ---- a/src/crypto/rsa/boring.go -+++ b/src/crypto/rsa/boring.go -@@ -2,13 +2,13 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package rsa - - import ( -- "crypto/internal/boring" -- "crypto/internal/boring/bbig" -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/boring/bcache" - "math/big" - ) -diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go -index 838fcc1244bdbe..d89f732345e8a3 100644 ---- a/src/crypto/rsa/boring_test.go -+++ b/src/crypto/rsa/boring_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - // Note: Can run these tests against the non-BoringCrypto - // version of the code by using "CGO_ENABLED=0 go test". -diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go -index 8373c125ae3096..cee523891d5897 100644 ---- a/src/crypto/rsa/fips.go -+++ b/src/crypto/rsa/fips.go -@@ -6,7 +6,7 @@ package rsa - - import ( - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/rsa" - "crypto/internal/fips140hash" - "crypto/internal/fips140only" -@@ -70,7 +70,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, - hash = opts.Hash - } - -- if boring.Enabled && rand == boring.RandReader { -+ if boring.Enabled && rand == boring.RandReader && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsHash(hash) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -133,7 +133,7 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts - return err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSASaltLength(opts.saltLength()) && boring.SupportsHash(hash) { - bkey, err := boringPublicKey(pub) - if err != nil { - return err -@@ -250,7 +250,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { - k := priv.Size() - if len(ciphertext) > k || - k < hash.Size()*2+2 { -@@ -312,7 +312,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go -index 2abc0436405f8a..3e4d6f3eef61e6 100644 ---- a/src/crypto/rsa/notboring.go -+++ b/src/crypto/rsa/notboring.go -@@ -2,11 +2,11 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build !boringcrypto -+//go:build !goexperiment.systemcrypto - - package rsa - --import "crypto/internal/boring" -+import boring "crypto/internal/backend" - - func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { - panic("boringcrypto: not available") -diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index f1e4ef48a4fd1c..a179a4388e3ee5 100644 ---- a/src/crypto/rsa/pkcs1v15.go -+++ b/src/crypto/rsa/pkcs1v15.go -@@ -5,7 +5,7 @@ - package rsa - - import ( -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/rsa" - "crypto/internal/fips140only" - "crypto/internal/randutil" -@@ -104,7 +104,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b - return nil, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { - bkey, err := boringPrivateKey(priv) - if err != nil { - return nil, err -@@ -203,7 +203,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, - return 0, nil, 0, err - } - -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { - var bkey *boring.PrivateKeyRSA - bkey, err = boringPrivateKey(priv) - if err != nil { -diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go -index c65552cd93526a..910416abe842f5 100644 ---- a/src/crypto/rsa/pkcs1v15_test.go -+++ b/src/crypto/rsa/pkcs1v15_test.go -@@ -7,6 +7,7 @@ package rsa_test - import ( - "bytes" - "crypto" -+ boring "crypto/internal/backend" - "crypto/rand" - . "crypto/rsa" - "crypto/sha1" -@@ -235,6 +236,10 @@ func TestVerifyPKCS1v15(t *testing.T) { - } - - func TestOverlongMessagePKCS1v15(t *testing.T) { -+ if boring.Enabled { -+ // See for example https://github.com/golang-fips/openssl/pull/142. -+ t.Skip("Some backends do not return an error for overlong messages.") -+ } - t.Setenv("GODEBUG", "rsa1024min=0") - ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") - _, err := DecryptPKCS1v15(nil, test512Key, ciphertext) -diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index e03f4ab06603c6..f31d492d53cf96 100644 ---- a/src/crypto/rsa/pss_test.go -+++ b/src/crypto/rsa/pss_test.go -@@ -8,6 +8,7 @@ import ( - "bufio" - "compress/bzip2" - "crypto" -+ boring "crypto/internal/backend" - "crypto/internal/fips140" - "crypto/rand" - . "crypto/rsa" -@@ -180,6 +181,10 @@ func TestPSSSigning(t *testing.T) { - continue - } - -+ if boring.Enabled && test.good != test.fipsGood { -+ t.Skip("skipping test with different results when using different backends") -+ } -+ - opts.SaltLength = test.verifySaltLength - err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) - good := test.good -@@ -241,7 +246,9 @@ func fromHex(hexStr string) []byte { - - func TestInvalidPSSSaltLength(t *testing.T) { - t.Setenv("GODEBUG", "rsa1024min=0") -- key, err := GenerateKey(rand.Reader, 245) -+ // Most crypto backends don't support generating RSA keys with a bit size -+ // lower than 512, so we use 512 here. -+ key, err := GenerateKey(rand.Reader, 512) - if err != nil { - t.Fatal(err) - } -diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 95bb4becd2ff8c..73991434dabaf1 100644 ---- a/src/crypto/rsa/rsa.go -+++ b/src/crypto/rsa/rsa.go -@@ -42,8 +42,8 @@ package rsa - - import ( - "crypto" -- "crypto/internal/boring" -- "crypto/internal/boring/bbig" -+ boring "crypto/internal/backend" -+ "crypto/internal/backend/bbig" - "crypto/internal/fips140/bigmod" - "crypto/internal/fips140/rsa" - "crypto/internal/fips140only" -diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go -index 73b0c3749eedb2..1a712a0e1c5d95 100644 ---- a/src/crypto/rsa/rsa_test.go -+++ b/src/crypto/rsa/rsa_test.go -@@ -8,7 +8,7 @@ import ( - "bufio" - "bytes" - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "crypto/rand" - . "crypto/rsa" -@@ -146,6 +146,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { - if priv.D.Cmp(priv.N) > 0 { - t.Errorf("private exponent too large") - } -+ if boring.Enabled && priv.N.BitLen() < 512 { -+ // Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes -+ // lower than 512 and intentionally fail rather than fall back to Go crypto. -+ t.Skip("skipping allocations test with BoringCrypto") -+ } - - msg := []byte("hi!") - enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) -@@ -226,6 +231,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { - if err := priv.Validate(); err != nil { - t.Errorf("Validate() failed: %s", err) - } -+ if boring.Enabled && priv.N.BitLen() < 512 { -+ // Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes -+ // lower than 512 and intentionally fail rather than fall back to Go crypto. -+ t.Skip("skipping allocations test with BoringCrypto") -+ } - - msg := []byte("test") - enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) -@@ -853,6 +863,9 @@ func TestDecryptOAEP(t *testing.T) { - } - - func Test2DecryptOAEP(t *testing.T) { -+ if boring.Enabled { -+ t.Skip("Some crypto backends don't supports OAEPOptions.MGFHash.") -+ } - random := rand.Reader - - msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} -diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go -index d2ffaac0aeb674..23d8ad44d0bd9a 100644 ---- a/src/crypto/sha1/sha1.go -+++ b/src/crypto/sha1/sha1.go -@@ -10,7 +10,7 @@ package sha1 - - import ( - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140only" - "errors" - "hash" -@@ -266,12 +266,12 @@ func (d *digest) constSum() [Size]byte { - - // Sum returns the SHA-1 checksum of the data. - func Sum(data []byte) [Size]byte { -- if boring.Enabled { -- return boring.SHA1(data) -- } - if fips140only.Enabled { - panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode") - } -+ if boring.Enabled { -+ return boring.SHA1(data) -+ } - var d digest - d.Reset() - d.Write(data) -diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index 9d707b7cde5c2d..8da08b3d860a85 100644 ---- a/src/crypto/sha1/sha1_test.go -+++ b/src/crypto/sha1/sha1_test.go -@@ -8,13 +8,14 @@ package sha1 - - import ( - "bytes" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "crypto/rand" - "encoding" - "fmt" - "hash" - "io" -+ "strings" - "testing" - ) - -@@ -97,6 +98,11 @@ func TestGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - h := New() - h2 := New() - for _, g := range golden { -@@ -107,6 +113,9 @@ func TestGoldenMarshal(t *testing.T) { - - state, err := h.(encoding.BinaryMarshaler).MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("could not marshal: %v", err) - continue - } -@@ -210,10 +219,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - for i, test := range largeUnmarshalTests { - - h := New() - if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("test %d could not unmarshal: %v", i, err) - continue - } -diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 069938a22dbc5a..8d0e06b86f4359 100644 ---- a/src/crypto/sha256/sha256.go -+++ b/src/crypto/sha256/sha256.go -@@ -8,7 +8,7 @@ package sha256 - - import ( - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/sha256" - "hash" - ) -@@ -43,7 +43,7 @@ func New() hash.Hash { - // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal - // state of the hash. - func New224() hash.Hash { -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsHash(crypto.SHA224) { - return boring.NewSHA224() - } - return sha256.New224() -@@ -63,7 +63,7 @@ func Sum256(data []byte) [Size]byte { - - // Sum224 returns the SHA224 checksum of the data. - func Sum224(data []byte) [Size224]byte { -- if boring.Enabled { -+ if boring.Enabled && boring.SupportsHash(crypto.SHA224) { - return boring.SHA224(data) - } - h := New224() -diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index e1af9640e25547..c4f142c1430285 100644 ---- a/src/crypto/sha256/sha256_test.go -+++ b/src/crypto/sha256/sha256_test.go -@@ -8,11 +8,13 @@ package sha256 - - import ( - "bytes" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "encoding" - "fmt" - "hash" - "io" -+ "strings" - "testing" - ) - -@@ -155,6 +157,11 @@ func testGoldenMarshal(t *testing.T) { - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - for _, g := range tt.gold { - h := tt.newHash() - h2 := tt.newHash() -@@ -163,6 +170,9 @@ func testGoldenMarshal(t *testing.T) { - - state, err := h.(encoding.BinaryMarshaler).MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("could not marshal: %v", err) - continue - } -@@ -204,8 +214,19 @@ func TestMarshalTypeMismatch(t *testing.T) { - h1 := New() - h2 := New224() - -+ if boring.Enabled { -+ _, ok1 := h1.(encoding.BinaryMarshaler) -+ _, ok2 := h2.(encoding.BinaryUnmarshaler) -+ if !ok1 || !ok2 { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } -+ - state1, err := h1.(encoding.BinaryMarshaler).MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("could not marshal: %v", err) - } - -@@ -275,10 +296,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - return h.Sum(nil), nil - } - func TestLargeHashes(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { -+ t.Skip("BinaryUnmarshaler not implemented") -+ } -+ } - for i, test := range largeUnmarshalTests { - - h := New() - if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("test %d could not unmarshal: %v", i, err) - continue - } -diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go -index 1435eac1f5b5dc..17e8501154762a 100644 ---- a/src/crypto/sha512/sha512.go -+++ b/src/crypto/sha512/sha512.go -@@ -12,7 +12,7 @@ package sha512 - - import ( - "crypto" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/sha512" - "hash" - ) -diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index 1fe9d132bb186d..97b7da8c2d3d88 100644 ---- a/src/crypto/sha512/sha512_test.go -+++ b/src/crypto/sha512/sha512_test.go -@@ -8,12 +8,14 @@ package sha512 - - import ( - "bytes" -+ boring "crypto/internal/backend" - "crypto/internal/cryptotest" - "encoding" - "encoding/hex" - "fmt" - "hash" - "io" -+ "strings" - "testing" - ) - -@@ -744,6 +746,11 @@ func testGoldenMarshal(t *testing.T) { - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - for _, test := range tt.golden { -+ if boring.Enabled { -+ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - h := tt.newHash() - h2 := tt.newHash() - -@@ -751,6 +758,9 @@ func testGoldenMarshal(t *testing.T) { - - state, err := h.(encoding.BinaryMarshaler).MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("could not marshal: %v", err) - return - } -@@ -805,8 +815,19 @@ func TestMarshalMismatch(t *testing.T) { - h1 := fn1() - h2 := fn2() - -+ if boring.Enabled { -+ _, ok1 := h1.(encoding.BinaryMarshaler) -+ _, ok2 := h2.(encoding.BinaryUnmarshaler) -+ if !ok1 || !ok2 { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } -+ - state, err := h1.(encoding.BinaryMarshaler).MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("i=%d: could not marshal: %v", i, err) - continue - } -@@ -880,10 +901,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { -+ t.Skip("BinaryUnmarshaler not implemented") -+ } -+ } - for i, test := range largeUnmarshalTests { - - h := New() - if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Errorf("test %d could not unmarshal: %v", i, err) - continue - } -diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 01d65688284f97..d8a26c24024348 100644 ---- a/src/crypto/tls/cipher_suites.go -+++ b/src/crypto/tls/cipher_suites.go -@@ -10,7 +10,7 @@ import ( - "crypto/cipher" - "crypto/des" - "crypto/hmac" -- "crypto/internal/boring" -+ boring "crypto/internal/backend" - fipsaes "crypto/internal/fips140/aes" - "crypto/internal/fips140/aes/gcm" - "crypto/rc4" -diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go -index e702f44e986746..e506a0d8841237 100644 ---- a/src/crypto/tls/fipsonly/fipsonly.go -+++ b/src/crypto/tls/fipsonly/fipsonly.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - // Package fipsonly restricts all TLS configuration to FIPS-approved settings. - // -diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go -index 027bc22c33c921..eba08da985f832 100644 ---- a/src/crypto/tls/fipsonly/fipsonly_test.go -+++ b/src/crypto/tls/fipsonly/fipsonly_test.go -@@ -2,7 +2,7 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build boringcrypto -+//go:build goexperiment.systemcrypto - - package fipsonly - -diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 38bd417a0dca72..8c1ae3c7ec5485 100644 ---- a/src/crypto/tls/handshake_client.go -+++ b/src/crypto/tls/handshake_client.go -@@ -11,11 +11,11 @@ import ( - "crypto/ecdsa" - "crypto/ed25519" - "crypto/internal/fips140/mlkem" -- "crypto/internal/fips140/tls13" - "crypto/internal/hpke" - "crypto/rsa" - "crypto/subtle" - "crypto/tls/internal/fips140tls" -+ "crypto/tls/internal/tls13" - "crypto/x509" - "errors" - "fmt" -@@ -549,7 +549,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { - - // Does the handshake, either a full one or resumes old session. Requires hs.c, - // hs.hello, hs.serverHello, and, optionally, hs.session to be set. --func (hs *clientHandshakeState) handshake() error { -+func (hs *clientHandshakeState) handshake() (err error) { -+ defer func() { -+ if err == nil { -+ err = recoverFromBoringPRFError() -+ if err != nil { -+ hs.c.sendAlert(alertInternalError) -+ } -+ } -+ }() - c := hs.c - - isResume, err := hs.processServerHello() -diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go -index c0396e75796add..2c00e119cb66e4 100644 ---- a/src/crypto/tls/handshake_client_tls13.go -+++ b/src/crypto/tls/handshake_client_tls13.go -@@ -8,12 +8,12 @@ import ( - "bytes" - "context" - "crypto" -+ "crypto/hkdf" - "crypto/hmac" -- "crypto/internal/fips140/hkdf" - "crypto/internal/fips140/mlkem" -- "crypto/internal/fips140/tls13" - "crypto/rsa" - "crypto/subtle" -+ "crypto/tls/internal/tls13" - "errors" - "hash" - "slices" -@@ -90,8 +90,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error { - confTranscript.Write(hs.serverHello.original[:30]) - confTranscript.Write(make([]byte, 8)) - confTranscript.Write(hs.serverHello.original[38:]) -+ secret, err := hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil) -+ if err != nil { -+ return err -+ } - acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, -- hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil), -+ secret, - "ech accept confirmation", - confTranscript.Sum(nil), - 8, -@@ -264,8 +268,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error { - copy(hrrHello, hs.serverHello.original) - hrrHello = bytes.Replace(hrrHello, hs.serverHello.encryptedClientHello, make([]byte, 8), 1) - confTranscript.Write(hrrHello) -+ secret, err := hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil) -+ if err != nil { -+ return err -+ } - acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, -- hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil), -+ secret, - "hrr ech accept confirmation", - confTranscript.Sum(nil), - 8, -diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go -index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 ---- a/src/crypto/tls/handshake_server.go -+++ b/src/crypto/tls/handshake_server.go -@@ -64,7 +64,15 @@ func (c *Conn) serverHandshake(ctx context.Context) error { - return hs.handshake() - } - --func (hs *serverHandshakeState) handshake() error { -+func (hs *serverHandshakeState) handshake() (err error) { -+ defer func() { -+ if err == nil { -+ err = recoverFromBoringPRFError() -+ if err != nil { -+ hs.c.sendAlert(alertInternalError) -+ } -+ } -+ }() - c := hs.c - - if err := hs.processClientHello(); err != nil { -diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index 76fff6974e7403..3ef8b56e5c7898 100644 ---- a/src/crypto/tls/handshake_server_tls13.go -+++ b/src/crypto/tls/handshake_server_tls13.go -@@ -8,13 +8,14 @@ import ( - "bytes" - "context" - "crypto" -+ "crypto/hkdf" - "crypto/hmac" -- "crypto/internal/fips140/hkdf" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/mlkem" -- "crypto/internal/fips140/tls13" - "crypto/internal/hpke" - "crypto/rsa" - "crypto/tls/internal/fips140tls" -+ "crypto/tls/internal/tls13" - "errors" - "hash" - "internal/byteorder" -@@ -470,15 +471,19 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { - // interfaces implemented by standard library hashes to clone the state of in - // to a new instance of h. It returns nil if the operation fails. - func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { -+ if boring.Enabled { -+ // CNG and OpenSSL with SymCrypt hash functions do not implement the -+ // encoding.BinaryMarshaler interface, but they do implement the Clone method. -+ if cloner, ok := in.(interface{ Clone() hash.Hash }); ok { -+ return cloner.Clone() -+ } -+ } - // Recreate the interface to avoid importing encoding. - type binaryMarshaler interface { - MarshalBinary() (data []byte, err error) - UnmarshalBinary(data []byte) error - } - marshaler, ok := in.(binaryMarshaler) -- if !ok { -- return nil -- } - state, err := marshaler.MarshalBinary() - if err != nil { - return nil -@@ -572,8 +577,12 @@ func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) - if err := transcriptMsg(helloRetryRequest, confTranscript); err != nil { - return nil, err - } -+ secret, err := hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil) -+ if err != nil { -+ return nil, err -+ } - acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, -- hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil), -+ secret, - "hrr ech accept confirmation", - confTranscript.Sum(nil), - 8, -@@ -734,9 +743,13 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { - if err := transcriptMsg(hs.hello, echTranscript); err != nil { - return err - } -+ secret, err := hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil) -+ if err != nil { -+ return err -+ } - // compute the acceptance message - acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, -- hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil), -+ secret, - "ech accept confirmation", - echTranscript.Sum(nil), - 8, -diff --git a/src/crypto/tls/internal/fips140tls/fipstls.go b/src/crypto/tls/internal/fips140tls/fipstls.go -index 24d78d60cf5b64..a6bfd3f17c1911 100644 ---- a/src/crypto/tls/internal/fips140tls/fipstls.go -+++ b/src/crypto/tls/internal/fips140tls/fipstls.go -@@ -6,6 +6,7 @@ - package fips140tls - - import ( -+ bfips140 "crypto/internal/backend/fips140" - "crypto/internal/fips140" - "sync/atomic" - ) -@@ -13,7 +14,7 @@ import ( - var required atomic.Bool - - func init() { -- if fips140.Enabled { -+ if fips140.Enabled || bfips140.Enabled() { - Force() - } - } -diff --git a/src/crypto/tls/internal/tls13/doc.go b/src/crypto/tls/internal/tls13/doc.go -new file mode 100644 -index 00000000000000..1adf3098356307 ---- /dev/null -+++ b/src/crypto/tls/internal/tls13/doc.go -@@ -0,0 +1,18 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+/* -+Microsoft Go only package. -+ -+TLS 1.3 Key Schedule is normally not part of the FIPS boundary, but upstream Go -+decided to include it in the FIPS boundary to facilitate the FIPS 140-3 certification -+process. -+ -+The problem is that crypto/internal/fips140/tls13 uses crypto/internal/fips140/hkdf, -+which can't be patched to use other backends. -+ -+To solve this problem, we created this package, which is a direct copy of -+crypto/internal/fips140/tls13, but uses crypto/hkdf instead of crypto/internal/fips140/hkdf. -+*/ -+package tls13 -diff --git a/src/crypto/tls/internal/tls13/tls13.go b/src/crypto/tls/internal/tls13/tls13.go -new file mode 100644 -index 00000000000000..573896b9c1e6a8 ---- /dev/null -+++ b/src/crypto/tls/internal/tls13/tls13.go -@@ -0,0 +1,182 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, -+// Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. -+package tls13 -+ -+import ( -+ "crypto/hkdf" -+ "hash" -+ "internal/byteorder" -+) -+ -+// We don't set the service indicator in this package but we delegate that to -+// the underlying functions because the TLS 1.3 KDF does not have a standard of -+// its own. -+ -+// ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. -+func ExpandLabel[H hash.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte { -+ if len("tls13 ")+len(label) > 255 || len(context) > 255 { -+ // It should be impossible for this to panic: labels are fixed strings, -+ // and context is either a fixed-length computed hash, or parsed from a -+ // field which has the same length limitation. -+ // -+ // Another reasonable approach might be to return a randomized slice if -+ // we encounter an error, which would break the connection, but avoid -+ // panicking. This would perhaps be safer but significantly more -+ // confusing to users. -+ panic("tls13: label or context too long") -+ } -+ hkdfLabel := make([]byte, 0, 2+1+len("tls13 ")+len(label)+1+len(context)) -+ hkdfLabel = byteorder.BEAppendUint16(hkdfLabel, uint16(length)) -+ hkdfLabel = append(hkdfLabel, byte(len("tls13 ")+len(label))) -+ hkdfLabel = append(hkdfLabel, "tls13 "...) -+ hkdfLabel = append(hkdfLabel, label...) -+ hkdfLabel = append(hkdfLabel, byte(len(context))) -+ hkdfLabel = append(hkdfLabel, context...) -+ key, err := hkdf.Expand(hash, secret, string(hkdfLabel), length) -+ if err != nil { -+ panic(err) -+ } -+ return key -+} -+ -+func extract[H hash.Hash](hash func() H, newSecret, currentSecret []byte) []byte { -+ if newSecret == nil { -+ newSecret = make([]byte, hash().Size()) -+ } -+ prk, err := hkdf.Extract(hash, newSecret, currentSecret) -+ if err != nil { -+ panic(err) -+ } -+ return prk -+} -+ -+func deriveSecret[H hash.Hash](hash func() H, secret []byte, label string, transcript hash.Hash) []byte { -+ if transcript == nil { -+ transcript = hash() -+ } -+ return ExpandLabel(hash, secret, label, transcript.Sum(nil), transcript.Size()) -+} -+ -+const ( -+ resumptionBinderLabel = "res binder" -+ clientEarlyTrafficLabel = "c e traffic" -+ clientHandshakeTrafficLabel = "c hs traffic" -+ serverHandshakeTrafficLabel = "s hs traffic" -+ clientApplicationTrafficLabel = "c ap traffic" -+ serverApplicationTrafficLabel = "s ap traffic" -+ earlyExporterLabel = "e exp master" -+ exporterLabel = "exp master" -+ resumptionLabel = "res master" -+) -+ -+type EarlySecret struct { -+ secret []byte -+ hash func() hash.Hash -+} -+ -+func NewEarlySecret[H hash.Hash](h func() H, psk []byte) *EarlySecret { -+ return &EarlySecret{ -+ secret: extract(h, psk, nil), -+ hash: func() hash.Hash { return h() }, -+ } -+} -+ -+func (s *EarlySecret) ResumptionBinderKey() []byte { -+ return deriveSecret(s.hash, s.secret, resumptionBinderLabel, nil) -+} -+ -+// ClientEarlyTrafficSecret derives the client_early_traffic_secret from the -+// early secret and the transcript up to the ClientHello. -+func (s *EarlySecret) ClientEarlyTrafficSecret(transcript hash.Hash) []byte { -+ return deriveSecret(s.hash, s.secret, clientEarlyTrafficLabel, transcript) -+} -+ -+type HandshakeSecret struct { -+ secret []byte -+ hash func() hash.Hash -+} -+ -+func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret { -+ derived := deriveSecret(s.hash, s.secret, "derived", nil) -+ return &HandshakeSecret{ -+ secret: extract(s.hash, sharedSecret, derived), -+ hash: s.hash, -+ } -+} -+ -+// ClientHandshakeTrafficSecret derives the client_handshake_traffic_secret from -+// the handshake secret and the transcript up to the ServerHello. -+func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript hash.Hash) []byte { -+ return deriveSecret(s.hash, s.secret, clientHandshakeTrafficLabel, transcript) -+} -+ -+// ServerHandshakeTrafficSecret derives the server_handshake_traffic_secret from -+// the handshake secret and the transcript up to the ServerHello. -+func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript hash.Hash) []byte { -+ return deriveSecret(s.hash, s.secret, serverHandshakeTrafficLabel, transcript) -+} -+ -+type MasterSecret struct { -+ secret []byte -+ hash func() hash.Hash -+} -+ -+func (s *HandshakeSecret) MasterSecret() *MasterSecret { -+ derived := deriveSecret(s.hash, s.secret, "derived", nil) -+ return &MasterSecret{ -+ secret: extract(s.hash, nil, derived), -+ hash: s.hash, -+ } -+} -+ -+// ClientApplicationTrafficSecret derives the client_application_traffic_secret_0 -+// from the master secret and the transcript up to the server Finished. -+func (s *MasterSecret) ClientApplicationTrafficSecret(transcript hash.Hash) []byte { -+ return deriveSecret(s.hash, s.secret, clientApplicationTrafficLabel, transcript) -+} -+ -+// ServerApplicationTrafficSecret derives the server_application_traffic_secret_0 -+// from the master secret and the transcript up to the server Finished. -+func (s *MasterSecret) ServerApplicationTrafficSecret(transcript hash.Hash) []byte { -+ return deriveSecret(s.hash, s.secret, serverApplicationTrafficLabel, transcript) -+} -+ -+// ResumptionMasterSecret derives the resumption_master_secret from the master secret -+// and the transcript up to the client Finished. -+func (s *MasterSecret) ResumptionMasterSecret(transcript hash.Hash) []byte { -+ return deriveSecret(s.hash, s.secret, resumptionLabel, transcript) -+} -+ -+type ExporterMasterSecret struct { -+ secret []byte -+ hash func() hash.Hash -+} -+ -+// ExporterMasterSecret derives the exporter_master_secret from the master secret -+// and the transcript up to the server Finished. -+func (s *MasterSecret) ExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret { -+ return &ExporterMasterSecret{ -+ secret: deriveSecret(s.hash, s.secret, exporterLabel, transcript), -+ hash: s.hash, -+ } -+} -+ -+// EarlyExporterMasterSecret derives the exporter_master_secret from the early secret -+// and the transcript up to the ClientHello. -+func (s *EarlySecret) EarlyExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret { -+ return &ExporterMasterSecret{ -+ secret: deriveSecret(s.hash, s.secret, earlyExporterLabel, transcript), -+ hash: s.hash, -+ } -+} -+ -+func (s *ExporterMasterSecret) Exporter(label string, context []byte, length int) []byte { -+ secret := deriveSecret(s.hash, s.secret, label, nil) -+ h := s.hash() -+ h.Write(context) -+ return ExpandLabel(s.hash, secret, "exporter", h.Sum(nil), length) -+} -diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go -index 38d6d3f7be1673..b236ae44a34030 100644 ---- a/src/crypto/tls/key_schedule.go -+++ b/src/crypto/tls/key_schedule.go -@@ -8,7 +8,7 @@ import ( - "crypto/ecdh" - "crypto/hmac" - "crypto/internal/fips140/mlkem" -- "crypto/internal/fips140/tls13" -+ "crypto/tls/internal/tls13" - "errors" - "hash" - "io" -diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go -index e7369542a73270..ff52175e4ac636 100644 ---- a/src/crypto/tls/prf.go -+++ b/src/crypto/tls/prf.go -@@ -7,6 +7,7 @@ package tls - import ( - "crypto" - "crypto/hmac" -+ boring "crypto/internal/backend" - "crypto/internal/fips140/tls12" - "crypto/md5" - "crypto/sha1" -@@ -47,9 +48,42 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { - } - } - -+type boringPRFError struct { -+ err error -+} -+ -+func (e *boringPRFError) Error() string { -+ return e.err.Error() -+} -+ -+// recoverFromBoringPRFError recovers from a panic caused by the boring backend. -+// It returns the error if it was a boringPRFError, or panics if the panic was -+// caused by something else. -+func recoverFromBoringPRFError() error { -+ if p := recover(); p != nil { -+ if err, ok := p.(boringPRFError); ok { -+ // Could happen, for example, if the seed is too large. The Go implementation doesn't limit the seed size, -+ // as RFC 5705 doesn't specify a limit, but stock OpenSSL restrict it to 1024 and CNG to 256. -+ return err.err -+ } -+ panic(p) -+ } -+ return nil -+} -+ -+func panicBoringPRFError(err error) { -+ panic(boringPRFError{err}) -+} -+ - // prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. - func prf10(secret []byte, label string, seed []byte, keyLen int) []byte { - result := make([]byte, keyLen) -+ if boring.Enabled && boring.SupportsTLS1PRF() { -+ if err := boring.TLS1PRF(result, secret, []byte(label), seed, nil); err != nil { -+ panicBoringPRFError(fmt.Errorf("crypto/tls: prf10: %v", err)) -+ } -+ return result -+ } - hashSHA1 := sha1.New - hashMD5 := md5.New - -@@ -72,6 +106,13 @@ func prf10(secret []byte, label string, seed []byte, keyLen int) []byte { - // prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. - func prf12(hashFunc func() hash.Hash) prfFunc { - return func(secret []byte, label string, seed []byte, keyLen int) []byte { -+ if boring.Enabled && boring.SupportsTLS1PRF() { -+ result := make([]byte, keyLen) -+ if err := boring.TLS1PRF(result, secret, []byte(label), seed, hashFunc); err != nil { -+ panicBoringPRFError(fmt.Errorf("crypto/tls: prf12: %v", err)) -+ } -+ return result -+ } - return tls12.PRF(hashFunc, secret, label, seed, keyLen) - } - } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e3e01077c18b17..30811455e88418 100644 +index e3e01077c18b17..a46d6c034ca1e0 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` @@ -2776,17 +531,17 @@ index e3e01077c18b17..30811455e88418 100644 FIPS, internal/godebug < crypto/fips140; crypto, hash !< FIPS; -@@ -506,7 +508,9 @@ var depsRules = ` +@@ -506,7 +508,8 @@ var depsRules = ` FIPS, internal/godebug, hash, embed, crypto/internal/boring/sig, crypto/internal/boring/syso, -+ encoding/binary, - crypto/internal/boring/bcache +- crypto/internal/boring/bcache ++ crypto/internal/boring/bcache, + crypto/internal/backend/fips140 < crypto/internal/fips140only < crypto < crypto/subtle -@@ -514,6 +518,7 @@ var depsRules = ` +@@ -514,6 +517,7 @@ var depsRules = ` < crypto/internal/fips140hash < crypto/cipher < crypto/internal/boring @@ -2794,15 +549,7 @@ index e3e01077c18b17..30811455e88418 100644 < crypto/boring < crypto/aes, crypto/des, -@@ -527,6 +532,7 @@ var depsRules = ` - crypto/pbkdf2, - crypto/ecdh, - crypto/mlkem -+ < crypto/tls/internal/tls13 - < CRYPTO; - - CGO, fmt, net !< CRYPTO; -@@ -535,6 +541,7 @@ var depsRules = ` +@@ -535,6 +539,7 @@ var depsRules = ` CRYPTO, FMT, math/big < crypto/internal/boring/bbig @@ -2810,183 +557,6 @@ index e3e01077c18b17..30811455e88418 100644 < crypto/rand < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 -@@ -548,7 +555,7 @@ var depsRules = ` - - # TLS, Prince of Dependencies. - -- FIPS, sync/atomic < crypto/tls/internal/fips140tls; -+ FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls; - - crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly; - -diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go -new file mode 100644 -index 00000000000000..52748c44698076 ---- /dev/null -+++ b/src/hash/boring_test.go -@@ -0,0 +1,9 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.systemcrypto -+ -+package hash_test -+ -+const boringEnabled = true -diff --git a/src/hash/example_test.go b/src/hash/example_test.go -index f07b9aaa2c4898..b380537215634d 100644 ---- a/src/hash/example_test.go -+++ b/src/hash/example_test.go -@@ -2,6 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - -+//go:build !goexperiment.systemcrypto -+ - package hash_test - - import ( -diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go -index 3091f7a67acede..23736034d5c352 100644 ---- a/src/hash/marshal_test.go -+++ b/src/hash/marshal_test.go -@@ -21,6 +21,7 @@ import ( - "hash/crc32" - "hash/crc64" - "hash/fnv" -+ "strings" - "testing" - ) - -@@ -65,6 +66,11 @@ func TestMarshalHash(t *testing.T) { - } - - h := tt.new() -+ if boringEnabled { -+ if _, ok := h.(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - h.Write(buf[:256]) - sum := h.Sum(nil) - -@@ -80,6 +86,9 @@ func TestMarshalHash(t *testing.T) { - } - enc, err := h2m.MarshalBinary() - if err != nil { -+ if strings.Contains(err.Error(), "hash state is not marshallable") { -+ t.Skip("BinaryMarshaler not supported") -+ } - t.Fatalf("MarshalBinary: %v", err) - } - if !bytes.Equal(enc, tt.golden) { -diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go -new file mode 100644 -index 00000000000000..11dc691600b110 ---- /dev/null -+++ b/src/hash/notboring_test.go -@@ -0,0 +1,9 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !goexperiment.systemcrypto -+ -+package hash_test -+ -+const boringEnabled = false -diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go -index 389eda9ad54b99..110d60beb0e70c 100644 ---- a/src/net/smtp/smtp_test.go -+++ b/src/net/smtp/smtp_test.go -@@ -1136,40 +1136,60 @@ func sendMail(hostPort string) error { - - // localhostCert is a PEM-encoded TLS cert generated from src/crypto/tls: - // --// go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com \ -+// Use a 2048-bits RSA key to make it FIPS-compliant. -+// go run generate_cert.go --rsa-bits 2048 --host 127.0.0.1,::1,example.com \ - // --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h - var localhostCert = []byte(` - -----BEGIN CERTIFICATE----- --MIICFDCCAX2gAwIBAgIRAK0xjnaPuNDSreeXb+z+0u4wDQYJKoZIhvcNAQELBQAw --EjEQMA4GA1UEChMHQWNtZSBDbzAgFw03MDAxMDEwMDAwMDBaGA8yMDg0MDEyOTE2 --MDAwMFowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw --gYkCgYEA0nFbQQuOWsjbGtejcpWz153OlziZM4bVjJ9jYruNw5n2Ry6uYQAffhqa --JOInCmmcVe2siJglsyH9aRh6vKiobBbIUXXUU1ABd56ebAzlt0LobLlx7pZEMy30 --LqIi9E6zmL3YvdGzpYlkFRnRrqwEtWYbGBf3znO250S56CCWH2UCAwEAAaNoMGYw --DgYDVR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQF --MAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAAAAAAAAAA --AAAAAAEwDQYJKoZIhvcNAQELBQADgYEAbZtDS2dVuBYvb+MnolWnCNqvw1w5Gtgi --NmvQQPOMgM3m+oQSCPRTNGSg25e1Qbo7bgQDv8ZTnq8FgOJ/rbkyERw2JckkHpD4 --n4qcK27WkEDBtQFlPihIM8hLIuzWoi/9wygiElTy/tVL3y7fGCvY2/k1KBthtZGF --tN8URjVmyEo= -+MIIDOTCCAiGgAwIBAgIQKhWw7zkzXjX78HaPlVbNrjANBgkqhkiG9w0BAQsFADAS -+MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw -+MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -+MIIBCgKCAQEAy1EYLA8IFvZyUPY+uI7KToneaQPvIzQiOeWlDnFnoanw6h3KpoVc -++yNbinK41WfXoSN/1kJ9gmGiFhJTPZ4rQ7DJsD7ethcpuz4uIimdWPohcBzwgbx4 -+wjhUgfUsCO6m76fFqrhbkHMDiS2iUjg2gyMVQCrqi8EuBW16yFQdJqPU04p+2rYw -+eJ9lzdeSLR4yvx7p1JS8sS4DbSyrAUaJ9J1sH/gu0nSHNMo7WtIu9K8JmPeYR4X5 -+5KLURBU9PmvoGW+5ss/xS6SnacHAD9FebNPQqGB/soBA9gdJIN+5KW0xcE38Zz5Q -+wAAUiU+VlWuZmge0sI8Ix8uIPIvGQSKN0wIDAQABo4GIMIGFMA4GA1UdDwEB/wQE -+AwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -+DgQWBBRNMP9Cr0yrXpMpsgEtDr8FPmUEazAuBgNVHREEJzAlggtleGFtcGxlLmNv -+bYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAF0/z -+KEnZrAsz4ov4fEvKY42EbKPm8s0pklPLmKVIh/iS7jTxxxvgDtOToiJ6IXY8Cfb3 -+nG1i78YakoVPUL5Cfh5LKDefMoefk6575ur2+gSdzgNmKUnlVfOMfpflia/ugATZ -+5ORhpmKRKWzwXQ67S5XeVlZAehTsywQstsDu8WEVoSUnRSk1jZsCThOQfdlpox+K -+71rGPSTxB9yCHMzZsk4xyZlGLaC0vDSJ+Zb5gWvAcvkSnpREvmc3/9TaW/lbUed6 -+uhO17lARcUhPCzkR5wAZCo/PihHMSXL8cqT4QdIux75OBxB/3EgLHL7KQw28A50g -+DogldK8zx1ZADmupUA== - -----END CERTIFICATE-----`) - - // localhostKey is the private key for localhostCert. - var localhostKey = []byte(testingKey(` - -----BEGIN RSA TESTING KEY----- --MIICXgIBAAKBgQDScVtBC45ayNsa16NylbPXnc6XOJkzhtWMn2Niu43DmfZHLq5h --AB9+Gpok4icKaZxV7ayImCWzIf1pGHq8qKhsFshRddRTUAF3np5sDOW3QuhsuXHu --lkQzLfQuoiL0TrOYvdi90bOliWQVGdGurAS1ZhsYF/fOc7bnRLnoIJYfZQIDAQAB --AoGBAMst7OgpKyFV6c3JwyI/jWqxDySL3caU+RuTTBaodKAUx2ZEmNJIlx9eudLA --kucHvoxsM/eRxlxkhdFxdBcwU6J+zqooTnhu/FE3jhrT1lPrbhfGhyKnUrB0KKMM --VY3IQZyiehpxaeXAwoAou6TbWoTpl9t8ImAqAMY8hlULCUqlAkEA+9+Ry5FSYK/m --542LujIcCaIGoG1/Te6Sxr3hsPagKC2rH20rDLqXwEedSFOpSS0vpzlPAzy/6Rbb --PHTJUhNdwwJBANXkA+TkMdbJI5do9/mn//U0LfrCR9NkcoYohxfKz8JuhgRQxzF2 --6jpo3q7CdTuuRixLWVfeJzcrAyNrVcBq87cCQFkTCtOMNC7fZnCTPUv+9q1tcJyB --vNjJu3yvoEZeIeuzouX9TJE21/33FaeDdsXbRhQEj23cqR38qFHsF1qAYNMCQQDP --QXLEiJoClkR2orAmqjPLVhR3t2oB3INcnEjLNSq8LHyQEfXyaFfu4U9l5+fRPL2i --jiC0k/9L5dHUsF0XZothAkEA23ddgRs+Id/HxtojqqUT27B8MT/IGNrYsp4DvS/c --qgkeluku4GjxRlDMBuXk94xOBEinUs+p/hwP1Alll80Tpg== -+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLURgsDwgW9nJQ -+9j64jspOid5pA+8jNCI55aUOcWehqfDqHcqmhVz7I1uKcrjVZ9ehI3/WQn2CYaIW -+ElM9nitDsMmwPt62Fym7Pi4iKZ1Y+iFwHPCBvHjCOFSB9SwI7qbvp8WquFuQcwOJ -+LaJSODaDIxVAKuqLwS4FbXrIVB0mo9TTin7atjB4n2XN15ItHjK/HunUlLyxLgNt -+LKsBRon0nWwf+C7SdIc0yjta0i70rwmY95hHhfnkotREFT0+a+gZb7myz/FLpKdp -+wcAP0V5s09CoYH+ygED2B0kg37kpbTFwTfxnPlDAABSJT5WVa5maB7SwjwjHy4g8 -+i8ZBIo3TAgMBAAECggEAc7dv/oN/ozIY1iOQhxId6p1lTHfEv1CIulMNoi7BQK2s -+RFM4Z5Y32WfCTgYFVNCJVVkTBStKq85Npio/3i4Libcw03K05wY/5iX5s8/jkiSq -+q1iNOgm+4SuWTXDw4xSRRo1CX2wWERykwoqKfCkqPXDWQ3Mpkukb/FLXMvVMshRA -+9v9L6MyrCnsFHl8q2J6hcC+RQJ0pb5I4NF6KhMxABWxxxlDO0zYLA0wfhEn8nj/l -+J37QLHmsA7pzxo+NqDTPgpfBuuTbRVGMkC+fPCXYinbubBeURFO2j2yBlseK+Vbd -+sEffiAnPr4ocCz0k0tHAMMY7hKHup2HWuJGFu0IhAQKBgQDkKFEEcYWNx5Ybl1LV -+qr2qIYofpFL+Gu5MWSZxzZbE8u9v0tTsp8SRhXkgjeHY6qjBUBnLgklOKwSigQAm -+j9de44cXjnUIArzeAHsH3fzpYrLfsvBla6wQyr34D0chVCZ0cX/s/zXkSN4PcEkA -+GGfKAENrGskDyc4uq1sIactu8wKBgQDkIL/XT7ysvsaxA+SfIs2CHgb8GNKgtoI1 -+QyR0+MfeJGCLwI9qcLbVzXda34qrzQw3YLIm2VHqhzJ4zb0gnyJ4adPZYwpLTgiU -+jVksBVIwBTfbxYvF2+07poCSobCFKLGQnAujhDDIGDAUKQXQmFcqUNWw0QHfQzkS -+xs36H27doQKBgQCjM8+YLRgKbc0LGXhwTHz1GJ6zuZiAGYWB6XddimEhqmDpjVcv -+nWY3bdFSHwuBXYGvHfwFncGP/6eGEl6oNtYpEvoMOKOwQj0VVCStYPZLf4VSDK52 -+7ckcDdpLeao4xffn7VRDk97Z1+G4C2q8fbioPv36vCMz6YPp0DsCzqJtTwKBgCUN -+4LtDW10fu7xC6p6ik4jgAbhu+79ZBbtLBZ/uTOCbPgdVJrZeSoRd1FYxWx/etW5F -+SYqf3/tdLGiM2nxy/LFcVynHOYPTz/b5IpPQ5XGhV1peMv7XYyg+OkIW+0oVuwnH -+HujXbukBbMXJiAVCyV25NYx71ncCP0H6grhu5J4hAoGAUaketZWHD/ks9JCoPtfy -+pNnXqrIvTp1cSGJpVUQT/DUqAjevyZ5Q8PFPf09BZ6uYlXtCqsp7pA/fqNdlJRPR -+tHRjpZ5XauBiFdpRNH4tJBTiWWhyuWhkWn369Az7HP3CIlJLeq2FlKCvMClcO4op -+Qc9LHT7jqtcy+LqAVBpsJ/o= - -----END RSA TESTING KEY-----`)) - - func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } diff --git a/src/runtime/runtime_boring.go b/src/runtime/runtime_boring.go index 5a98b20253181c..9042f2c2795e19 100644 --- a/src/runtime/runtime_boring.go diff --git a/patches/0005-Add-OpenSSL-crypto-backend.patch b/patches/0005-Add-OpenSSL-crypto-backend.patch index b353bd0cfea..7cfe62fcf7a 100644 --- a/patches/0005-Add-OpenSSL-crypto-backend.patch +++ b/patches/0005-Add-OpenSSL-crypto-backend.patch @@ -476,19 +476,19 @@ index 00000000000000..0f3aea733ac2a5 + return openssl.VerifyDSA(pub, hashed, sig) +} diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 30811455e88418..3de94c93629e3d 100644 +index a46d6c034ca1e0..12086de2c2e766 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -509,7 +509,7 @@ var depsRules = ` +@@ -505,7 +505,7 @@ var depsRules = ` + NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; + sync/atomic < crypto/internal/boring/bcache; + +- FIPS, internal/godebug, hash, embed, ++ FIPS, internal/godebug, hash, embed, encoding/binary, crypto/internal/boring/sig, crypto/internal/boring/syso, - encoding/binary, -- crypto/internal/boring/bcache -+ crypto/internal/boring/bcache, - crypto/internal/backend/fips140 - < crypto/internal/fips140only - < crypto -@@ -517,6 +517,8 @@ var depsRules = ` + crypto/internal/boring/bcache, +@@ -516,6 +516,8 @@ var depsRules = ` < crypto/sha3 < crypto/internal/fips140hash < crypto/cipher @@ -497,7 +497,7 @@ index 30811455e88418..3de94c93629e3d 100644 < crypto/internal/boring < crypto/internal/backend < crypto/boring -@@ -540,6 +542,7 @@ var depsRules = ` +@@ -538,6 +540,7 @@ var depsRules = ` # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. CRYPTO, FMT, math/big @@ -505,7 +505,7 @@ index 30811455e88418..3de94c93629e3d 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -844,7 +847,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -842,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -514,7 +514,7 @@ index 30811455e88418..3de94c93629e3d 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -854,7 +857,7 @@ func findImports(pkg string) ([]string, error) { +@@ -852,7 +855,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0007-Use-crypto-backends.patch b/patches/0007-Use-crypto-backends.patch new file mode 100644 index 00000000000..f00c8e992fe --- /dev/null +++ b/patches/0007-Use-crypto-backends.patch @@ -0,0 +1,2443 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: qmuntal +Date: Tue, 14 Jan 2025 11:10:21 +0100 +Subject: [PATCH] Use crypto backends + +--- + src/cmd/api/boring_test.go | 2 +- + src/cmd/go/go_boring_test.go | 2 +- + .../go/testdata/script/gopath_std_vendor.txt | 9 + + src/crypto/aes/aes.go | 2 +- + src/crypto/boring/boring.go | 4 +- + src/crypto/cipher/ctr_aes_test.go | 2 +- + src/crypto/cipher/gcm_test.go | 2 +- + src/crypto/des/cipher.go | 7 + + src/crypto/dsa/boring.go | 113 +++++++++++ + src/crypto/dsa/dsa.go | 88 +++++++++ + src/crypto/dsa/notboring.go | 16 ++ + src/crypto/ecdh/ecdh.go | 2 +- + src/crypto/ecdh/ecdh_test.go | 4 + + src/crypto/ecdh/nist.go | 2 +- + src/crypto/ecdsa/badlinkname.go | 19 ++ + src/crypto/ecdsa/boring.go | 6 +- + src/crypto/ecdsa/ecdsa.go | 4 +- + src/crypto/ecdsa/notboring.go | 4 +- + src/crypto/ed25519/boring.go | 71 +++++++ + src/crypto/ed25519/ed25519.go | 73 +++++++ + src/crypto/ed25519/notboring.go | 16 ++ + src/crypto/hkdf/hkdf.go | 14 ++ + src/crypto/hkdf/hkdf_test.go | 2 +- + src/crypto/hmac/hmac.go | 2 +- + src/crypto/hmac/hmac_test.go | 2 +- + src/crypto/internal/cryptotest/allocations.go | 2 +- + .../internal/cryptotest/implementations.go | 2 +- + src/crypto/md5/md5.go | 10 + + src/crypto/md5/md5_test.go | 21 ++ + src/crypto/pbkdf2/pbkdf2.go | 4 + + src/crypto/pbkdf2/pbkdf2_test.go | 2 +- + src/crypto/purego_test.go | 2 +- + src/crypto/rand/rand.go | 2 +- + src/crypto/rc4/rc4.go | 18 ++ + src/crypto/rsa/boring.go | 6 +- + src/crypto/rsa/boring_test.go | 2 +- + src/crypto/rsa/fips.go | 10 +- + src/crypto/rsa/notboring.go | 4 +- + src/crypto/rsa/pkcs1v15.go | 6 +- + src/crypto/rsa/pkcs1v15_test.go | 5 + + src/crypto/rsa/pss_test.go | 9 +- + src/crypto/rsa/rsa.go | 4 +- + src/crypto/rsa/rsa_test.go | 15 +- + src/crypto/sha1/sha1.go | 8 +- + src/crypto/sha1/sha1_test.go | 19 +- + src/crypto/sha256/sha256.go | 6 +- + src/crypto/sha256/sha256_test.go | 29 +++ + src/crypto/sha512/sha512.go | 2 +- + src/crypto/sha512/sha512_test.go | 29 +++ + src/crypto/tls/cipher_suites.go | 2 +- + src/crypto/tls/fipsonly/fipsonly.go | 2 +- + src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- + src/crypto/tls/handshake_client.go | 12 +- + src/crypto/tls/handshake_client_tls13.go | 16 +- + src/crypto/tls/handshake_server.go | 10 +- + src/crypto/tls/handshake_server_tls13.go | 27 ++- + src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- + src/crypto/tls/internal/tls13/doc.go | 18 ++ + src/crypto/tls/internal/tls13/tls13.go | 182 ++++++++++++++++++ + src/crypto/tls/key_schedule.go | 2 +- + src/crypto/tls/prf.go | 41 ++++ + src/go/build/deps_test.go | 3 +- + src/hash/boring_test.go | 9 + + src/hash/example_test.go | 2 + + src/hash/marshal_test.go | 9 + + src/hash/notboring_test.go | 9 + + src/net/smtp/smtp_test.go | 72 ++++--- + 67 files changed, 1009 insertions(+), 97 deletions(-) + create mode 100644 src/crypto/dsa/boring.go + create mode 100644 src/crypto/dsa/notboring.go + create mode 100644 src/crypto/ecdsa/badlinkname.go + create mode 100644 src/crypto/ed25519/boring.go + create mode 100644 src/crypto/ed25519/notboring.go + create mode 100644 src/crypto/tls/internal/tls13/doc.go + create mode 100644 src/crypto/tls/internal/tls13/tls13.go + create mode 100644 src/hash/boring_test.go + create mode 100644 src/hash/notboring_test.go + +diff --git a/src/cmd/api/boring_test.go b/src/cmd/api/boring_test.go +index f0e3575637c62a..9eab3b4e66e60b 100644 +--- a/src/cmd/api/boring_test.go ++++ b/src/cmd/api/boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package main + +diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go +index ed0fbf3d53d75b..06478963f4be44 100644 +--- a/src/cmd/go/go_boring_test.go ++++ b/src/cmd/go/go_boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package main_test + +diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt +index 4aaf46b5d0f0dc..ec58a217400caa 100644 +--- a/src/cmd/go/testdata/script/gopath_std_vendor.txt ++++ b/src/cmd/go/testdata/script/gopath_std_vendor.txt +@@ -1,5 +1,14 @@ + env GO111MODULE=off + ++# Disable systemcrypto while evaluating test dependencies to avoid importing ++# vendored crypto module dependencies like golang-fips/openssl. This test script ++# is not set up to handle any vendored libraries being imported other than ++# golang.org/x/net/http2/hpack, so we must make sure it is the only one. ++# ++# See https://github.com/microsoft/go/issues/481 for more details, such as the ++# dependency chain that would cause the failure if the gocrypt tag isn't used. ++env GOEXPERIMENT=none ++ + [!compiler:gc] skip + + go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack +diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go +index 5bc2d13d673e0a..b803c77be62a66 100644 +--- a/src/crypto/aes/aes.go ++++ b/src/crypto/aes/aes.go +@@ -15,7 +15,7 @@ package aes + + import ( + "crypto/cipher" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/aes" + "strconv" + ) +diff --git a/src/crypto/boring/boring.go b/src/crypto/boring/boring.go +index 097c37e343fdb8..a5d603896d3890 100644 +--- a/src/crypto/boring/boring.go ++++ b/src/crypto/boring/boring.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Package boring exposes functions that are only available when building with + // Go+BoringCrypto. This package is available on all targets as long as the +@@ -13,7 +13,7 @@ + // is satisfied, so that applications can tag files that use this package. + package boring + +-import "crypto/internal/boring" ++import boring "crypto/internal/backend" + + // Enabled reports whether BoringCrypto handles supported crypto operations. + func Enabled() bool { +diff --git a/src/crypto/cipher/ctr_aes_test.go b/src/crypto/cipher/ctr_aes_test.go +index 33942467784ad3..0282ffa9fa23c8 100644 +--- a/src/crypto/cipher/ctr_aes_test.go ++++ b/src/crypto/cipher/ctr_aes_test.go +@@ -14,7 +14,7 @@ import ( + "bytes" + "crypto/aes" + "crypto/cipher" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + fipsaes "crypto/internal/fips140/aes" + "encoding/hex" +diff --git a/src/crypto/cipher/gcm_test.go b/src/crypto/cipher/gcm_test.go +index ea2b4e29e2b67f..f884b0d0fbefe7 100644 +--- a/src/crypto/cipher/gcm_test.go ++++ b/src/crypto/cipher/gcm_test.go +@@ -8,7 +8,7 @@ import ( + "bytes" + "crypto/aes" + "crypto/cipher" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "crypto/internal/fips140" + fipsaes "crypto/internal/fips140/aes" +diff --git a/src/crypto/des/cipher.go b/src/crypto/des/cipher.go +index 21303b384cf757..0d3c4f810cfd8f 100644 +--- a/src/crypto/des/cipher.go ++++ b/src/crypto/des/cipher.go +@@ -6,6 +6,7 @@ package des + + import ( + "crypto/cipher" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/alias" + "crypto/internal/fips140only" + "errors" +@@ -36,6 +37,9 @@ func NewCipher(key []byte) (cipher.Block, error) { + if len(key) != 8 { + return nil, KeySizeError(len(key)) + } ++ if boring.Enabled && boring.SupportsDESCipher() { ++ return boring.NewDESCipher(key) ++ } + + c := new(desCipher) + c.generateSubkeys(key) +@@ -84,6 +88,9 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { + if len(key) != 24 { + return nil, KeySizeError(len(key)) + } ++ if boring.Enabled && boring.SupportsTripleDESCipher() { ++ return boring.NewTripleDESCipher(key) ++ } + + c := new(tripleDESCipher) + c.cipher1.generateSubkeys(key[:8]) +diff --git a/src/crypto/dsa/boring.go b/src/crypto/dsa/boring.go +new file mode 100644 +index 00000000000000..7ea0c8c423e9ee +--- /dev/null ++++ b/src/crypto/dsa/boring.go +@@ -0,0 +1,113 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.systemcrypto ++ ++package dsa ++ ++import ( ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" ++ "crypto/internal/boring/bcache" ++ "math/big" ++) ++ ++// Cached conversions from Go PublicKey/PrivateKey to BoringCrypto. ++// ++// The first operation on a PublicKey or PrivateKey makes a parallel ++// BoringCrypto key and saves it in pubCache or privCache. ++// ++// We could just assume that once used in a sign/verify/encrypt/decrypt operation, ++// a particular key is never again modified, but that has not been a ++// stated assumption before. Just in case there is any existing code that ++// does modify the key between operations, we save the original values ++// alongside the cached BoringCrypto key and check that the real key ++// still matches before using the cached key. The theory is that the real ++// operations are significantly more expensive than the comparison. ++ ++type boringPub struct { ++ key *boring.PublicKeyDSA ++ orig PublicKey ++} ++ ++var pubCache bcache.Cache[PublicKey, boringPub] ++var privCache bcache.Cache[PrivateKey, boringPriv] ++ ++func init() { ++ pubCache.Register() ++ privCache.Register() ++} ++ ++func boringPublicKey(pub *PublicKey) (*boring.PublicKeyDSA, error) { ++ b := pubCache.Get(pub) ++ if b != nil && publicKeyEqual(&b.orig, pub) { ++ return b.key, nil ++ } ++ ++ b = new(boringPub) ++ b.orig = copyPublicKey(pub) ++ key, err := boring.NewPublicKeyDSA(bbig.Enc(b.orig.P), bbig.Enc(b.orig.Q), bbig.Enc(b.orig.G), bbig.Enc(b.orig.Y)) ++ if err != nil { ++ return nil, err ++ } ++ b.key = key ++ pubCache.Put(pub, b) ++ return key, nil ++} ++ ++type boringPriv struct { ++ key *boring.PrivateKeyDSA ++ orig PrivateKey ++} ++ ++func boringPrivateKey(priv *PrivateKey) (*boring.PrivateKeyDSA, error) { ++ b := privCache.Get(priv) ++ if b != nil && privateKeyEqual(&b.orig, priv) { ++ return b.key, nil ++ } ++ ++ b = new(boringPriv) ++ b.orig = copyPrivateKey(priv) ++ ++ P := b.orig.P ++ Q := b.orig.Q ++ G := b.orig.G ++ X := b.orig.X ++ Y := b.orig.Y ++ ++ key, err := boring.NewPrivateKeyDSA(bbig.Enc(P), bbig.Enc(Q), bbig.Enc(G), bbig.Enc(X), bbig.Enc(Y)) ++ if err != nil { ++ return nil, err ++ } ++ b.key = key ++ privCache.Put(priv, b) ++ return key, nil ++} ++ ++func publicKeyEqual(k1, k2 *PublicKey) bool { ++ return k1.Y != nil && k1.Y.Cmp(k2.Y) == 0 && k1.P.Cmp(k2.P) == 0 && k1.Q.Cmp(k2.Q) == 0 && k1.G.Cmp(k2.G) == 0 ++} ++ ++func copyPublicKey(k *PublicKey) PublicKey { ++ return PublicKey{ ++ Parameters: Parameters{ ++ P: new(big.Int).Set(k.P), ++ Q: new(big.Int).Set(k.Q), ++ G: new(big.Int).Set(k.G), ++ }, ++ Y: new(big.Int).Set(k.Y), ++ } ++} ++ ++func privateKeyEqual(k1, k2 *PrivateKey) bool { ++ return publicKeyEqual(&k1.PublicKey, &k2.PublicKey) && ++ k1.X.Cmp(k2.X) == 0 ++} ++ ++func copyPrivateKey(k *PrivateKey) PrivateKey { ++ return PrivateKey{ ++ PublicKey: copyPublicKey(&k.PublicKey), ++ X: new(big.Int).Set(k.X), ++ } ++} +diff --git a/src/crypto/dsa/dsa.go b/src/crypto/dsa/dsa.go +index 000becc82dfb79..6430bb3ea5e437 100644 +--- a/src/crypto/dsa/dsa.go ++++ b/src/crypto/dsa/dsa.go +@@ -18,8 +18,13 @@ import ( + "io" + "math/big" + ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/fips140only" + "crypto/internal/randutil" ++ ++ "golang.org/x/crypto/cryptobyte" ++ "golang.org/x/crypto/cryptobyte/asn1" + ) + + // Parameters represents the domain parameters for a key. These parameters can +@@ -91,6 +96,17 @@ func GenerateParameters(params *Parameters, rand io.Reader, sizes ParameterSizes + return errors.New("crypto/dsa: invalid ParameterSizes") + } + ++ if boring.Enabled && boring.SupportsDSA(L, N) { ++ p, q, g, err := boring.GenerateParametersDSA(L, N) ++ if err != nil { ++ return err ++ } ++ params.P = bbig.Dec(p) ++ params.Q = bbig.Dec(q) ++ params.G = bbig.Dec(g) ++ return nil ++ } ++ + qBytes := make([]byte, N/8) + pBytes := make([]byte, L/8) + +@@ -170,6 +186,17 @@ func GenerateKey(priv *PrivateKey, rand io.Reader) error { + return errors.New("crypto/dsa: parameters not set up before generating key") + } + ++ if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { ++ x, y, err := boring.GenerateKeyDSA(bbig.Enc(priv.P), bbig.Enc(priv.Q), bbig.Enc(priv.G)) ++ if err != nil { ++ return err ++ } ++ priv.X = bbig.Dec(x) ++ priv.Y = bbig.Dec(y) ++ ++ return nil ++ } ++ + x := new(big.Int) + xBytes := make([]byte, priv.Q.BitLen()/8) + +@@ -225,6 +252,18 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err + err = ErrInvalidPublicKey + return + } ++ ++ if boring.Enabled && boring.SupportsDSA(priv.P.BitLen(), priv.Q.BitLen()) { ++ b, err := boringPrivateKey(priv) ++ if err != nil { ++ return nil, nil, err ++ } ++ ++ r, s, err := boring.SignDSA(b, hash, parseSignature) ++ ++ return bbig.Dec(r), bbig.Dec(s), err ++ } ++ + n >>= 3 + + var attempts int +@@ -288,6 +327,14 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { + panic("crypto/dsa: use of DSA is not allowed in FIPS 140-only mode") + } + ++ if boring.Enabled && boring.SupportsDSA(pub.P.BitLen(), pub.Q.BitLen()) { ++ bkey, err := boringPublicKey(pub) ++ if err != nil { ++ return false ++ } ++ ++ return boring.VerifyDSA(bkey, hash, bbig.Enc(r), bbig.Enc(s), encodeSignature) ++ } + // FIPS 186-3, section 4.7 + + if pub.P.Sign() == 0 { +@@ -324,3 +371,44 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { + + return v.Cmp(r) == 0 + } ++ ++func parseSignature(sig []byte) (boring.BigInt, boring.BigInt, error) { ++ var r, s []byte ++ var inner cryptobyte.String ++ input := cryptobyte.String(sig) ++ if !input.ReadASN1(&inner, asn1.SEQUENCE) || ++ !input.Empty() || ++ !inner.ReadASN1Integer(&r) || ++ !inner.ReadASN1Integer(&s) || ++ !inner.Empty() { ++ return nil, nil, errors.New("invalid ASN.1") ++ } ++ return bbig.Enc(new(big.Int).SetBytes(r)), bbig.Enc(new(big.Int).SetBytes(s)), nil ++} ++ ++func encodeSignature(r, s boring.BigInt) ([]byte, error) { ++ var b cryptobyte.Builder ++ b.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ addASN1IntBytes(b, bbig.Dec(r).Bytes()) ++ addASN1IntBytes(b, bbig.Dec(s).Bytes()) ++ }) ++ return b.Bytes() ++} ++ ++// addASN1IntBytes encodes in ASN.1 a positive integer represented as ++// a big-endian byte slice with zero or more leading zeroes. ++func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) { ++ for len(bytes) > 0 && bytes[0] == 0 { ++ bytes = bytes[1:] ++ } ++ if len(bytes) == 0 { ++ b.SetError(errors.New("invalid integer")) ++ return ++ } ++ b.AddASN1(asn1.INTEGER, func(c *cryptobyte.Builder) { ++ if bytes[0]&0x80 != 0 { ++ c.AddUint8(0) ++ } ++ c.AddBytes(bytes) ++ }) ++} +diff --git a/src/crypto/dsa/notboring.go b/src/crypto/dsa/notboring.go +new file mode 100644 +index 00000000000000..cd02ff5a00c3dc +--- /dev/null ++++ b/src/crypto/dsa/notboring.go +@@ -0,0 +1,16 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !goexperiment.systemcrypto ++ ++package dsa ++ ++import boring "crypto/internal/backend" ++ ++func boringPublicKey(*PublicKey) (*boring.PublicKeyDSA, error) { ++ panic("boringcrypto: not available") ++} ++func boringPrivateKey(*PrivateKey) (*boring.PrivateKeyDSA, error) { ++ panic("boringcrypto: not available") ++} +diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go +index 231f1ea04c1010..cfa113e2345816 100644 +--- a/src/crypto/ecdh/ecdh.go ++++ b/src/crypto/ecdh/ecdh.go +@@ -8,7 +8,7 @@ package ecdh + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/ecdh" + "crypto/subtle" + "errors" +diff --git a/src/crypto/ecdh/ecdh_test.go b/src/crypto/ecdh/ecdh_test.go +index 75d2480775669f..6a4d26fbafe090 100644 +--- a/src/crypto/ecdh/ecdh_test.go ++++ b/src/crypto/ecdh/ecdh_test.go +@@ -9,6 +9,7 @@ import ( + "crypto" + "crypto/cipher" + "crypto/ecdh" ++ boring "crypto/internal/backend" + "crypto/rand" + "crypto/sha256" + "encoding/hex" +@@ -280,6 +281,9 @@ var invalidPrivateKeys = map[ecdh.Curve][]string{ + } + + func TestNewPrivateKey(t *testing.T) { ++ if boring.Enabled { ++ t.Skip("skipping test with different results when using different backends") ++ } + testAllCurves(t, func(t *testing.T, curve ecdh.Curve) { + for _, input := range invalidPrivateKeys[curve] { + k, err := curve.NewPrivateKey(hexDecode(t, input)) +diff --git a/src/crypto/ecdh/nist.go b/src/crypto/ecdh/nist.go +index acef8298943c2b..ca6171cf775117 100644 +--- a/src/crypto/ecdh/nist.go ++++ b/src/crypto/ecdh/nist.go +@@ -6,7 +6,7 @@ package ecdh + + import ( + "bytes" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/ecdh" + "crypto/internal/fips140only" + "errors" +diff --git a/src/crypto/ecdsa/badlinkname.go b/src/crypto/ecdsa/badlinkname.go +new file mode 100644 +index 00000000000000..1dc05d09b2062d +--- /dev/null ++++ b/src/crypto/ecdsa/badlinkname.go +@@ -0,0 +1,19 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.systemcrypto ++ ++package ecdsa ++ ++import _ "unsafe" ++ ++// The symbols below are pulled by some crypto backend in the Microsoft Go compiler. ++// We provide a push linkname here, to keep them accessible with pull linknames. ++ ++//go:linkname encodeSignature ++//go:linkname parseSignature ++ ++// This supplements other linknames that are already added by ++// https://github.com/golang/go/commit/41aab30bd260297ad8ddad47e98fdf8390a9a67e ++// See that commit for more information. +diff --git a/src/crypto/ecdsa/boring.go b/src/crypto/ecdsa/boring.go +index 275c60b4de49eb..ff8bddf28c4545 100644 +--- a/src/crypto/ecdsa/boring.go ++++ b/src/crypto/ecdsa/boring.go +@@ -2,13 +2,13 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package ecdsa + + import ( +- "crypto/internal/boring" +- "crypto/internal/boring/bbig" ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/boring/bcache" + "math/big" + ) +diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go +index cb308b41e9df86..8f73855aa738de 100644 +--- a/src/crypto/ecdsa/ecdsa.go ++++ b/src/crypto/ecdsa/ecdsa.go +@@ -20,8 +20,8 @@ import ( + "crypto" + "crypto/ecdh" + "crypto/elliptic" +- "crypto/internal/boring" +- "crypto/internal/boring/bbig" ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/fips140/ecdsa" + "crypto/internal/fips140hash" + "crypto/internal/fips140only" +diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go +index 039bd82ed21f9f..69a97d9bf250be 100644 +--- a/src/crypto/ecdsa/notboring.go ++++ b/src/crypto/ecdsa/notboring.go +@@ -2,11 +2,11 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto + + package ecdsa + +-import "crypto/internal/boring" ++import boring "crypto/internal/backend" + + func boringPublicKey(*PublicKey) (*boring.PublicKeyECDSA, error) { + panic("boringcrypto: not available") +diff --git a/src/crypto/ed25519/boring.go b/src/crypto/ed25519/boring.go +new file mode 100644 +index 00000000000000..cce33e4d6cc927 +--- /dev/null ++++ b/src/crypto/ed25519/boring.go +@@ -0,0 +1,71 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.systemcrypto ++ ++package ed25519 ++ ++import ( ++ boring "crypto/internal/backend" ++ "crypto/internal/boring/bcache" ++ "unsafe" ++) ++ ++var pubCache bcache.Cache[byte, boringPub] ++var privCache bcache.Cache[byte, boringPriv] ++ ++func init() { ++ if boring.Enabled && boring.SupportsEd25519() { ++ pubCache.Register() ++ privCache.Register() ++ } ++} ++ ++type boringPub struct { ++ key *boring.PublicKeyEd25519 ++ orig [PublicKeySize]byte ++} ++ ++func boringPublicKey(pub PublicKey) (*boring.PublicKeyEd25519, error) { ++ // Use the pointer to the underlying pub array as key. ++ p := unsafe.SliceData(pub) ++ b := pubCache.Get(p) ++ if b != nil && PublicKey(b.orig[:]).Equal(pub) { ++ return b.key, nil ++ } ++ ++ b = new(boringPub) ++ copy(b.orig[:], pub) ++ key, err := boring.NewPublicKeyEd25519(b.orig[:]) ++ if err != nil { ++ return nil, err ++ } ++ b.key = key ++ pubCache.Put(p, b) ++ return key, nil ++} ++ ++type boringPriv struct { ++ key *boring.PrivateKeyEd25519 ++ orig [PrivateKeySize]byte ++} ++ ++func boringPrivateKey(priv PrivateKey) (*boring.PrivateKeyEd25519, error) { ++ // Use the pointer to the underlying priv array as key. ++ p := unsafe.SliceData(priv) ++ b := privCache.Get(p) ++ if b != nil && PrivateKey(b.orig[:]).Equal(priv) { ++ return b.key, nil ++ } ++ ++ b = new(boringPriv) ++ copy(b.orig[:], priv) ++ key, err := boring.NewPrivateKeyEd25519(b.orig[:]) ++ if err != nil { ++ return nil, err ++ } ++ b.key = key ++ privCache.Put(p, b) ++ return key, nil ++} +diff --git a/src/crypto/ed25519/ed25519.go b/src/crypto/ed25519/ed25519.go +index c1f8ff784e4a5c..6476bfbe896d6c 100644 +--- a/src/crypto/ed25519/ed25519.go ++++ b/src/crypto/ed25519/ed25519.go +@@ -17,6 +17,7 @@ package ed25519 + + import ( + "crypto" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/ed25519" + "crypto/internal/fips140only" + cryptorand "crypto/rand" +@@ -24,6 +25,7 @@ import ( + "errors" + "io" + "strconv" ++ "sync" + ) + + const ( +@@ -138,6 +140,22 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { + if rand == nil { + rand = cryptorand.Reader + } ++ if boring.Enabled && boring.SupportsEd25519() { ++ if rand == boring.RandReader { ++ priv, err := boring.GenerateKeyEd25519() ++ if err != nil { ++ return nil, nil, err ++ } ++ privData, err := priv.Bytes() ++ if err != nil { ++ return nil, nil, err ++ } ++ privKey := PrivateKey(privData) ++ pubKey := privKey.Public().(PublicKey) ++ return pubKey, privKey, err ++ } ++ boring.UnreachableExceptTests() ++ } + + seed := make([]byte, SeedSize) + if _, err := io.ReadFull(rand, seed); err != nil { +@@ -154,6 +172,17 @@ func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) { + // with RFC 8032. RFC 8032's private keys correspond to seeds in this + // package. + func NewKeyFromSeed(seed []byte) PrivateKey { ++ if boring.Enabled && boring.SupportsEd25519() { ++ key, err := boring.NewPrivateKeyEd25519FromSeed(seed) ++ if err != nil { ++ panic(err) ++ } ++ d, err := key.Bytes() ++ if err != nil { ++ panic(err) ++ } ++ return PrivateKey(d) ++ } + // Outline the function body so that the returned key can be stack-allocated. + privateKey := make([]byte, PrivateKeySize) + newKeyFromSeed(privateKey, seed) +@@ -172,6 +201,17 @@ func newKeyFromSeed(privateKey, seed []byte) { + // Sign signs the message with privateKey and returns a signature. It will + // panic if len(privateKey) is not [PrivateKeySize]. + func Sign(privateKey PrivateKey, message []byte) []byte { ++ if boring.Enabled && boring.SupportsEd25519() { ++ priv, err := boringPrivateKey(privateKey) ++ if err != nil { ++ panic(err) ++ } ++ signature, err := boring.SignEd25519(priv, message) ++ if err != nil { ++ panic(err) ++ } ++ return signature ++ } + // Outline the function body so that the returned signature can be + // stack-allocated. + signature := make([]byte, SignatureSize) +@@ -200,6 +240,32 @@ func Verify(publicKey PublicKey, message, sig []byte) bool { + return VerifyWithOptions(publicKey, message, sig, &Options{Hash: crypto.Hash(0)}) == nil + } + ++// testMalleability returns true if the crypto backend correctly rejects ++// malleable signatures. The only known backend that fails to do so is ++// OpenSSL version 1.1.1a or lower. ++// See https://github.com/openssl/openssl/issues/7693. ++var testMalleability = sync.OnceValue(func() bool { ++ msg := []byte{0x54, 0x65, 0x73, 0x74} ++ sig := []byte{ ++ 0x7c, 0x38, 0xe0, 0x26, 0xf2, 0x9e, 0x14, 0xaa, 0xbd, 0x05, 0x9a, ++ 0x0f, 0x2d, 0xb8, 0xb0, 0xcd, 0x78, 0x30, 0x40, 0x60, 0x9a, 0x8b, ++ 0xe6, 0x84, 0xdb, 0x12, 0xf8, 0x2a, 0x27, 0x77, 0x4a, 0xb0, 0x67, ++ 0x65, 0x4b, 0xce, 0x38, 0x32, 0xc2, 0xd7, 0x6f, 0x8f, 0x6f, 0x5d, ++ 0xaf, 0xc0, 0x8d, 0x93, 0x39, 0xd4, 0xee, 0xf6, 0x76, 0x57, 0x33, ++ 0x36, 0xa5, 0xc5, 0x1e, 0xb6, 0xf9, 0x46, 0xb3, 0x1d, ++ } ++ pkey := []byte{ ++ 0x7d, 0x4d, 0x0e, 0x7f, 0x61, 0x53, 0xa6, 0x9b, 0x62, 0x42, 0xb5, ++ 0x22, 0xab, 0xbe, 0xe6, 0x85, 0xfd, 0xa4, 0x42, 0x0f, 0x88, 0x34, ++ 0xb1, 0x08, 0xc3, 0xbd, 0xae, 0x36, 0x9e, 0xf5, 0x49, 0xfa, ++ } ++ pub, err := boring.NewPublicKeyEd25519(pkey) ++ if err != nil { ++ return false ++ } ++ return boring.VerifyEd25519(pub, msg, sig) != nil ++}) ++ + // VerifyWithOptions reports whether sig is a valid signature of message by + // publicKey. A valid signature is indicated by returning a nil error. It will + // panic if len(publicKey) is not [PublicKeySize]. +@@ -228,6 +294,13 @@ func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) + } + return ed25519.VerifyCtx(k, message, sig, opts.Context) + case opts.Hash == crypto.Hash(0): // Ed25519 ++ if boring.Enabled && boring.SupportsEd25519() && testMalleability() { ++ pub, err := boringPublicKey(publicKey) ++ if err != nil { ++ return err ++ } ++ return boring.VerifyEd25519(pub, message, sig) ++ } + return ed25519.Verify(k, message, sig) + default: + return errors.New("ed25519: expected opts.Hash zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)") +diff --git a/src/crypto/ed25519/notboring.go b/src/crypto/ed25519/notboring.go +new file mode 100644 +index 00000000000000..b0cdd44d81c753 +--- /dev/null ++++ b/src/crypto/ed25519/notboring.go +@@ -0,0 +1,16 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !goexperiment.systemcrypto ++ ++package ed25519 ++ ++import boring "crypto/internal/backend" ++ ++func boringPublicKey(PublicKey) (*boring.PublicKeyEd25519, error) { ++ panic("boringcrypto: not available") ++} ++func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) { ++ panic("boringcrypto: not available") ++} +diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go +index 6b02522866d57f..37e67ec184af5d 100644 +--- a/src/crypto/hkdf/hkdf.go ++++ b/src/crypto/hkdf/hkdf.go +@@ -11,6 +11,7 @@ + package hkdf + + import ( ++ boring "crypto/internal/backend" + "crypto/internal/fips140/hkdf" + "crypto/internal/fips140hash" + "crypto/internal/fips140only" +@@ -29,6 +30,9 @@ func Extract[H hash.Hash](h func() H, secret, salt []byte) ([]byte, error) { + if err := checkFIPS140Only(fh, secret); err != nil { + return nil, err + } ++ if boring.Enabled && boring.SupportsHKDF() { ++ return boring.ExtractHKDF(fh, secret, salt) ++ } + return hkdf.Extract(fh, secret, salt), nil + } + +@@ -50,6 +54,9 @@ func Expand[H hash.Hash](h func() H, pseudorandomKey []byte, info string, keyLen + return nil, errors.New("hkdf: requested key length too large") + } + ++ if boring.Enabled && boring.SupportsHKDF() { ++ return boring.ExpandHKDF(fh, pseudorandomKey, []byte(info), keyLength) ++ } + return hkdf.Expand(fh, pseudorandomKey, info, keyLength), nil + } + +@@ -67,6 +74,13 @@ func Key[Hash hash.Hash](h func() Hash, secret, salt []byte, info string, keyLen + return nil, errors.New("hkdf: requested key length too large") + } + ++ if boring.Enabled && boring.SupportsHKDF() { ++ pseudorandomKey, err := boring.ExtractHKDF(fh, secret, salt) ++ if err != nil { ++ return nil, err ++ } ++ return boring.ExpandHKDF(fh, pseudorandomKey, []byte(info), keyLength) ++ } + return hkdf.Key(fh, secret, salt, info, keyLength), nil + } + +diff --git a/src/crypto/hkdf/hkdf_test.go b/src/crypto/hkdf/hkdf_test.go +index 201b440289bb2d..4ed4960ff35b66 100644 +--- a/src/crypto/hkdf/hkdf_test.go ++++ b/src/crypto/hkdf/hkdf_test.go +@@ -6,7 +6,7 @@ package hkdf + + import ( + "bytes" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/md5" + "crypto/sha1" +diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go +index 554c8c9b78940b..c68a394280cc2c 100644 +--- a/src/crypto/hmac/hmac.go ++++ b/src/crypto/hmac/hmac.go +@@ -22,7 +22,7 @@ timing side-channels: + package hmac + + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/hmac" + "crypto/internal/fips140hash" + "crypto/internal/fips140only" +diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go +index 7accad763244a1..dd3211f2c37af3 100644 +--- a/src/crypto/hmac/hmac_test.go ++++ b/src/crypto/hmac/hmac_test.go +@@ -5,7 +5,7 @@ + package hmac + + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "crypto/md5" + "crypto/sha1" +diff --git a/src/crypto/internal/cryptotest/allocations.go b/src/crypto/internal/cryptotest/allocations.go +index 70055af70b42ec..3c4b4fbaa98ded 100644 +--- a/src/crypto/internal/cryptotest/allocations.go ++++ b/src/crypto/internal/cryptotest/allocations.go +@@ -5,7 +5,7 @@ + package cryptotest + + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "internal/asan" + "internal/msan" + "internal/race" +diff --git a/src/crypto/internal/cryptotest/implementations.go b/src/crypto/internal/cryptotest/implementations.go +index 3fa730459050f6..1f28f12a6e7b4f 100644 +--- a/src/crypto/internal/cryptotest/implementations.go ++++ b/src/crypto/internal/cryptotest/implementations.go +@@ -5,7 +5,7 @@ + package cryptotest + + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/impl" + "internal/goos" + "internal/testenv" +diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go +index a0384e175f31bd..f7aa6da36f02de 100644 +--- a/src/crypto/md5/md5.go ++++ b/src/crypto/md5/md5.go +@@ -12,6 +12,7 @@ package md5 + + import ( + "crypto" ++ boring "crypto/internal/backend" + "crypto/internal/fips140only" + "errors" + "hash" +@@ -104,6 +105,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. + func New() hash.Hash { ++ if boring.Enabled && boring.SupportsHash(crypto.MD5) { ++ return boring.NewMD5() ++ } + d := new(digest) + d.Reset() + return d +@@ -188,6 +192,12 @@ func (d *digest) checkSum() [Size]byte { + + // Sum returns the MD5 checksum of the data. + func Sum(data []byte) [Size]byte { ++ if boring.Enabled && boring.SupportsHash(crypto.MD5) { ++ if fips140only.Enabled { ++ panic("crypto/md5: use of MD5 is not allowed in FIPS 140-only mode") ++ } ++ return boring.MD5(data) ++ } + var d digest + d.Reset() + d.Write(data) +diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go +index 437d9b9d4c0e0d..ee28c55f846e81 100644 +--- a/src/crypto/md5/md5_test.go ++++ b/src/crypto/md5/md5_test.go +@@ -6,12 +6,14 @@ package md5 + + import ( + "bytes" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "crypto/rand" + "encoding" + "fmt" + "hash" + "io" ++ "strings" + "testing" + "unsafe" + ) +@@ -88,6 +90,11 @@ func TestGolden(t *testing.T) { + } + + func TestGoldenMarshal(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for _, g := range golden { + h := New() + h2 := New() +@@ -96,6 +103,9 @@ func TestGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + continue + } +@@ -157,6 +167,9 @@ func TestLarge(t *testing.T) { + + // Tests that blockGeneric (pure Go) and block (in assembly for amd64, 386, arm) match. + func TestBlockGeneric(t *testing.T) { ++ if boring.Enabled { ++ t.Skip("digest is not used when boring.Enabled is set") ++ } + gen, asm := New().(*digest), New().(*digest) + buf := make([]byte, BlockSize*20) // arbitrary factor + rand.Read(buf) +@@ -204,10 +217,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { ++ t.Skip("BinaryUnmarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } +diff --git a/src/crypto/pbkdf2/pbkdf2.go b/src/crypto/pbkdf2/pbkdf2.go +index 271d2b03312ef0..ff76299fbe4782 100644 +--- a/src/crypto/pbkdf2/pbkdf2.go ++++ b/src/crypto/pbkdf2/pbkdf2.go +@@ -11,6 +11,7 @@ + package pbkdf2 + + import ( ++ boring "crypto/internal/backend" + "crypto/internal/fips140/pbkdf2" + "crypto/internal/fips140hash" + "crypto/internal/fips140only" +@@ -47,5 +48,8 @@ func Key[Hash hash.Hash](h func() Hash, password string, salt []byte, iter, keyL + return nil, errors.New("crypto/pbkdf2: use of hash functions other than SHA-2 or SHA-3 is not allowed in FIPS 140-only mode") + } + } ++ if boring.Enabled && boring.SupportsPBKDF2() { ++ return boring.PBKDF2([]byte(password), salt, iter, keyLength, fh) ++ } + return pbkdf2.Key(fh, password, salt, iter, keyLength) + } +diff --git a/src/crypto/pbkdf2/pbkdf2_test.go b/src/crypto/pbkdf2/pbkdf2_test.go +index 03980c7e54d3be..4968a666fad4e5 100644 +--- a/src/crypto/pbkdf2/pbkdf2_test.go ++++ b/src/crypto/pbkdf2/pbkdf2_test.go +@@ -6,7 +6,7 @@ package pbkdf2_test + + import ( + "bytes" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/pbkdf2" + "crypto/sha1" +diff --git a/src/crypto/purego_test.go b/src/crypto/purego_test.go +index 62be347e0c6822..d284b5cf7814a6 100644 +--- a/src/crypto/purego_test.go ++++ b/src/crypto/purego_test.go +@@ -41,7 +41,7 @@ func TestPureGoTag(t *testing.T) { + } + + for _, pkgName := range pkgs { +- if strings.Contains(pkgName, "/boring") { ++ if strings.Contains(pkgName, "/boring") || strings.Contains(pkgName, "/internal/backend") || strings.Contains(pkgName, "tls/fipsonly") { + continue + } + +diff --git a/src/crypto/rand/rand.go b/src/crypto/rand/rand.go +index 1ca16caa9563e6..3ef22b5ff8222b 100644 +--- a/src/crypto/rand/rand.go ++++ b/src/crypto/rand/rand.go +@@ -7,7 +7,7 @@ + package rand + + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/internal/fips140/drbg" + "crypto/internal/sysrand" +diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go +index 90943a0935befb..09ebdfd733e5d6 100644 +--- a/src/crypto/rc4/rc4.go ++++ b/src/crypto/rc4/rc4.go +@@ -10,6 +10,7 @@ + package rc4 + + import ( ++ boring "crypto/internal/backend" + "crypto/internal/fips140/alias" + "crypto/internal/fips140only" + "errors" +@@ -20,6 +21,8 @@ import ( + type Cipher struct { + s [256]uint32 + i, j uint8 ++ ++ boring *boring.RC4Cipher + } + + type KeySizeError int +@@ -38,6 +41,13 @@ func NewCipher(key []byte) (*Cipher, error) { + if k < 1 || k > 256 { + return nil, KeySizeError(k) + } ++ if boring.Enabled && boring.SupportsRC4() { ++ c, err := boring.NewRC4Cipher(key) ++ if err != nil { ++ return nil, err ++ } ++ return &Cipher{boring: c}, nil ++ } + var c Cipher + for i := 0; i < 256; i++ { + c.s[i] = uint32(i) +@@ -55,6 +65,10 @@ func NewCipher(key []byte) (*Cipher, error) { + // Deprecated: Reset can't guarantee that the key will be entirely removed from + // the process's memory. + func (c *Cipher) Reset() { ++ if boring.Enabled && boring.SupportsRC4() { ++ c.boring.Reset() ++ return ++ } + for i := range c.s { + c.s[i] = 0 + } +@@ -64,6 +78,10 @@ func (c *Cipher) Reset() { + // XORKeyStream sets dst to the result of XORing src with the key stream. + // Dst and src must overlap entirely or not at all. + func (c *Cipher) XORKeyStream(dst, src []byte) { ++ if boring.Enabled && boring.SupportsRC4() { ++ c.boring.XORKeyStream(dst, src) ++ return ++ } + if len(src) == 0 { + return + } +diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go +index b9f9d3154f2589..d52faddef45549 100644 +--- a/src/crypto/rsa/boring.go ++++ b/src/crypto/rsa/boring.go +@@ -2,13 +2,13 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package rsa + + import ( +- "crypto/internal/boring" +- "crypto/internal/boring/bbig" ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/boring/bcache" + "math/big" + ) +diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go +index 838fcc1244bdbe..d89f732345e8a3 100644 +--- a/src/crypto/rsa/boring_test.go ++++ b/src/crypto/rsa/boring_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Note: Can run these tests against the non-BoringCrypto + // version of the code by using "CGO_ENABLED=0 go test". +diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go +index 8373c125ae3096..cee523891d5897 100644 +--- a/src/crypto/rsa/fips.go ++++ b/src/crypto/rsa/fips.go +@@ -6,7 +6,7 @@ package rsa + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140hash" + "crypto/internal/fips140only" +@@ -70,7 +70,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte, + hash = opts.Hash + } + +- if boring.Enabled && rand == boring.RandReader { ++ if boring.Enabled && rand == boring.RandReader && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsHash(hash) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -133,7 +133,7 @@ func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts + return err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsRSASaltLength(opts.saltLength()) && boring.SupportsHash(hash) { + bkey, err := boringPublicKey(pub) + if err != nil { + return err +@@ -250,7 +250,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l + return nil, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { + k := priv.Size() + if len(ciphertext) > k || + k < hash.Size()*2+2 { +@@ -312,7 +312,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [ + return nil, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go +index 2abc0436405f8a..3e4d6f3eef61e6 100644 +--- a/src/crypto/rsa/notboring.go ++++ b/src/crypto/rsa/notboring.go +@@ -2,11 +2,11 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build !boringcrypto ++//go:build !goexperiment.systemcrypto + + package rsa + +-import "crypto/internal/boring" ++import boring "crypto/internal/backend" + + func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) { + panic("boringcrypto: not available") +diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go +index f1e4ef48a4fd1c..a179a4388e3ee5 100644 +--- a/src/crypto/rsa/pkcs1v15.go ++++ b/src/crypto/rsa/pkcs1v15.go +@@ -5,7 +5,7 @@ + package rsa + + import ( +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140only" + "crypto/internal/randutil" +@@ -104,7 +104,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b + return nil, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { + bkey, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -203,7 +203,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte, + return 0, nil, 0, err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { + var bkey *boring.PrivateKeyRSA + bkey, err = boringPrivateKey(priv) + if err != nil { +diff --git a/src/crypto/rsa/pkcs1v15_test.go b/src/crypto/rsa/pkcs1v15_test.go +index c65552cd93526a..910416abe842f5 100644 +--- a/src/crypto/rsa/pkcs1v15_test.go ++++ b/src/crypto/rsa/pkcs1v15_test.go +@@ -7,6 +7,7 @@ package rsa_test + import ( + "bytes" + "crypto" ++ boring "crypto/internal/backend" + "crypto/rand" + . "crypto/rsa" + "crypto/sha1" +@@ -235,6 +236,10 @@ func TestVerifyPKCS1v15(t *testing.T) { + } + + func TestOverlongMessagePKCS1v15(t *testing.T) { ++ if boring.Enabled { ++ // See for example https://github.com/golang-fips/openssl/pull/142. ++ t.Skip("Some backends do not return an error for overlong messages.") ++ } + t.Setenv("GODEBUG", "rsa1024min=0") + ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") + _, err := DecryptPKCS1v15(nil, test512Key, ciphertext) +diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go +index e03f4ab06603c6..f31d492d53cf96 100644 +--- a/src/crypto/rsa/pss_test.go ++++ b/src/crypto/rsa/pss_test.go +@@ -8,6 +8,7 @@ import ( + "bufio" + "compress/bzip2" + "crypto" ++ boring "crypto/internal/backend" + "crypto/internal/fips140" + "crypto/rand" + . "crypto/rsa" +@@ -180,6 +181,10 @@ func TestPSSSigning(t *testing.T) { + continue + } + ++ if boring.Enabled && test.good != test.fipsGood { ++ t.Skip("skipping test with different results when using different backends") ++ } ++ + opts.SaltLength = test.verifySaltLength + err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) + good := test.good +@@ -241,7 +246,9 @@ func fromHex(hexStr string) []byte { + + func TestInvalidPSSSaltLength(t *testing.T) { + t.Setenv("GODEBUG", "rsa1024min=0") +- key, err := GenerateKey(rand.Reader, 245) ++ // Most crypto backends don't support generating RSA keys with a bit size ++ // lower than 512, so we use 512 here. ++ key, err := GenerateKey(rand.Reader, 512) + if err != nil { + t.Fatal(err) + } +diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go +index 95bb4becd2ff8c..73991434dabaf1 100644 +--- a/src/crypto/rsa/rsa.go ++++ b/src/crypto/rsa/rsa.go +@@ -42,8 +42,8 @@ package rsa + + import ( + "crypto" +- "crypto/internal/boring" +- "crypto/internal/boring/bbig" ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "crypto/internal/fips140/bigmod" + "crypto/internal/fips140/rsa" + "crypto/internal/fips140only" +diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go +index 73b0c3749eedb2..1a712a0e1c5d95 100644 +--- a/src/crypto/rsa/rsa_test.go ++++ b/src/crypto/rsa/rsa_test.go +@@ -8,7 +8,7 @@ import ( + "bufio" + "bytes" + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "crypto/rand" + . "crypto/rsa" +@@ -146,6 +146,11 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { + if priv.D.Cmp(priv.N) > 0 { + t.Errorf("private exponent too large") + } ++ if boring.Enabled && priv.N.BitLen() < 512 { ++ // Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes ++ // lower than 512 and intentionally fail rather than fall back to Go crypto. ++ t.Skip("skipping allocations test with BoringCrypto") ++ } + + msg := []byte("hi!") + enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) +@@ -226,6 +231,11 @@ func testEverything(t *testing.T, priv *PrivateKey) { + if err := priv.Validate(); err != nil { + t.Errorf("Validate() failed: %s", err) + } ++ if boring.Enabled && priv.N.BitLen() < 512 { ++ // Some crypto backends (e.g. CNG and OpenSSL with SymCrypt) don't support key sizes ++ // lower than 512 and intentionally fail rather than fall back to Go crypto. ++ t.Skip("skipping allocations test with BoringCrypto") ++ } + + msg := []byte("test") + enc, err := EncryptPKCS1v15(rand.Reader, &priv.PublicKey, msg) +@@ -853,6 +863,9 @@ func TestDecryptOAEP(t *testing.T) { + } + + func Test2DecryptOAEP(t *testing.T) { ++ if boring.Enabled { ++ t.Skip("Some crypto backends don't supports OAEPOptions.MGFHash.") ++ } + random := rand.Reader + + msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} +diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go +index d2ffaac0aeb674..23d8ad44d0bd9a 100644 +--- a/src/crypto/sha1/sha1.go ++++ b/src/crypto/sha1/sha1.go +@@ -10,7 +10,7 @@ package sha1 + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140only" + "errors" + "hash" +@@ -266,12 +266,12 @@ func (d *digest) constSum() [Size]byte { + + // Sum returns the SHA-1 checksum of the data. + func Sum(data []byte) [Size]byte { +- if boring.Enabled { +- return boring.SHA1(data) +- } + if fips140only.Enabled { + panic("crypto/sha1: use of SHA-1 is not allowed in FIPS 140-only mode") + } ++ if boring.Enabled { ++ return boring.SHA1(data) ++ } + var d digest + d.Reset() + d.Write(data) +diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go +index 9d707b7cde5c2d..8da08b3d860a85 100644 +--- a/src/crypto/sha1/sha1_test.go ++++ b/src/crypto/sha1/sha1_test.go +@@ -8,13 +8,14 @@ package sha1 + + import ( + "bytes" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "crypto/rand" + "encoding" + "fmt" + "hash" + "io" ++ "strings" + "testing" + ) + +@@ -97,6 +98,11 @@ func TestGolden(t *testing.T) { + } + + func TestGoldenMarshal(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + h := New() + h2 := New() + for _, g := range golden { +@@ -107,6 +113,9 @@ func TestGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + continue + } +@@ -210,10 +219,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } +diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go +index 069938a22dbc5a..8d0e06b86f4359 100644 +--- a/src/crypto/sha256/sha256.go ++++ b/src/crypto/sha256/sha256.go +@@ -8,7 +8,7 @@ package sha256 + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/sha256" + "hash" + ) +@@ -43,7 +43,7 @@ func New() hash.Hash { + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. + func New224() hash.Hash { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(crypto.SHA224) { + return boring.NewSHA224() + } + return sha256.New224() +@@ -63,7 +63,7 @@ func Sum256(data []byte) [Size]byte { + + // Sum224 returns the SHA224 checksum of the data. + func Sum224(data []byte) [Size224]byte { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsHash(crypto.SHA224) { + return boring.SHA224(data) + } + h := New224() +diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go +index e1af9640e25547..c4f142c1430285 100644 +--- a/src/crypto/sha256/sha256_test.go ++++ b/src/crypto/sha256/sha256_test.go +@@ -8,11 +8,13 @@ package sha256 + + import ( + "bytes" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "encoding" + "fmt" + "hash" + "io" ++ "strings" + "testing" + ) + +@@ -155,6 +157,11 @@ func testGoldenMarshal(t *testing.T) { + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + for _, g := range tt.gold { + h := tt.newHash() + h2 := tt.newHash() +@@ -163,6 +170,9 @@ func testGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + continue + } +@@ -204,8 +214,19 @@ func TestMarshalTypeMismatch(t *testing.T) { + h1 := New() + h2 := New224() + ++ if boring.Enabled { ++ _, ok1 := h1.(encoding.BinaryMarshaler) ++ _, ok2 := h2.(encoding.BinaryUnmarshaler) ++ if !ok1 || !ok2 { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } ++ + state1, err := h1.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + } + +@@ -275,10 +296,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + return h.Sum(nil), nil + } + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { ++ t.Skip("BinaryUnmarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } +diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go +index 1435eac1f5b5dc..17e8501154762a 100644 +--- a/src/crypto/sha512/sha512.go ++++ b/src/crypto/sha512/sha512.go +@@ -12,7 +12,7 @@ package sha512 + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/sha512" + "hash" + ) +diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go +index 1fe9d132bb186d..97b7da8c2d3d88 100644 +--- a/src/crypto/sha512/sha512_test.go ++++ b/src/crypto/sha512/sha512_test.go +@@ -8,12 +8,14 @@ package sha512 + + import ( + "bytes" ++ boring "crypto/internal/backend" + "crypto/internal/cryptotest" + "encoding" + "encoding/hex" + "fmt" + "hash" + "io" ++ "strings" + "testing" + ) + +@@ -744,6 +746,11 @@ func testGoldenMarshal(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + for _, test := range tt.golden { ++ if boring.Enabled { ++ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + h := tt.newHash() + h2 := tt.newHash() + +@@ -751,6 +758,9 @@ func testGoldenMarshal(t *testing.T) { + + state, err := h.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("could not marshal: %v", err) + return + } +@@ -805,8 +815,19 @@ func TestMarshalMismatch(t *testing.T) { + h1 := fn1() + h2 := fn2() + ++ if boring.Enabled { ++ _, ok1 := h1.(encoding.BinaryMarshaler) ++ _, ok2 := h2.(encoding.BinaryUnmarshaler) ++ if !ok1 || !ok2 { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } ++ + state, err := h1.(encoding.BinaryMarshaler).MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("i=%d: could not marshal: %v", i, err) + continue + } +@@ -880,10 +901,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { + } + + func TestLargeHashes(t *testing.T) { ++ if boring.Enabled { ++ if _, ok := New().(encoding.BinaryUnmarshaler); !ok { ++ t.Skip("BinaryUnmarshaler not implemented") ++ } ++ } + for i, test := range largeUnmarshalTests { + + h := New() + if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Errorf("test %d could not unmarshal: %v", i, err) + continue + } +diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go +index 01d65688284f97..d8a26c24024348 100644 +--- a/src/crypto/tls/cipher_suites.go ++++ b/src/crypto/tls/cipher_suites.go +@@ -10,7 +10,7 @@ import ( + "crypto/cipher" + "crypto/des" + "crypto/hmac" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + fipsaes "crypto/internal/fips140/aes" + "crypto/internal/fips140/aes/gcm" + "crypto/rc4" +diff --git a/src/crypto/tls/fipsonly/fipsonly.go b/src/crypto/tls/fipsonly/fipsonly.go +index e702f44e986746..e506a0d8841237 100644 +--- a/src/crypto/tls/fipsonly/fipsonly.go ++++ b/src/crypto/tls/fipsonly/fipsonly.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + // Package fipsonly restricts all TLS configuration to FIPS-approved settings. + // +diff --git a/src/crypto/tls/fipsonly/fipsonly_test.go b/src/crypto/tls/fipsonly/fipsonly_test.go +index 027bc22c33c921..eba08da985f832 100644 +--- a/src/crypto/tls/fipsonly/fipsonly_test.go ++++ b/src/crypto/tls/fipsonly/fipsonly_test.go +@@ -2,7 +2,7 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + +-//go:build boringcrypto ++//go:build goexperiment.systemcrypto + + package fipsonly + +diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go +index 38bd417a0dca72..8c1ae3c7ec5485 100644 +--- a/src/crypto/tls/handshake_client.go ++++ b/src/crypto/tls/handshake_client.go +@@ -11,11 +11,11 @@ import ( + "crypto/ecdsa" + "crypto/ed25519" + "crypto/internal/fips140/mlkem" +- "crypto/internal/fips140/tls13" + "crypto/internal/hpke" + "crypto/rsa" + "crypto/subtle" + "crypto/tls/internal/fips140tls" ++ "crypto/tls/internal/tls13" + "crypto/x509" + "errors" + "fmt" +@@ -549,7 +549,15 @@ func (c *Conn) pickTLSVersion(serverHello *serverHelloMsg) error { + + // Does the handshake, either a full one or resumes old session. Requires hs.c, + // hs.hello, hs.serverHello, and, optionally, hs.session to be set. +-func (hs *clientHandshakeState) handshake() error { ++func (hs *clientHandshakeState) handshake() (err error) { ++ defer func() { ++ if err == nil { ++ err = recoverFromBoringPRFError() ++ if err != nil { ++ hs.c.sendAlert(alertInternalError) ++ } ++ } ++ }() + c := hs.c + + isResume, err := hs.processServerHello() +diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go +index c0396e75796add..2c00e119cb66e4 100644 +--- a/src/crypto/tls/handshake_client_tls13.go ++++ b/src/crypto/tls/handshake_client_tls13.go +@@ -8,12 +8,12 @@ import ( + "bytes" + "context" + "crypto" ++ "crypto/hkdf" + "crypto/hmac" +- "crypto/internal/fips140/hkdf" + "crypto/internal/fips140/mlkem" +- "crypto/internal/fips140/tls13" + "crypto/rsa" + "crypto/subtle" ++ "crypto/tls/internal/tls13" + "errors" + "hash" + "slices" +@@ -90,8 +90,12 @@ func (hs *clientHandshakeStateTLS13) handshake() error { + confTranscript.Write(hs.serverHello.original[:30]) + confTranscript.Write(make([]byte, 8)) + confTranscript.Write(hs.serverHello.original[38:]) ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil) ++ if err != nil { ++ return err ++ } + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil), ++ secret, + "ech accept confirmation", + confTranscript.Sum(nil), + 8, +@@ -264,8 +268,12 @@ func (hs *clientHandshakeStateTLS13) processHelloRetryRequest() error { + copy(hrrHello, hs.serverHello.original) + hrrHello = bytes.Replace(hrrHello, hs.serverHello.encryptedClientHello, make([]byte, 8), 1) + confTranscript.Write(hrrHello) ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil) ++ if err != nil { ++ return err ++ } + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.echContext.innerHello.random, nil), ++ secret, + "hrr ech accept confirmation", + confTranscript.Sum(nil), + 8, +diff --git a/src/crypto/tls/handshake_server.go b/src/crypto/tls/handshake_server.go +index 7c75977ad3ffb2..b9db95ca7b9d5a 100644 +--- a/src/crypto/tls/handshake_server.go ++++ b/src/crypto/tls/handshake_server.go +@@ -64,7 +64,15 @@ func (c *Conn) serverHandshake(ctx context.Context) error { + return hs.handshake() + } + +-func (hs *serverHandshakeState) handshake() error { ++func (hs *serverHandshakeState) handshake() (err error) { ++ defer func() { ++ if err == nil { ++ err = recoverFromBoringPRFError() ++ if err != nil { ++ hs.c.sendAlert(alertInternalError) ++ } ++ } ++ }() + c := hs.c + + if err := hs.processClientHello(); err != nil { +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index 76fff6974e7403..3ef8b56e5c7898 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -8,13 +8,14 @@ import ( + "bytes" + "context" + "crypto" ++ "crypto/hkdf" + "crypto/hmac" +- "crypto/internal/fips140/hkdf" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/mlkem" +- "crypto/internal/fips140/tls13" + "crypto/internal/hpke" + "crypto/rsa" + "crypto/tls/internal/fips140tls" ++ "crypto/tls/internal/tls13" + "errors" + "hash" + "internal/byteorder" +@@ -470,15 +471,19 @@ func (hs *serverHandshakeStateTLS13) checkForResumption() error { + // interfaces implemented by standard library hashes to clone the state of in + // to a new instance of h. It returns nil if the operation fails. + func cloneHash(in hash.Hash, h crypto.Hash) hash.Hash { ++ if boring.Enabled { ++ // CNG and OpenSSL with SymCrypt hash functions do not implement the ++ // encoding.BinaryMarshaler interface, but they do implement the Clone method. ++ if cloner, ok := in.(interface{ Clone() hash.Hash }); ok { ++ return cloner.Clone() ++ } ++ } + // Recreate the interface to avoid importing encoding. + type binaryMarshaler interface { + MarshalBinary() (data []byte, err error) + UnmarshalBinary(data []byte) error + } + marshaler, ok := in.(binaryMarshaler) +- if !ok { +- return nil +- } + state, err := marshaler.MarshalBinary() + if err != nil { + return nil +@@ -572,8 +577,12 @@ func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) + if err := transcriptMsg(helloRetryRequest, confTranscript); err != nil { + return nil, err + } ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil) ++ if err != nil { ++ return nil, err ++ } + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil), ++ secret, + "hrr ech accept confirmation", + confTranscript.Sum(nil), + 8, +@@ -734,9 +743,13 @@ func (hs *serverHandshakeStateTLS13) sendServerParameters() error { + if err := transcriptMsg(hs.hello, echTranscript); err != nil { + return err + } ++ secret, err := hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil) ++ if err != nil { ++ return err ++ } + // compute the acceptance message + acceptConfirmation := tls13.ExpandLabel(hs.suite.hash.New, +- hkdf.Extract(hs.suite.hash.New, hs.clientHello.random, nil), ++ secret, + "ech accept confirmation", + echTranscript.Sum(nil), + 8, +diff --git a/src/crypto/tls/internal/fips140tls/fipstls.go b/src/crypto/tls/internal/fips140tls/fipstls.go +index 24d78d60cf5b64..a6bfd3f17c1911 100644 +--- a/src/crypto/tls/internal/fips140tls/fipstls.go ++++ b/src/crypto/tls/internal/fips140tls/fipstls.go +@@ -6,6 +6,7 @@ + package fips140tls + + import ( ++ bfips140 "crypto/internal/backend/fips140" + "crypto/internal/fips140" + "sync/atomic" + ) +@@ -13,7 +14,7 @@ import ( + var required atomic.Bool + + func init() { +- if fips140.Enabled { ++ if fips140.Enabled || bfips140.Enabled() { + Force() + } + } +diff --git a/src/crypto/tls/internal/tls13/doc.go b/src/crypto/tls/internal/tls13/doc.go +new file mode 100644 +index 00000000000000..1adf3098356307 +--- /dev/null ++++ b/src/crypto/tls/internal/tls13/doc.go +@@ -0,0 +1,18 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++/* ++Microsoft Go only package. ++ ++TLS 1.3 Key Schedule is normally not part of the FIPS boundary, but upstream Go ++decided to include it in the FIPS boundary to facilitate the FIPS 140-3 certification ++process. ++ ++The problem is that crypto/internal/fips140/tls13 uses crypto/internal/fips140/hkdf, ++which can't be patched to use other backends. ++ ++To solve this problem, we created this package, which is a direct copy of ++crypto/internal/fips140/tls13, but uses crypto/hkdf instead of crypto/internal/fips140/hkdf. ++*/ ++package tls13 +diff --git a/src/crypto/tls/internal/tls13/tls13.go b/src/crypto/tls/internal/tls13/tls13.go +new file mode 100644 +index 00000000000000..573896b9c1e6a8 +--- /dev/null ++++ b/src/crypto/tls/internal/tls13/tls13.go +@@ -0,0 +1,182 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Package tls13 implements the TLS 1.3 Key Schedule as specified in RFC 8446, ++// Section 7.1 and allowed by FIPS 140-3 IG 2.4.B Resolution 7. ++package tls13 ++ ++import ( ++ "crypto/hkdf" ++ "hash" ++ "internal/byteorder" ++) ++ ++// We don't set the service indicator in this package but we delegate that to ++// the underlying functions because the TLS 1.3 KDF does not have a standard of ++// its own. ++ ++// ExpandLabel implements HKDF-Expand-Label from RFC 8446, Section 7.1. ++func ExpandLabel[H hash.Hash](hash func() H, secret []byte, label string, context []byte, length int) []byte { ++ if len("tls13 ")+len(label) > 255 || len(context) > 255 { ++ // It should be impossible for this to panic: labels are fixed strings, ++ // and context is either a fixed-length computed hash, or parsed from a ++ // field which has the same length limitation. ++ // ++ // Another reasonable approach might be to return a randomized slice if ++ // we encounter an error, which would break the connection, but avoid ++ // panicking. This would perhaps be safer but significantly more ++ // confusing to users. ++ panic("tls13: label or context too long") ++ } ++ hkdfLabel := make([]byte, 0, 2+1+len("tls13 ")+len(label)+1+len(context)) ++ hkdfLabel = byteorder.BEAppendUint16(hkdfLabel, uint16(length)) ++ hkdfLabel = append(hkdfLabel, byte(len("tls13 ")+len(label))) ++ hkdfLabel = append(hkdfLabel, "tls13 "...) ++ hkdfLabel = append(hkdfLabel, label...) ++ hkdfLabel = append(hkdfLabel, byte(len(context))) ++ hkdfLabel = append(hkdfLabel, context...) ++ key, err := hkdf.Expand(hash, secret, string(hkdfLabel), length) ++ if err != nil { ++ panic(err) ++ } ++ return key ++} ++ ++func extract[H hash.Hash](hash func() H, newSecret, currentSecret []byte) []byte { ++ if newSecret == nil { ++ newSecret = make([]byte, hash().Size()) ++ } ++ prk, err := hkdf.Extract(hash, newSecret, currentSecret) ++ if err != nil { ++ panic(err) ++ } ++ return prk ++} ++ ++func deriveSecret[H hash.Hash](hash func() H, secret []byte, label string, transcript hash.Hash) []byte { ++ if transcript == nil { ++ transcript = hash() ++ } ++ return ExpandLabel(hash, secret, label, transcript.Sum(nil), transcript.Size()) ++} ++ ++const ( ++ resumptionBinderLabel = "res binder" ++ clientEarlyTrafficLabel = "c e traffic" ++ clientHandshakeTrafficLabel = "c hs traffic" ++ serverHandshakeTrafficLabel = "s hs traffic" ++ clientApplicationTrafficLabel = "c ap traffic" ++ serverApplicationTrafficLabel = "s ap traffic" ++ earlyExporterLabel = "e exp master" ++ exporterLabel = "exp master" ++ resumptionLabel = "res master" ++) ++ ++type EarlySecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++func NewEarlySecret[H hash.Hash](h func() H, psk []byte) *EarlySecret { ++ return &EarlySecret{ ++ secret: extract(h, psk, nil), ++ hash: func() hash.Hash { return h() }, ++ } ++} ++ ++func (s *EarlySecret) ResumptionBinderKey() []byte { ++ return deriveSecret(s.hash, s.secret, resumptionBinderLabel, nil) ++} ++ ++// ClientEarlyTrafficSecret derives the client_early_traffic_secret from the ++// early secret and the transcript up to the ClientHello. ++func (s *EarlySecret) ClientEarlyTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, clientEarlyTrafficLabel, transcript) ++} ++ ++type HandshakeSecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++func (s *EarlySecret) HandshakeSecret(sharedSecret []byte) *HandshakeSecret { ++ derived := deriveSecret(s.hash, s.secret, "derived", nil) ++ return &HandshakeSecret{ ++ secret: extract(s.hash, sharedSecret, derived), ++ hash: s.hash, ++ } ++} ++ ++// ClientHandshakeTrafficSecret derives the client_handshake_traffic_secret from ++// the handshake secret and the transcript up to the ServerHello. ++func (s *HandshakeSecret) ClientHandshakeTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, clientHandshakeTrafficLabel, transcript) ++} ++ ++// ServerHandshakeTrafficSecret derives the server_handshake_traffic_secret from ++// the handshake secret and the transcript up to the ServerHello. ++func (s *HandshakeSecret) ServerHandshakeTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, serverHandshakeTrafficLabel, transcript) ++} ++ ++type MasterSecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++func (s *HandshakeSecret) MasterSecret() *MasterSecret { ++ derived := deriveSecret(s.hash, s.secret, "derived", nil) ++ return &MasterSecret{ ++ secret: extract(s.hash, nil, derived), ++ hash: s.hash, ++ } ++} ++ ++// ClientApplicationTrafficSecret derives the client_application_traffic_secret_0 ++// from the master secret and the transcript up to the server Finished. ++func (s *MasterSecret) ClientApplicationTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, clientApplicationTrafficLabel, transcript) ++} ++ ++// ServerApplicationTrafficSecret derives the server_application_traffic_secret_0 ++// from the master secret and the transcript up to the server Finished. ++func (s *MasterSecret) ServerApplicationTrafficSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, serverApplicationTrafficLabel, transcript) ++} ++ ++// ResumptionMasterSecret derives the resumption_master_secret from the master secret ++// and the transcript up to the client Finished. ++func (s *MasterSecret) ResumptionMasterSecret(transcript hash.Hash) []byte { ++ return deriveSecret(s.hash, s.secret, resumptionLabel, transcript) ++} ++ ++type ExporterMasterSecret struct { ++ secret []byte ++ hash func() hash.Hash ++} ++ ++// ExporterMasterSecret derives the exporter_master_secret from the master secret ++// and the transcript up to the server Finished. ++func (s *MasterSecret) ExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret { ++ return &ExporterMasterSecret{ ++ secret: deriveSecret(s.hash, s.secret, exporterLabel, transcript), ++ hash: s.hash, ++ } ++} ++ ++// EarlyExporterMasterSecret derives the exporter_master_secret from the early secret ++// and the transcript up to the ClientHello. ++func (s *EarlySecret) EarlyExporterMasterSecret(transcript hash.Hash) *ExporterMasterSecret { ++ return &ExporterMasterSecret{ ++ secret: deriveSecret(s.hash, s.secret, earlyExporterLabel, transcript), ++ hash: s.hash, ++ } ++} ++ ++func (s *ExporterMasterSecret) Exporter(label string, context []byte, length int) []byte { ++ secret := deriveSecret(s.hash, s.secret, label, nil) ++ h := s.hash() ++ h.Write(context) ++ return ExpandLabel(s.hash, secret, "exporter", h.Sum(nil), length) ++} +diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go +index 38d6d3f7be1673..b236ae44a34030 100644 +--- a/src/crypto/tls/key_schedule.go ++++ b/src/crypto/tls/key_schedule.go +@@ -8,7 +8,7 @@ import ( + "crypto/ecdh" + "crypto/hmac" + "crypto/internal/fips140/mlkem" +- "crypto/internal/fips140/tls13" ++ "crypto/tls/internal/tls13" + "errors" + "hash" + "io" +diff --git a/src/crypto/tls/prf.go b/src/crypto/tls/prf.go +index e7369542a73270..ff52175e4ac636 100644 +--- a/src/crypto/tls/prf.go ++++ b/src/crypto/tls/prf.go +@@ -7,6 +7,7 @@ package tls + import ( + "crypto" + "crypto/hmac" ++ boring "crypto/internal/backend" + "crypto/internal/fips140/tls12" + "crypto/md5" + "crypto/sha1" +@@ -47,9 +48,42 @@ func pHash(result, secret, seed []byte, hash func() hash.Hash) { + } + } + ++type boringPRFError struct { ++ err error ++} ++ ++func (e *boringPRFError) Error() string { ++ return e.err.Error() ++} ++ ++// recoverFromBoringPRFError recovers from a panic caused by the boring backend. ++// It returns the error if it was a boringPRFError, or panics if the panic was ++// caused by something else. ++func recoverFromBoringPRFError() error { ++ if p := recover(); p != nil { ++ if err, ok := p.(boringPRFError); ok { ++ // Could happen, for example, if the seed is too large. The Go implementation doesn't limit the seed size, ++ // as RFC 5705 doesn't specify a limit, but stock OpenSSL restrict it to 1024 and CNG to 256. ++ return err.err ++ } ++ panic(p) ++ } ++ return nil ++} ++ ++func panicBoringPRFError(err error) { ++ panic(boringPRFError{err}) ++} ++ + // prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, Section 5. + func prf10(secret []byte, label string, seed []byte, keyLen int) []byte { + result := make([]byte, keyLen) ++ if boring.Enabled && boring.SupportsTLS1PRF() { ++ if err := boring.TLS1PRF(result, secret, []byte(label), seed, nil); err != nil { ++ panicBoringPRFError(fmt.Errorf("crypto/tls: prf10: %v", err)) ++ } ++ return result ++ } + hashSHA1 := sha1.New + hashMD5 := md5.New + +@@ -72,6 +106,13 @@ func prf10(secret []byte, label string, seed []byte, keyLen int) []byte { + // prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, Section 5. + func prf12(hashFunc func() hash.Hash) prfFunc { + return func(secret []byte, label string, seed []byte, keyLen int) []byte { ++ if boring.Enabled && boring.SupportsTLS1PRF() { ++ result := make([]byte, keyLen) ++ if err := boring.TLS1PRF(result, secret, []byte(label), seed, hashFunc); err != nil { ++ panicBoringPRFError(fmt.Errorf("crypto/tls: prf12: %v", err)) ++ } ++ return result ++ } + return tls12.PRF(hashFunc, secret, label, seed, keyLen) + } + } +diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go +index 8d175079a8c793..c2846667df81de 100644 +--- a/src/go/build/deps_test.go ++++ b/src/go/build/deps_test.go +@@ -537,6 +537,7 @@ var depsRules = ` + crypto/pbkdf2, + crypto/ecdh, + crypto/mlkem ++ < crypto/tls/internal/tls13 + < CRYPTO; + + CGO, fmt, net !< CRYPTO; +@@ -561,7 +562,7 @@ var depsRules = ` + + # TLS, Prince of Dependencies. + +- FIPS, sync/atomic < crypto/tls/internal/fips140tls; ++ FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls; + + crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly; + +diff --git a/src/hash/boring_test.go b/src/hash/boring_test.go +new file mode 100644 +index 00000000000000..52748c44698076 +--- /dev/null ++++ b/src/hash/boring_test.go +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.systemcrypto ++ ++package hash_test ++ ++const boringEnabled = true +diff --git a/src/hash/example_test.go b/src/hash/example_test.go +index f07b9aaa2c4898..b380537215634d 100644 +--- a/src/hash/example_test.go ++++ b/src/hash/example_test.go +@@ -2,6 +2,8 @@ + // Use of this source code is governed by a BSD-style + // license that can be found in the LICENSE file. + ++//go:build !goexperiment.systemcrypto ++ + package hash_test + + import ( +diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go +index 3091f7a67acede..23736034d5c352 100644 +--- a/src/hash/marshal_test.go ++++ b/src/hash/marshal_test.go +@@ -21,6 +21,7 @@ import ( + "hash/crc32" + "hash/crc64" + "hash/fnv" ++ "strings" + "testing" + ) + +@@ -65,6 +66,11 @@ func TestMarshalHash(t *testing.T) { + } + + h := tt.new() ++ if boringEnabled { ++ if _, ok := h.(encoding.BinaryMarshaler); !ok { ++ t.Skip("BinaryMarshaler not implemented") ++ } ++ } + h.Write(buf[:256]) + sum := h.Sum(nil) + +@@ -80,6 +86,9 @@ func TestMarshalHash(t *testing.T) { + } + enc, err := h2m.MarshalBinary() + if err != nil { ++ if strings.Contains(err.Error(), "hash state is not marshallable") { ++ t.Skip("BinaryMarshaler not supported") ++ } + t.Fatalf("MarshalBinary: %v", err) + } + if !bytes.Equal(enc, tt.golden) { +diff --git a/src/hash/notboring_test.go b/src/hash/notboring_test.go +new file mode 100644 +index 00000000000000..11dc691600b110 +--- /dev/null ++++ b/src/hash/notboring_test.go +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !goexperiment.systemcrypto ++ ++package hash_test ++ ++const boringEnabled = false +diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go +index 389eda9ad54b99..110d60beb0e70c 100644 +--- a/src/net/smtp/smtp_test.go ++++ b/src/net/smtp/smtp_test.go +@@ -1136,40 +1136,60 @@ func sendMail(hostPort string) error { + + // localhostCert is a PEM-encoded TLS cert generated from src/crypto/tls: + // +-// go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com \ ++// Use a 2048-bits RSA key to make it FIPS-compliant. ++// go run generate_cert.go --rsa-bits 2048 --host 127.0.0.1,::1,example.com \ + // --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h + var localhostCert = []byte(` + -----BEGIN CERTIFICATE----- +-MIICFDCCAX2gAwIBAgIRAK0xjnaPuNDSreeXb+z+0u4wDQYJKoZIhvcNAQELBQAw +-EjEQMA4GA1UEChMHQWNtZSBDbzAgFw03MDAxMDEwMDAwMDBaGA8yMDg0MDEyOTE2 +-MDAwMFowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw +-gYkCgYEA0nFbQQuOWsjbGtejcpWz153OlziZM4bVjJ9jYruNw5n2Ry6uYQAffhqa +-JOInCmmcVe2siJglsyH9aRh6vKiobBbIUXXUU1ABd56ebAzlt0LobLlx7pZEMy30 +-LqIi9E6zmL3YvdGzpYlkFRnRrqwEtWYbGBf3znO250S56CCWH2UCAwEAAaNoMGYw +-DgYDVR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQF +-MAMBAf8wLgYDVR0RBCcwJYILZXhhbXBsZS5jb22HBH8AAAGHEAAAAAAAAAAAAAAA +-AAAAAAEwDQYJKoZIhvcNAQELBQADgYEAbZtDS2dVuBYvb+MnolWnCNqvw1w5Gtgi +-NmvQQPOMgM3m+oQSCPRTNGSg25e1Qbo7bgQDv8ZTnq8FgOJ/rbkyERw2JckkHpD4 +-n4qcK27WkEDBtQFlPihIM8hLIuzWoi/9wygiElTy/tVL3y7fGCvY2/k1KBthtZGF +-tN8URjVmyEo= ++MIIDOTCCAiGgAwIBAgIQKhWw7zkzXjX78HaPlVbNrjANBgkqhkiG9w0BAQsFADAS ++MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw ++MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A ++MIIBCgKCAQEAy1EYLA8IFvZyUPY+uI7KToneaQPvIzQiOeWlDnFnoanw6h3KpoVc +++yNbinK41WfXoSN/1kJ9gmGiFhJTPZ4rQ7DJsD7ethcpuz4uIimdWPohcBzwgbx4 ++wjhUgfUsCO6m76fFqrhbkHMDiS2iUjg2gyMVQCrqi8EuBW16yFQdJqPU04p+2rYw ++eJ9lzdeSLR4yvx7p1JS8sS4DbSyrAUaJ9J1sH/gu0nSHNMo7WtIu9K8JmPeYR4X5 ++5KLURBU9PmvoGW+5ss/xS6SnacHAD9FebNPQqGB/soBA9gdJIN+5KW0xcE38Zz5Q ++wAAUiU+VlWuZmge0sI8Ix8uIPIvGQSKN0wIDAQABo4GIMIGFMA4GA1UdDwEB/wQE ++AwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud ++DgQWBBRNMP9Cr0yrXpMpsgEtDr8FPmUEazAuBgNVHREEJzAlggtleGFtcGxlLmNv ++bYcEfwAAAYcQAAAAAAAAAAAAAAAAAAAAATANBgkqhkiG9w0BAQsFAAOCAQEAF0/z ++KEnZrAsz4ov4fEvKY42EbKPm8s0pklPLmKVIh/iS7jTxxxvgDtOToiJ6IXY8Cfb3 ++nG1i78YakoVPUL5Cfh5LKDefMoefk6575ur2+gSdzgNmKUnlVfOMfpflia/ugATZ ++5ORhpmKRKWzwXQ67S5XeVlZAehTsywQstsDu8WEVoSUnRSk1jZsCThOQfdlpox+K ++71rGPSTxB9yCHMzZsk4xyZlGLaC0vDSJ+Zb5gWvAcvkSnpREvmc3/9TaW/lbUed6 ++uhO17lARcUhPCzkR5wAZCo/PihHMSXL8cqT4QdIux75OBxB/3EgLHL7KQw28A50g ++DogldK8zx1ZADmupUA== + -----END CERTIFICATE-----`) + + // localhostKey is the private key for localhostCert. + var localhostKey = []byte(testingKey(` + -----BEGIN RSA TESTING KEY----- +-MIICXgIBAAKBgQDScVtBC45ayNsa16NylbPXnc6XOJkzhtWMn2Niu43DmfZHLq5h +-AB9+Gpok4icKaZxV7ayImCWzIf1pGHq8qKhsFshRddRTUAF3np5sDOW3QuhsuXHu +-lkQzLfQuoiL0TrOYvdi90bOliWQVGdGurAS1ZhsYF/fOc7bnRLnoIJYfZQIDAQAB +-AoGBAMst7OgpKyFV6c3JwyI/jWqxDySL3caU+RuTTBaodKAUx2ZEmNJIlx9eudLA +-kucHvoxsM/eRxlxkhdFxdBcwU6J+zqooTnhu/FE3jhrT1lPrbhfGhyKnUrB0KKMM +-VY3IQZyiehpxaeXAwoAou6TbWoTpl9t8ImAqAMY8hlULCUqlAkEA+9+Ry5FSYK/m +-542LujIcCaIGoG1/Te6Sxr3hsPagKC2rH20rDLqXwEedSFOpSS0vpzlPAzy/6Rbb +-PHTJUhNdwwJBANXkA+TkMdbJI5do9/mn//U0LfrCR9NkcoYohxfKz8JuhgRQxzF2 +-6jpo3q7CdTuuRixLWVfeJzcrAyNrVcBq87cCQFkTCtOMNC7fZnCTPUv+9q1tcJyB +-vNjJu3yvoEZeIeuzouX9TJE21/33FaeDdsXbRhQEj23cqR38qFHsF1qAYNMCQQDP +-QXLEiJoClkR2orAmqjPLVhR3t2oB3INcnEjLNSq8LHyQEfXyaFfu4U9l5+fRPL2i +-jiC0k/9L5dHUsF0XZothAkEA23ddgRs+Id/HxtojqqUT27B8MT/IGNrYsp4DvS/c +-qgkeluku4GjxRlDMBuXk94xOBEinUs+p/hwP1Alll80Tpg== ++MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDLURgsDwgW9nJQ ++9j64jspOid5pA+8jNCI55aUOcWehqfDqHcqmhVz7I1uKcrjVZ9ehI3/WQn2CYaIW ++ElM9nitDsMmwPt62Fym7Pi4iKZ1Y+iFwHPCBvHjCOFSB9SwI7qbvp8WquFuQcwOJ ++LaJSODaDIxVAKuqLwS4FbXrIVB0mo9TTin7atjB4n2XN15ItHjK/HunUlLyxLgNt ++LKsBRon0nWwf+C7SdIc0yjta0i70rwmY95hHhfnkotREFT0+a+gZb7myz/FLpKdp ++wcAP0V5s09CoYH+ygED2B0kg37kpbTFwTfxnPlDAABSJT5WVa5maB7SwjwjHy4g8 ++i8ZBIo3TAgMBAAECggEAc7dv/oN/ozIY1iOQhxId6p1lTHfEv1CIulMNoi7BQK2s ++RFM4Z5Y32WfCTgYFVNCJVVkTBStKq85Npio/3i4Libcw03K05wY/5iX5s8/jkiSq ++q1iNOgm+4SuWTXDw4xSRRo1CX2wWERykwoqKfCkqPXDWQ3Mpkukb/FLXMvVMshRA ++9v9L6MyrCnsFHl8q2J6hcC+RQJ0pb5I4NF6KhMxABWxxxlDO0zYLA0wfhEn8nj/l ++J37QLHmsA7pzxo+NqDTPgpfBuuTbRVGMkC+fPCXYinbubBeURFO2j2yBlseK+Vbd ++sEffiAnPr4ocCz0k0tHAMMY7hKHup2HWuJGFu0IhAQKBgQDkKFEEcYWNx5Ybl1LV ++qr2qIYofpFL+Gu5MWSZxzZbE8u9v0tTsp8SRhXkgjeHY6qjBUBnLgklOKwSigQAm ++j9de44cXjnUIArzeAHsH3fzpYrLfsvBla6wQyr34D0chVCZ0cX/s/zXkSN4PcEkA ++GGfKAENrGskDyc4uq1sIactu8wKBgQDkIL/XT7ysvsaxA+SfIs2CHgb8GNKgtoI1 ++QyR0+MfeJGCLwI9qcLbVzXda34qrzQw3YLIm2VHqhzJ4zb0gnyJ4adPZYwpLTgiU ++jVksBVIwBTfbxYvF2+07poCSobCFKLGQnAujhDDIGDAUKQXQmFcqUNWw0QHfQzkS ++xs36H27doQKBgQCjM8+YLRgKbc0LGXhwTHz1GJ6zuZiAGYWB6XddimEhqmDpjVcv ++nWY3bdFSHwuBXYGvHfwFncGP/6eGEl6oNtYpEvoMOKOwQj0VVCStYPZLf4VSDK52 ++7ckcDdpLeao4xffn7VRDk97Z1+G4C2q8fbioPv36vCMz6YPp0DsCzqJtTwKBgCUN ++4LtDW10fu7xC6p6ik4jgAbhu+79ZBbtLBZ/uTOCbPgdVJrZeSoRd1FYxWx/etW5F ++SYqf3/tdLGiM2nxy/LFcVynHOYPTz/b5IpPQ5XGhV1peMv7XYyg+OkIW+0oVuwnH ++HujXbukBbMXJiAVCyV25NYx71ncCP0H6grhu5J4hAoGAUaketZWHD/ks9JCoPtfy ++pNnXqrIvTp1cSGJpVUQT/DUqAjevyZ5Q8PFPf09BZ6uYlXtCqsp7pA/fqNdlJRPR ++tHRjpZ5XauBiFdpRNH4tJBTiWWhyuWhkWn369Az7HP3CIlJLeq2FlKCvMClcO4op ++Qc9LHT7jqtcy+LqAVBpsJ/o= + -----END RSA TESTING KEY-----`)) + + func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } diff --git a/patches/0007-Add-backend-code-gen.patch b/patches/0008-Add-backend-code-gen.patch similarity index 100% rename from patches/0007-Add-backend-code-gen.patch rename to patches/0008-Add-backend-code-gen.patch diff --git a/patches/0008-Update-default-go.env.patch b/patches/0009-Update-default-go.env.patch similarity index 100% rename from patches/0008-Update-default-go.env.patch rename to patches/0009-Update-default-go.env.patch diff --git a/patches/0009-Skip-failing-tests-on-Windows.patch b/patches/0010-Skip-failing-tests-on-Windows.patch similarity index 100% rename from patches/0009-Skip-failing-tests-on-Windows.patch rename to patches/0010-Skip-failing-tests-on-Windows.patch diff --git a/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch similarity index 100% rename from patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch rename to patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch diff --git a/patches/0011-add-support-for-logging-used-Windows-APIs.patch b/patches/0012-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0011-add-support-for-logging-used-Windows-APIs.patch rename to patches/0012-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0012-remove-long-path-support-hack.patch b/patches/0013-remove-long-path-support-hack.patch similarity index 100% rename from patches/0012-remove-long-path-support-hack.patch rename to patches/0013-remove-long-path-support-hack.patch diff --git a/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch diff --git a/patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0015-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch similarity index 100% rename from patches/0014-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch rename to patches/0015-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch From c0e24e133557ac46ad64fc407a08791d0a8615de Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 14 Jan 2025 15:18:55 +0100 Subject: [PATCH 187/887] patch crypto/fips140.Enabled() --- patches/0007-Use-crypto-backends.patch | 51 ++++++++++++++++++++------ 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/patches/0007-Use-crypto-backends.patch b/patches/0007-Use-crypto-backends.patch index f00c8e992fe..37d40160d56 100644 --- a/patches/0007-Use-crypto-backends.patch +++ b/patches/0007-Use-crypto-backends.patch @@ -25,6 +25,7 @@ Subject: [PATCH] Use crypto backends src/crypto/ed25519/boring.go | 71 +++++++ src/crypto/ed25519/ed25519.go | 73 +++++++ src/crypto/ed25519/notboring.go | 16 ++ + src/crypto/fips140/fips140.go | 3 +- src/crypto/hkdf/hkdf.go | 14 ++ src/crypto/hkdf/hkdf_test.go | 2 +- src/crypto/hmac/hmac.go | 2 +- @@ -60,18 +61,18 @@ Subject: [PATCH] Use crypto backends src/crypto/tls/handshake_client_tls13.go | 16 +- src/crypto/tls/handshake_server.go | 10 +- src/crypto/tls/handshake_server_tls13.go | 27 ++- - src/crypto/tls/internal/fips140tls/fipstls.go | 3 +- + src/crypto/tls/internal/fips140tls/fipstls.go | 4 +- src/crypto/tls/internal/tls13/doc.go | 18 ++ src/crypto/tls/internal/tls13/tls13.go | 182 ++++++++++++++++++ src/crypto/tls/key_schedule.go | 2 +- src/crypto/tls/prf.go | 41 ++++ - src/go/build/deps_test.go | 3 +- + src/go/build/deps_test.go | 5 +- src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + src/hash/marshal_test.go | 9 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++--- - 67 files changed, 1009 insertions(+), 97 deletions(-) + 68 files changed, 1012 insertions(+), 100 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -846,6 +847,25 @@ index 00000000000000..b0cdd44d81c753 +func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) { + panic("boringcrypto: not available") +} +diff --git a/src/crypto/fips140/fips140.go b/src/crypto/fips140/fips140.go +index 41d0d170cf9fc8..b6b413532d8104 100644 +--- a/src/crypto/fips140/fips140.go ++++ b/src/crypto/fips140/fips140.go +@@ -5,6 +5,7 @@ + package fips140 + + import ( ++ bfips140 "crypto/internal/backend/fips140" + "crypto/internal/fips140" + "crypto/internal/fips140/check" + "internal/godebug" +@@ -29,5 +30,5 @@ func Enabled() bool { + if fips140.Enabled && !check.Verified { + panic("crypto/fips140: FIPS 140-3 mode enabled, but integrity check didn't pass") + } +- return fips140.Enabled ++ return fips140.Enabled || bfips140.Enabled() + } diff --git a/src/crypto/hkdf/hkdf.go b/src/crypto/hkdf/hkdf.go index 6b02522866d57f..37e67ec184af5d 100644 --- a/src/crypto/hkdf/hkdf.go @@ -1938,23 +1958,23 @@ index 76fff6974e7403..3ef8b56e5c7898 100644 echTranscript.Sum(nil), 8, diff --git a/src/crypto/tls/internal/fips140tls/fipstls.go b/src/crypto/tls/internal/fips140tls/fipstls.go -index 24d78d60cf5b64..a6bfd3f17c1911 100644 +index 24d78d60cf5b64..0b87185683ab8b 100644 --- a/src/crypto/tls/internal/fips140tls/fipstls.go +++ b/src/crypto/tls/internal/fips140tls/fipstls.go -@@ -6,6 +6,7 @@ +@@ -6,14 +6,14 @@ package fips140tls import ( -+ bfips140 "crypto/internal/backend/fips140" - "crypto/internal/fips140" +- "crypto/internal/fips140" ++ "crypto/fips140" "sync/atomic" ) -@@ -13,7 +14,7 @@ import ( + var required atomic.Bool func init() { - if fips140.Enabled { -+ if fips140.Enabled || bfips140.Enabled() { ++ if fips140.Enabled() { Force() } } @@ -2253,9 +2273,18 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 8d175079a8c793..c2846667df81de 100644 +index 8d175079a8c793..48879720026837 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go +@@ -495,7 +495,7 @@ var depsRules = ` + + syscall < crypto/internal/backend/fips140; + +- FIPS, internal/godebug < crypto/fips140; ++ FIPS, internal/godebug, crypto/internal/backend/fips140 < crypto/fips140; + + crypto, hash !< FIPS; + @@ -537,6 +537,7 @@ var depsRules = ` crypto/pbkdf2, crypto/ecdh, @@ -2269,7 +2298,7 @@ index 8d175079a8c793..c2846667df81de 100644 # TLS, Prince of Dependencies. - FIPS, sync/atomic < crypto/tls/internal/fips140tls; -+ FIPS, sync/atomic, crypto/internal/backend/fips140 < crypto/tls/internal/fips140tls; ++ crypto/fips140, sync/atomic < crypto/tls/internal/fips140tls; crypto/internal/boring/sig, crypto/tls/internal/fips140tls < crypto/tls/fipsonly; From e8de376cbe4bd7711890e0ad11cecfa2434bfd12 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 15 Jan 2025 10:15:36 +0100 Subject: [PATCH 188/887] fix vendor patch --- patches/0002-Vendor-crypto-backends.patch | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 27f1d7f925f..41b7bc850c9 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -6,7 +6,7 @@ Subject: [PATCH] Vendor crypto backends To reproduce changes in 'src/vendor', run 'go mod vendor' in 'src'. Use a 'go' that was recently built by the current branch to ensure stable results. --- - src/crypto/internal/backend/deps_ignore.go | 16 + + src/crypto/internal/backend/deps_ignore.go | 19 + src/go.mod | 5 + src/go.sum | 4 + src/go/build/vendor_test.go | 2 + @@ -74,7 +74,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 11 + - 68 files changed, 11002 insertions(+) + 68 files changed, 11005 insertions(+) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -142,21 +142,24 @@ Use a 'go' that was recently built by the current branch to ensure stable result diff --git a/src/crypto/internal/backend/deps_ignore.go b/src/crypto/internal/backend/deps_ignore.go new file mode 100644 -index 00000000000000..7e537a55af954e +index 00000000000000..979ee34f54acba --- /dev/null +++ b/src/crypto/internal/backend/deps_ignore.go -@@ -0,0 +1,16 @@ +@@ -0,0 +1,19 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build ignore ++//go:build ms_ignore_backend_deps + +package backend + +import ( + _ "github.com/golang-fips/openssl/v2" ++ _ "github.com/golang-fips/openssl/v2/bbig" ++ + _ "github.com/microsoft/go-crypto-winnative/cng" ++ _ "github.com/microsoft/go-crypto-winnative/cng/bbig" +) + +// This file is here just to declare the external dependencies From 800df7f7bad6a5041456aeba149570372dd5ffcb Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Wed, 15 Jan 2025 10:20:45 +0100 Subject: [PATCH 189/887] Add `Cross-Platform Cryptography` document (#1471) * first pass * add platform info * update symmetric encryption table * add RSA * add missing algos * add doc link * add tls and ed25519 * remove TLS 1.3 warning * add sep lines * cross Ed25519 on Windows * fix typo * fix table format * formating * Apply suggestions from code review Co-authored-by: George Adams * Apply suggestions from code review Co-authored-by: Davis Goodin * remove advantage bullets * add legend * Apply suggestions from code review Co-authored-by: Davis Goodin * clarify docs --------- Co-authored-by: George Adams Co-authored-by: Davis Goodin --- eng/doc/CrossPlatformCryptography.md | 342 +++++++++++++++++++++++++++ eng/doc/README.md | 1 + 2 files changed, 343 insertions(+) create mode 100644 eng/doc/CrossPlatformCryptography.md diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md new file mode 100644 index 00000000000..5e5196ecc0a --- /dev/null +++ b/eng/doc/CrossPlatformCryptography.md @@ -0,0 +1,342 @@ +# Cross-Platform Cryptography in Microsoft Go + +Cryptographic operations in Microsoft Go are delegated to the operating system (OS) libraries in some conditions described. +The high level conditions and the benefits of delegating cryptographic operations are described in the [Microsoft Go FIPS README](./Readme.md). +At a fine-grained level, Go apps will fall back to the native Go implementation of an algorithm if the OS libraries don't support it. +This article identifies the features that are supported on each platform. + +This article assumes you have a working familiarity with cryptography in Go. + +## Platform support + +Microsoft Go supports the following platforms: + +### Windows + +On Windows, Microsoft Go uses the [CNG library (Cryptography API: Next Generation)](https://learn.microsoft.com/en-us/windows/win32/seccng/cng-portal) for cryptographic operations. +CNG is available since Windows Vista and Windows Server 2008 and it doesn't require any additional installation nor configuration. + +### Linux + +On Linux, Microsoft Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) for cryptographic operations. +OpenSSL is normally available on Linux distributions, but it may not be installed by default. +If it is not installed, you can install it using the package manager of your distribution. + +OpenSSL 3 implements all the cryptographic algorithms using [Providers](https://docs.openssl.org/3.0/man7/crypto/#providers). +Microsoft Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later. +SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)). + +## Table legend + +The following legend describes the symbols used in the tables to indicate the level of support for each cryptographic algorithm: + +| Symbol | Meaning | +|--------|------------------------------------------------------------------------------------------------------------------------------| +| ✔️ | Supported, possibly with minor limitations that don't require special configuration when using the latest Go and OS versions | +| ⚠️ | Supported with limitations that require special configuration action | +| ❌ | Not supported | + +When an algorithm is not supported or the limitations are exceeded, Microsoft Go will fall back to the Go implementation. + +## Hash and Message Authentication Algorithms + +This section includes the following packages: + +* [crypto/md5](https://pkg.go.dev/crypto/md5) +* [crypto/sha1](https://pkg.go.dev/crypto/sha1) +* [crypto/sha256](https://pkg.go.dev/crypto/sha256) +* [crypto/sha512](https://pkg.go.dev/crypto/sha512) +* [crypto/sha3](https://pkg.go.dev/golang.org/x/crypto/sha3) +* [crypto/hmac](https://pkg.go.dev/crypto/hmac) + +|Algorithm |Windows |Linux | +|---------------------------|--------------------|---------------------| +| MD5 | ✔️ | ✔️ | +| SHA-1 | ✔️ | ✔️ | +| SHA-2-224 | ❌ | ✔️ | +| SHA-2-256 | ✔️ | ✔️ | +| SHA-2-384 | ✔️ | ✔️ | +| SHA-2-512 | ✔️ | ✔️ | +| SHA-2-512_224 | ❌ | ✔️1, 2 | +| SHA-2-512_256 | ❌ | ✔️1, 2 | +| SHA-3-224 | ❌ | ❌ | +| SHA-3-256 | ❌ | ❌ | +| SHA-3-384 | ❌ | ❌ | +| SHA-3-512 | ❌ | ❌ | +| SHAKE-128 | ❌ | ❌ | +| SHAKE-256 | ❌ | ❌ | +| CSHAKE-128 | ❌ | ❌ | +| CSHAKE-256 | ❌ | ❌ | +| HMAC3 | ✔️ | ✔️ | + +1Available starting in Microsoft Go 1.24. + +2Requires OpenSSL 1.1.1 or later. + +3Supports only hash algorithms that are supported as standalone hash functions. + +## Symmetric encryption + +This section includes the following packages: + +* [crypto/aes](https://pkg.go.dev/crypto/aes) +* [crypto/cipher](https://pkg.go.dev/crypto/cipher) +* [crypto/des](https://pkg.go.dev/crypto/des) +* [crypto/rc4](https://pkg.go.dev/crypto/rc4) + +| Cipher + Mode | Windows | Linux | +|---------------|----------|------------------| +| AES-ECB | ✔️ | ✔️ | +| AES-CBC | ✔️ | ✔️ | +| AES-CTR | ❌ | ✔️ | +| AES-CFB | ❌ | ❌ | +| AES-OFB | ❌ | ❌ | +| AES-GCM | ✔️ | ✔️ | +| DES-CBC | ✔️ | ⚠️1 | +| DES-ECB | ✔️ | ⚠️1 | +| 3DES-ECB | ✔️ | ✔️ | +| 3DES-CBC | ✔️ | ✔️ | +| RC4 | ✔️ | ⚠️1 | + +1When using OpenSSL 3, requires the legacy provider to be enabled. + +### AES-GCM keys, nonces, and tags + +* Key Sizes + + AES-GCM works with 128, 192, and 256-bit keys. + +* Nonce Sizes + + AES-GCM works with 12-byte nonces. + +* Tag Sizes + + AES-GCM works with 16-byte tags. + +## Asymmetric encryption + +This section includes the following subsections: + +* [RSA](#rsa) +* [ECDSA](#ecdsa) +* [ECDH](#ecdh) +* [Ed25519](#ed25519) +* [DSA](#dsa) + +### RSA + +This section includes the following packages: + +* [crypto/rsa](https://pkg.go.dev/crypto/rsa) + +| Padding Mode | Windows | Linux | +|----------------------------------------|----------------------|---------------------| +| OAEP (MD5) | ✔️ | ✔️ | +| OAEP (SHA-1) | ✔️ | ✔️ | +| OAEP (SHA-2)1 | ✔️ | ✔️ | +| OAEP (SHA-3) | ❌ | ❌ | +| PSS (MD5) | ✔️ | ✔️ | +| PSS (SHA-1) | ✔️ | ✔️ | +| PSS (SHA-2)1 | ✔️ | ✔️ | +| PSS (SHA-3) | ❌ | ❌ | +| PKCS1v15 Signature (Unhashed) | ✔️ | ✔️ | +| PKCS1v15 Signature (RIPMED160) | ❌ | ✔️2 | +| PKCS1v15 Signature (MD4) | ❌ | ✔️2 | +| PKCS1v15 Signature (MD5) | ✔️ | ✔️ | +| PKCS1v15 Signature (MD5-SHA1) | ✔️2 | ✔️2 | +| PKCS1v15 Signature (SHA-1) | ✔️ | ✔️ | +| PKCS1v15 Signature (SHA-2)1 | ✔️ | ✔️ | +| PKCS1v15 Signature (SHA-3) | ❌ | ❌ | + +1Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms). + +2Available starting in Microsoft Go 1.24. + +#### RSA key sizes + +[rsa.GenerateKey](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096. + +Multi-prime RSA keys are not supported. + +The RSA key size is subject to the limitations of the underlying cryptographic library. +For example, on some Windows and SCOSSL configurations, the key size should be multiple of 8. +Please refer to the documentation of the underlying cryptographic library for the specific limitations. + +#### PSS salt length + +On Windows, when verifying a PSS signature, [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. + +#### Random number generation + +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + +### ECDSA + +This section includes the following packages: + +* [crypto/ecdsa](https://pkg.go.dev/crypto/ecdsa) +* [crypto/elliptic](https://pkg.go.dev/crypto/elliptic) + +| Elliptic Curve | Windows | Linux | +|---------------------------|-------------|--------------| +| NIST P-224 (secp224r1) | ✔️ | ✔️ | +| NIST P-256 (secp256r1) | ✔️ | ✔️ | +| NIST P-384 (secp384r1) | ✔️ | ✔️ | +| NIST P-521 (secp521r1) | ✔️ | ✔️ | + +#### Random number generation + +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + +### ECDH + +This section includes the following packages: + +* [crypto/ecdh](https://pkg.go.dev/crypto/ecdsa) + +| Elliptic Curve | Windows | Linux | +|---------------------------|-------------|--------------| +| NIST P-224 (secp224r1) | ✔️ | ✔️ | +| NIST P-256 (secp256r1) | ✔️ | ✔️ | +| NIST P-384 (secp384r1) | ✔️ | ✔️ | +| NIST P-521 (secp521r1) | ✔️ | ✔️ | +| X25519 (curve25519) | ❌ | ❌ | + +#### Random number generation + +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + +### Ed25519 + +This section includes the following packages: + +* [crypto/ed25519](https://pkg.go.dev/crypto/ed25519) + +| Schemes | Windows | Linux | +|-------------|------------|---------------| +| Ed25519 | ❌ | ✔️ | +| Ed25519ctx | ❌ | ❌ | +| Ed25519ph | ❌ | ❌ | + +#### Random number generation + +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + +### DSA + +| Parameters | Windows | Linux | +|---------------|-------------|--------------| +| L1024N160 | ✔️ | ✔️ | +| L2048N224 | ❌ | ✔️ | +| L2048N256 | ✔️ | ✔️ | +| L3072N256 | ✔️ | ✔️ | + +## KDF + +This section includes the following packages: + +* [crypto/hkdf](https://pkg.go.dev/crypto/hkdf) +* [crypto/pbkdf2](https://pkg.go.dev/crypto/pbkdf2) + +| Functions | Windows | Linux | +|---------------|------------------|-------------------| +| PBKDF2 | ✔️ 1 | ✔️ 1 | +| HKDF | ✔️ 1 | ✔️ 1 | + +1Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms). + +## ML-KEM + +This section includes the following packages: + +* [crypto/mlkem](https://pkg.go.dev/crypto/mlkem) + +| Parameters | Windows | Linux | +|---------------|-------------|--------------| +| 768 | ❌ | ❌ | +| 1024 | ❌ | ❌ | + +## TLS + +This section includes the following subsections: + +* [TLS Versions](#tls-versions) +* [Cipher Suites](#cipher-suites) +* [Curves and Groups](#curves-and-groups) +* [Signature Algorithms](#signature-algorithms) + +This section includes the following packages: + +* [crypto/tls](https://pkg.go.dev/crypto/tls) + +### TLS Versions + +| Version | Windows | Linux | +|----------------|-------------|---------| +| SSL 3.0 | ❌ | ❌ | +| TLS 1.0 | ✔️ | ✔️ | +| TLS 1.2 | ✔️ | ✔️ | +| TLS 1.3 | ✔️ | ✔️ | + +### Cipher Suites + +| Name | Windows | Linux | +|---------------------------------------------------|-------------|-------------------| +| TLS_RSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | +| TLS_RSA_WITH_3DES_EDE_CBC_SHA | ✔️ | ⚠️1 | +| TLS_RSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | +| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | +| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ✔️ | ⚠️1 | +| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | +| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | +| TLS_AES_128_GCM_SHA256 | ✔️ | ✔️ | +| TLS_AES_256_GCM_SHA384 | ✔️ | ✔️ | +| TLS_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | +| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | + +1When using OpenSSL 3, requires the legacy provider to be enabled. + +### Curves and Groups + +| Name | Windows | Linux | +|-----------------|-------------|--------------| +| CurveP256 | ✔️ | ✔️ | +| CurveP384 | ✔️ | ✔️ | +| CurveP521 | ✔️ | ✔️ | +| X25519 | ❌ | ❌ | +| X25519MLKEM768 | ❌ | ❌ | + +### Signature Algorithms + +| Name | Windows | Linux | +|---------------------------|-------------|--------------| +| PKCS1WithSHA256 | ✔️ | ✔️ | +| PKCS1WithSHA384 | ✔️ | ✔️ | +| PKCS1WithSHA512 | ✔️ | ✔️ | +| PSSWithSHA256 | ✔️ | ✔️ | +| PSSWithSHA384 | ✔️ | ✔️ | +| PSSWithSHA512 | ✔️ | ✔️ | +| ECDSAWithP256AndSHA256 | ✔️ | ✔️ | +| ECDSAWithP384AndSHA384 | ✔️ | ✔️ | +| ECDSAWithP521AndSHA512 | ✔️ | ✔️ | +| Ed25519 | ❌ | ✔️ | +| PKCS1WithSHA1 | ✔️ | ✔️ | +| ECDSAWithSHA1 | ✔️ | ✔️ | diff --git a/eng/doc/README.md b/eng/doc/README.md index 87eee3c4f46..6c07ed6b63c 100644 --- a/eng/doc/README.md +++ b/eng/doc/README.md @@ -2,6 +2,7 @@ This directory, `/eng/doc`, contains documents describing the Microsoft infrastructure used to build Go, in particular any designs that are not obvious by reading the infrastructure code itself. +For cryptography information, see the [CrossPlatformCryptography.md](CrossPlatformCryptography.md) doc. For dev scenario documentation, see the [DeveloperGuide.md](DeveloperGuide.md) doc. The [Downloads.md](Downloads.md) doc contains a table of links to the latest assets for each supported Go release branch. From 691f82f8f202dbcebc2967f2b0d6b63a4638d129 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 15 Jan 2025 11:23:57 +0100 Subject: [PATCH 190/887] fix TestDependencies --- patches/0002-Vendor-crypto-backends.patch | 60 ++++++++++++++++++- .../0003-Add-crypto-backend-foundation.patch | 16 ++--- patches/0005-Add-OpenSSL-crypto-backend.patch | 51 +--------------- patches/0006-Add-CNG-crypto-backend.patch | 26 +------- 4 files changed, 67 insertions(+), 86 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 41b7bc850c9..3f1bf3427f2 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -9,6 +9,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result src/crypto/internal/backend/deps_ignore.go | 19 + src/go.mod | 5 + src/go.sum | 4 + + src/go/build/deps_test.go | 14 +- src/go/build/vendor_test.go | 2 + .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + @@ -74,7 +75,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 11 + - 68 files changed, 11005 insertions(+) + 69 files changed, 11016 insertions(+), 3 deletions(-) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -142,7 +143,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result diff --git a/src/crypto/internal/backend/deps_ignore.go b/src/crypto/internal/backend/deps_ignore.go new file mode 100644 -index 00000000000000..979ee34f54acba +index 00000000000000..ba6d196a54f69d --- /dev/null +++ b/src/crypto/internal/backend/deps_ignore.go @@ -0,0 +1,19 @@ @@ -152,7 +153,7 @@ index 00000000000000..979ee34f54acba + +//go:build ms_ignore_backend_deps + -+package backend ++package main + +import ( + _ "github.com/golang-fips/openssl/v2" @@ -190,6 +191,59 @@ index 9e661352f16e0b..abebb59dcd7739 100644 golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= +diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go +index e3e01077c18b17..5551a24f8a844e 100644 +--- a/src/go/build/deps_test.go ++++ b/src/go/build/deps_test.go +@@ -503,7 +503,7 @@ var depsRules = ` + NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; + sync/atomic < crypto/internal/boring/bcache; + +- FIPS, internal/godebug, hash, embed, ++ FIPS, internal/godebug, hash, embed, encoding/binary, + crypto/internal/boring/sig, + crypto/internal/boring/syso, + crypto/internal/boring/bcache +@@ -513,6 +513,12 @@ var depsRules = ` + < crypto/sha3 + < crypto/internal/fips140hash + < crypto/cipher ++ < github.com/golang-fips/openssl/v2/internal/subtle ++ < github.com/golang-fips/openssl/v2 ++ < github.com/microsoft/go-crypto-winnative/internal/subtle ++ < github.com/microsoft/go-crypto-winnative/internal/sysdll ++ < github.com/microsoft/go-crypto-winnative/internal/bcrypt ++ < github.com/microsoft/go-crypto-winnative/cng + < crypto/internal/boring + < crypto/boring + < crypto/aes, +@@ -534,6 +540,8 @@ var depsRules = ` + # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. + + CRYPTO, FMT, math/big ++ < github.com/golang-fips/openssl/v2/bbig ++ < github.com/microsoft/go-crypto-winnative/cng/bbig + < crypto/internal/boring/bbig + < crypto/rand + < crypto/ed25519 # depends on crypto/rand.Reader +@@ -837,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore") + + func findImports(pkg string) ([]string, error) { + vpkg := pkg +- if strings.HasPrefix(pkg, "golang.org") { ++ if strings.HasPrefix(pkg, "golang.org") || strings.HasPrefix(pkg, "github.com") { + vpkg = "vendor/" + pkg + } + dir := filepath.Join(Default.GOROOT, "src", vpkg) +@@ -847,7 +855,7 @@ func findImports(pkg string) ([]string, error) { + } + var imports []string + var haveImport = map[string]bool{} +- if pkg == "crypto/internal/boring" { ++ if pkg == "crypto/internal/boring" || pkg == "github.com/golang-fips/openssl/v2" { + haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports + } + fset := token.NewFileSet() diff --git a/src/go/build/vendor_test.go b/src/go/build/vendor_test.go index 7f6237ffd59c11..1d0b9b20e9b1d4 100644 --- a/src/go/build/vendor_test.go diff --git a/patches/0003-Add-crypto-backend-foundation.patch b/patches/0003-Add-crypto-backend-foundation.patch index 2d37ac5751f..1eae1e793f8 100644 --- a/patches/0003-Add-crypto-backend-foundation.patch +++ b/patches/0003-Add-crypto-backend-foundation.patch @@ -519,7 +519,7 @@ index 00000000000000..5e4b436554d44d +// from complaining about the missing body +// (because the implementation might be here). diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e3e01077c18b17..a46d6c034ca1e0 100644 +index 5551a24f8a844e..c86b63454c6f7a 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` @@ -532,7 +532,7 @@ index e3e01077c18b17..a46d6c034ca1e0 100644 crypto, hash !< FIPS; @@ -506,7 +508,8 @@ var depsRules = ` - FIPS, internal/godebug, hash, embed, + FIPS, internal/godebug, hash, embed, encoding/binary, crypto/internal/boring/sig, crypto/internal/boring/syso, - crypto/internal/boring/bcache @@ -541,17 +541,17 @@ index e3e01077c18b17..a46d6c034ca1e0 100644 < crypto/internal/fips140only < crypto < crypto/subtle -@@ -514,6 +517,7 @@ var depsRules = ` - < crypto/internal/fips140hash - < crypto/cipher +@@ -520,6 +523,7 @@ var depsRules = ` + < github.com/microsoft/go-crypto-winnative/internal/bcrypt + < github.com/microsoft/go-crypto-winnative/cng < crypto/internal/boring + < crypto/internal/backend < crypto/boring < crypto/aes, crypto/des, -@@ -535,6 +539,7 @@ var depsRules = ` - - CRYPTO, FMT, math/big +@@ -543,6 +547,7 @@ var depsRules = ` + < github.com/golang-fips/openssl/v2/bbig + < github.com/microsoft/go-crypto-winnative/cng/bbig < crypto/internal/boring/bbig + < crypto/internal/backend/bbig < crypto/rand diff --git a/patches/0005-Add-OpenSSL-crypto-backend.patch b/patches/0005-Add-OpenSSL-crypto-backend.patch index 7cfe62fcf7a..f58b2cbc2ea 100644 --- a/patches/0005-Add-OpenSSL-crypto-backend.patch +++ b/patches/0005-Add-OpenSSL-crypto-backend.patch @@ -9,9 +9,8 @@ Subject: [PATCH] Add OpenSSL crypto backend .../internal/backend/bbig/big_openssl.go | 12 + .../internal/backend/fips140/openssl.go | 41 ++ src/crypto/internal/backend/openssl_linux.go | 358 ++++++++++++++++++ - src/go/build/deps_test.go | 9 +- src/os/exec/exec_test.go | 9 + - 7 files changed, 428 insertions(+), 5 deletions(-) + 6 files changed, 422 insertions(+), 2 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -475,54 +474,6 @@ index 00000000000000..0f3aea733ac2a5 + + return openssl.VerifyDSA(pub, hashed, sig) +} -diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index a46d6c034ca1e0..12086de2c2e766 100644 ---- a/src/go/build/deps_test.go -+++ b/src/go/build/deps_test.go -@@ -505,7 +505,7 @@ var depsRules = ` - NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; - sync/atomic < crypto/internal/boring/bcache; - -- FIPS, internal/godebug, hash, embed, -+ FIPS, internal/godebug, hash, embed, encoding/binary, - crypto/internal/boring/sig, - crypto/internal/boring/syso, - crypto/internal/boring/bcache, -@@ -516,6 +516,8 @@ var depsRules = ` - < crypto/sha3 - < crypto/internal/fips140hash - < crypto/cipher -+ < github.com/golang-fips/openssl/v2/internal/subtle -+ < github.com/golang-fips/openssl/v2 - < crypto/internal/boring - < crypto/internal/backend - < crypto/boring -@@ -538,6 +540,7 @@ var depsRules = ` - # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. - - CRYPTO, FMT, math/big -+ < github.com/golang-fips/openssl/v2/bbig - < crypto/internal/boring/bbig - < crypto/internal/backend/bbig - < crypto/rand -@@ -842,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore") - - func findImports(pkg string) ([]string, error) { - vpkg := pkg -- if strings.HasPrefix(pkg, "golang.org") { -+ if strings.HasPrefix(pkg, "golang.org") || strings.HasPrefix(pkg, "github.com") { - vpkg = "vendor/" + pkg - } - dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -852,7 +855,7 @@ func findImports(pkg string) ([]string, error) { - } - var imports []string - var haveImport = map[string]bool{} -- if pkg == "crypto/internal/boring" { -+ if pkg == "crypto/internal/boring" || pkg == "github.com/golang-fips/openssl/v2" { - haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports - } - fset := token.NewFileSet() diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go index 8c623871932f7d..2fa55073f5c19c 100644 --- a/src/os/exec/exec_test.go diff --git a/patches/0006-Add-CNG-crypto-backend.patch b/patches/0006-Add-CNG-crypto-backend.patch index 256c9bef28d..e6bc7dab684 100644 --- a/patches/0006-Add-CNG-crypto-backend.patch +++ b/patches/0006-Add-CNG-crypto-backend.patch @@ -7,8 +7,7 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/bbig/big_cng.go | 12 + src/crypto/internal/backend/cng_windows.go | 329 ++++++++++++++++++++ src/crypto/internal/backend/fips140/cng.go | 33 ++ - src/go/build/deps_test.go | 5 + - 4 files changed, 379 insertions(+) + 3 files changed, 374 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go create mode 100644 src/crypto/internal/backend/fips140/cng.go @@ -405,26 +404,3 @@ index 00000000000000..f769d15f94ab05 + } + return enabled != 0 +} -diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 3de94c93629e3d..8effe9041f3f5f 100644 ---- a/src/go/build/deps_test.go -+++ b/src/go/build/deps_test.go -@@ -517,6 +517,10 @@ var depsRules = ` - < crypto/sha3 - < crypto/internal/fips140hash - < crypto/cipher -+ < github.com/microsoft/go-crypto-winnative/internal/subtle -+ < github.com/microsoft/go-crypto-winnative/internal/sysdll -+ < github.com/microsoft/go-crypto-winnative/internal/bcrypt -+ < github.com/microsoft/go-crypto-winnative/cng - < github.com/golang-fips/openssl/v2/internal/subtle - < github.com/golang-fips/openssl/v2 - < crypto/internal/boring -@@ -542,6 +546,7 @@ var depsRules = ` - # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. - - CRYPTO, FMT, math/big -+ < github.com/microsoft/go-crypto-winnative/cng/bbig - < github.com/golang-fips/openssl/v2/bbig - < crypto/internal/boring/bbig - < crypto/internal/backend/bbig From b69be4d33c75d91a62ead010788c332eb7705774 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 15 Jan 2025 14:14:59 +0000 Subject: [PATCH 191/887] initial implementation of macOS crypto backend (#1453) * initial implementation of macOS crypto backend * fixup patches * Also unassign GOROOT in run-builder * fix patches * try to fix test * rebase * skip internal linking * add arm64 testing * skip arm64 macOS (for now) * move supports functions * fixup --------- Co-authored-by: Davis Goodin --- eng/_util/buildutil/buildutil.go | 17 + eng/_util/cmd/build/build.go | 11 +- eng/_util/cmd/run-builder/run-builder.go | 4 + .../stages/go-builder-matrix-stages.yml | 7 + eng/pipeline/stages/pool-2.yml | 8 +- ...001-Add-crypto-backend-GOEXPERIMENTs.patch | 97 +- patches/0002-Vendor-crypto-backends.patch | 3499 ++++++++++++++++- .../0003-Add-crypto-backend-foundation.patch | 48 +- .../0004-Add-BoringSSL-crypto-backend.patch | 30 +- patches/0005-Add-OpenSSL-crypto-backend.patch | 34 +- patches/0006-Add-CNG-crypto-backend.patch | 33 +- patches/0007-Add-Darwin-crypto-backend.patch | 547 +++ ...s.patch => 0008-Use-crypto-backends.patch} | 236 +- ....patch => 0009-Add-backend-code-gen.patch} | 123 +- ...patch => 0010-Update-default-go.env.patch} | 0 ... 0011-Skip-failing-tests-on-Windows.patch} | 0 ...OFIPS-when-running-the-Go-toolchain.patch} | 0 ...pport-for-logging-used-Windows-APIs.patch} | 0 ... 0014-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 ...21-when-TLS-fipsonly-mode-is-enable.patch} | 0 21 files changed, 4539 insertions(+), 155 deletions(-) create mode 100644 patches/0007-Add-Darwin-crypto-backend.patch rename patches/{0007-Use-crypto-backends.patch => 0008-Use-crypto-backends.patch} (91%) rename patches/{0008-Add-backend-code-gen.patch => 0009-Add-backend-code-gen.patch} (82%) rename patches/{0009-Update-default-go.env.patch => 0010-Update-default-go.env.patch} (100%) rename patches/{0010-Skip-failing-tests-on-Windows.patch => 0011-Skip-failing-tests-on-Windows.patch} (100%) rename patches/{0011-unset-GOFIPS-when-running-the-Go-toolchain.patch => 0012-unset-GOFIPS-when-running-the-Go-toolchain.patch} (100%) rename patches/{0012-add-support-for-logging-used-Windows-APIs.patch => 0013-add-support-for-logging-used-Windows-APIs.patch} (100%) rename patches/{0013-remove-long-path-support-hack.patch => 0014-remove-long-path-support-hack.patch} (100%) rename patches/{0014-Omit-internal-go.mod-files-used-for-codegen.patch => 0015-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) rename patches/{0015-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch => 0016-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch} (100%) diff --git a/eng/_util/buildutil/buildutil.go b/eng/_util/buildutil/buildutil.go index 4de7511bf5c..6177f2f601d 100644 --- a/eng/_util/buildutil/buildutil.go +++ b/eng/_util/buildutil/buildutil.go @@ -91,6 +91,7 @@ func AppendExperimentEnv(experiment string) { if strings.Contains(experiment, "opensslcrypto") || strings.Contains(experiment, "cngcrypto") || strings.Contains(experiment, "boringcrypto") || + strings.Contains(experiment, "darwincrypto") || strings.Contains(experiment, "systemcrypto") { experiment += ",allowcryptofallback" @@ -103,3 +104,19 @@ func AppendExperimentEnv(experiment string) { panic(err) } } + +// UnassignGOROOT unsets the GOROOT env var if it is set. +// +// Setting GOROOT explicitly in the environment has not been necessary since Go +// 1.9 (https://go.dev/doc/go1.9#goroot), but a dev or build machine may still +// have it set. It interferes with attempts to run the built Go (such as when +// building the race runtime), so remove the explicit GOROOT if set. +func UnassignGOROOT() error { + if explicitRoot, ok := os.LookupEnv("GOROOT"); ok { + fmt.Printf("---- Removing explicit GOROOT from environment: %v\n", explicitRoot) + if err := os.Unsetenv("GOROOT"); err != nil { + return err + } + } + return nil +} diff --git a/eng/_util/cmd/build/build.go b/eng/_util/cmd/build/build.go index e87ab876093..e0d0ec0e626 100644 --- a/eng/_util/cmd/build/build.go +++ b/eng/_util/cmd/build/build.go @@ -138,15 +138,8 @@ func build(o *options) error { } fmt.Printf("---- Target platform: %v_%v\n", targetOS, targetArch) - // Setting GOROOT explicitly in the environment has not been necessary since Go 1.9 - // (https://go.dev/doc/go1.9#goroot), but a dev or build machine may still have it set. It - // interferes with attempts to run the built Go (such as when building the race runtime), so - // remove the explicit GOROOT if set. - if explicitRoot, ok := os.LookupEnv("GOROOT"); ok { - fmt.Printf("---- Removing explicit GOROOT from environment: %v\n", explicitRoot) - if err := os.Unsetenv("GOROOT"); err != nil { - return err - } + if err := buildutil.UnassignGOROOT(); err != nil { + return err } // The upstream build scripts in {repo-root}/src require your working directory to be src, or diff --git a/eng/_util/cmd/run-builder/run-builder.go b/eng/_util/cmd/run-builder/run-builder.go index a256693ae5d..6e5c542bc0d 100644 --- a/eng/_util/cmd/run-builder/run-builder.go +++ b/eng/_util/cmd/run-builder/run-builder.go @@ -105,6 +105,10 @@ func main() { env("GO_TEST_TIMEOUT_SCALE", strconv.Itoa(timeoutScale)) } + if err := buildutil.UnassignGOROOT(); err != nil { + log.Fatal(err) + } + buildCmdline := []string{"pwsh", "eng/run.ps1", "build"} // run.ps1 compiles Go code, so we can't use the experiment yet. We must pass the experiment diff --git a/eng/pipeline/stages/go-builder-matrix-stages.yml b/eng/pipeline/stages/go-builder-matrix-stages.yml index 3d0827fa482..b53f3920bd1 100644 --- a/eng/pipeline/stages/go-builder-matrix-stages.yml +++ b/eng/pipeline/stages/go-builder-matrix-stages.yml @@ -81,6 +81,13 @@ stages: - { os: linux, arch: arm64, config: buildandpack } - ${{ if parameters.innerloop }}: - { os: darwin, arch: amd64, config: devscript } + - { os: darwin, arch: amd64, config: test } + - { experiment: darwincrypto, os: darwin, arch: amd64, config: test } + - { experiment: darwincrypto, os: darwin, arch: amd64, config: test, fips: true } + # - { os: darwin, arch: arm64, config: devscript } + # - { os: darwin, arch: arm64, config: test } + # - { experiment: darwincrypto, os: darwin, arch: arm64, config: test } + # - { experiment: darwincrypto, os: darwin, arch: arm64, config: test, fips: true } - { os: linux, arch: amd64, config: devscript } - { os: linux, arch: amd64, config: test } - { os: linux, arch: amd64, config: test, distro: ubuntu } diff --git a/eng/pipeline/stages/pool-2.yml b/eng/pipeline/stages/pool-2.yml index 1509f1194d5..5e9bbf76427 100644 --- a/eng/pipeline/stages/pool-2.yml +++ b/eng/pipeline/stages/pool-2.yml @@ -53,5 +53,9 @@ stages: ${{ elseif eq(parameters.os, 'darwin') }}: # https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/hosted?view=azure-devops&tabs=yaml#software - vmImage: 'macos-14' - os: macOs + ${{ if eq(parameters.hostArch, 'amd64') }}: + vmImage: 'macos-14' + os: macOS + ${{ else }}: + vmImage: 'macos-latest-internal' + os: macOS diff --git a/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch b/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch index 8d07cee4e4e..c73646e0e06 100644 --- a/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch +++ b/patches/0001-Add-crypto-backend-GOEXPERIMENTs.patch @@ -11,22 +11,24 @@ information about the behavior. Includes new tests in "build_test.go" and "buildbackend_test.go" to help maintain this feature. For more information, see the test files. --- - src/cmd/go/internal/modindex/build.go | 54 ++++++++++++++ - src/cmd/go/internal/modindex/build_test.go | 73 +++++++++++++++++++ - src/go/build/build.go | 54 ++++++++++++++ - src/go/build/buildbackend_test.go | 66 +++++++++++++++++ + src/cmd/go/internal/modindex/build.go | 57 +++++++++++++ + src/cmd/go/internal/modindex/build_test.go | 73 ++++++++++++++++ + src/go/build/build.go | 57 +++++++++++++ + src/go/build/buildbackend_test.go | 84 +++++++++++++++++++ .../testdata/backendtags_openssl/main.go | 3 + .../testdata/backendtags_openssl/openssl.go | 3 + .../build/testdata/backendtags_system/main.go | 3 + .../backendtags_system/systemcrypto.go | 3 + .../goexperiment/exp_cngcrypto_off.go | 8 ++ src/internal/goexperiment/exp_cngcrypto_on.go | 8 ++ + .../goexperiment/exp_darwincrypto_off.go | 8 ++ + .../goexperiment/exp_darwincrypto_on.go | 8 ++ .../goexperiment/exp_opensslcrypto_off.go | 8 ++ .../goexperiment/exp_opensslcrypto_on.go | 8 ++ .../goexperiment/exp_systemcrypto_off.go | 8 ++ .../goexperiment/exp_systemcrypto_on.go | 8 ++ - src/internal/goexperiment/flags.go | 17 +++++ - 15 files changed, 324 insertions(+) + src/internal/goexperiment/flags.go | 18 ++++ + 17 files changed, 365 insertions(+) create mode 100644 src/cmd/go/internal/modindex/build_test.go create mode 100644 src/go/build/buildbackend_test.go create mode 100644 src/go/build/testdata/backendtags_openssl/main.go @@ -35,22 +37,25 @@ maintain this feature. For more information, see the test files. create mode 100644 src/go/build/testdata/backendtags_system/systemcrypto.go create mode 100644 src/internal/goexperiment/exp_cngcrypto_off.go create mode 100644 src/internal/goexperiment/exp_cngcrypto_on.go + create mode 100644 src/internal/goexperiment/exp_darwincrypto_off.go + create mode 100644 src/internal/goexperiment/exp_darwincrypto_on.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go create mode 100644 src/internal/goexperiment/exp_opensslcrypto_on.go create mode 100644 src/internal/goexperiment/exp_systemcrypto_off.go create mode 100644 src/internal/goexperiment/exp_systemcrypto_on.go diff --git a/src/cmd/go/internal/modindex/build.go b/src/cmd/go/internal/modindex/build.go -index b4dacb0f523a8d..615ae461eb8cdc 100644 +index b4dacb0f523a8d..4315c288d10cb3 100644 --- a/src/cmd/go/internal/modindex/build.go +++ b/src/cmd/go/internal/modindex/build.go -@@ -886,13 +886,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { +@@ -886,13 +886,70 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { name = "goexperiment.boringcrypto" // boringcrypto is an old name for goexperiment.boringcrypto } + const system = "goexperiment.systemcrypto" + const openssl = "goexperiment.opensslcrypto" + const cng = "goexperiment.cngcrypto" ++ const darwin = "goexperiment.darwincrypto" + const boring = "goexperiment.boringcrypto" + // Implement the SystemCrypto GOEXPERIMENT logic. This is done here rather + // than during GOEXPERIMENT parsing so "-tags goexperiment.systemcrypto" @@ -71,11 +76,12 @@ index b4dacb0f523a8d..615ae461eb8cdc 100644 + satisfiedByAnyBackend := name == system + satisfiedBySystemCrypto := + (ctxt.GOOS == "linux" && name == openssl) || -+ (ctxt.GOOS == "windows" && name == cng) ++ (ctxt.GOOS == "windows" && name == cng) || ++ (ctxt.GOOS == "darwin" && name == darwin) + satisfiedBy := func(tag string) bool { + if satisfiedByAnyBackend { + switch tag { -+ case openssl, cng, boring: ++ case openssl, cng, darwin, boring: + return true + } + } @@ -89,6 +95,7 @@ index b4dacb0f523a8d..615ae461eb8cdc 100644 + if satisfiedByAnyBackend { + allTags[openssl] = true + allTags[cng] = true ++ allTags[darwin] = true + allTags[boring] = true + } + if satisfiedBySystemCrypto { @@ -192,16 +199,17 @@ index 00000000000000..1756c5d027fee0 + } +} diff --git a/src/go/build/build.go b/src/go/build/build.go -index 9ffffda08a99b1..570937cba3cb85 100644 +index 9ffffda08a99b1..78fd536fa6a6d1 100644 --- a/src/go/build/build.go +++ b/src/go/build/build.go -@@ -1984,13 +1984,67 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { +@@ -1984,13 +1984,70 @@ func (ctxt *Context) matchTag(name string, allTags map[string]bool) bool { name = "goexperiment.boringcrypto" // boringcrypto is an old name for goexperiment.boringcrypto } + const system = "goexperiment.systemcrypto" + const openssl = "goexperiment.opensslcrypto" + const cng = "goexperiment.cngcrypto" ++ const darwin = "goexperiment.darwincrypto" + const boring = "goexperiment.boringcrypto" + // Implement the SystemCrypto GOEXPERIMENT logic. This is done here rather + // than during GOEXPERIMENT parsing so "-tags goexperiment.systemcrypto" @@ -222,11 +230,12 @@ index 9ffffda08a99b1..570937cba3cb85 100644 + satisfiedByAnyBackend := name == system + satisfiedBySystemCrypto := + (ctxt.GOOS == "linux" && name == openssl) || -+ (ctxt.GOOS == "windows" && name == cng) ++ (ctxt.GOOS == "windows" && name == cng) || ++ (ctxt.GOOS == "darwin" && name == darwin) + satisfiedBy := func(tag string) bool { + if satisfiedByAnyBackend { + switch tag { -+ case openssl, cng, boring: ++ case openssl, cng, darwin, boring: + return true + } + } @@ -240,6 +249,7 @@ index 9ffffda08a99b1..570937cba3cb85 100644 + if satisfiedByAnyBackend { + allTags[openssl] = true + allTags[cng] = true ++ allTags[darwin] = true + allTags[boring] = true + } + if satisfiedBySystemCrypto { @@ -265,10 +275,10 @@ index 9ffffda08a99b1..570937cba3cb85 100644 } diff --git a/src/go/build/buildbackend_test.go b/src/go/build/buildbackend_test.go new file mode 100644 -index 00000000000000..a22abbb42e37c0 +index 00000000000000..aa3c5f1007ed79 --- /dev/null +++ b/src/go/build/buildbackend_test.go -@@ -0,0 +1,66 @@ +@@ -0,0 +1,84 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -326,7 +336,7 @@ index 00000000000000..a22abbb42e37c0 + if err != nil { + t.Fatal(err) + } -+ want = []string{"goexperiment.boringcrypto", "goexperiment.cngcrypto", "goexperiment.opensslcrypto", "goexperiment.systemcrypto"} ++ want = []string{"goexperiment.boringcrypto", "goexperiment.cngcrypto", "goexperiment.darwincrypto", "goexperiment.opensslcrypto", "goexperiment.systemcrypto"} + if !reflect.DeepEqual(p.AllTags, want) { + t.Errorf("AllTags = %v, want %v", p.AllTags, want) + } @@ -334,6 +344,24 @@ index 00000000000000..a22abbb42e37c0 + if !reflect.DeepEqual(p.GoFiles, wantFiles) { + t.Errorf("GoFiles = %v, want %v", p.GoFiles, wantFiles) + } ++ ++ ctxt.GOARCH = "amd64" ++ ctxt.GOOS = "darwin" ++ ctxt.BuildTags = []string{"goexperiment.darwincrypto"} ++ p, err = ctxt.ImportDir("testdata/backendtags_openssl", 0) ++ if err != nil { ++ t.Fatal(err) ++ } ++ // Given the current GOOS (darwin), systemcrypto would not affect the ++ // decision, so we don't want it to be included in AllTags. ++ want = []string{"goexperiment.opensslcrypto"} ++ if !reflect.DeepEqual(p.AllTags, want) { ++ t.Errorf("AllTags = %v, want %v", p.AllTags, want) ++ } ++ wantFiles = []string{"main.go"} ++ if !reflect.DeepEqual(p.GoFiles, wantFiles) { ++ t.Errorf("GoFiles = %v, want %v", p.GoFiles, wantFiles) ++ } +} diff --git a/src/go/build/testdata/backendtags_openssl/main.go b/src/go/build/testdata/backendtags_openssl/main.go new file mode 100644 @@ -399,6 +427,34 @@ index 00000000000000..5b0a55d6c5772e + +const CNGCrypto = true +const CNGCryptoInt = 1 +diff --git a/src/internal/goexperiment/exp_darwincrypto_off.go b/src/internal/goexperiment/exp_darwincrypto_off.go +new file mode 100644 +index 00000000000000..331111ce4759f7 +--- /dev/null ++++ b/src/internal/goexperiment/exp_darwincrypto_off.go +@@ -0,0 +1,8 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build !goexperiment.darwincrypto ++ ++package goexperiment ++ ++const DarwinCrypto = false ++const DarwinCryptoInt = 0 +diff --git a/src/internal/goexperiment/exp_darwincrypto_on.go b/src/internal/goexperiment/exp_darwincrypto_on.go +new file mode 100644 +index 00000000000000..4bf785b999ecce +--- /dev/null ++++ b/src/internal/goexperiment/exp_darwincrypto_on.go +@@ -0,0 +1,8 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build goexperiment.darwincrypto ++ ++package goexperiment ++ ++const DarwinCrypto = true ++const DarwinCryptoInt = 1 diff --git a/src/internal/goexperiment/exp_opensslcrypto_off.go b/src/internal/goexperiment/exp_opensslcrypto_off.go new file mode 100644 index 00000000000000..b28c0976a94cb0 @@ -456,17 +512,18 @@ index 00000000000000..fcd4cb9da0d162 +const SystemCrypto = true +const SystemCryptoInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index 31b3d0315b64f8..8c140f0dbed134 100644 +index 31b3d0315b64f8..e6c9b7d5e62dc0 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go -@@ -59,6 +59,23 @@ type Flags struct { +@@ -59,6 +59,24 @@ type Flags struct { PreemptibleLoops bool StaticLockRanking bool BoringCrypto bool + OpenSSLCrypto bool + CNGCrypto bool ++ DarwinCrypto bool + -+ // SystemCrypto enables the OpenSSL or CNG crypto experiment depending on ++ // SystemCrypto enables the OpenSSL, CNG or Darwin crypto experiment depending on + // which one is appropriate on the target GOOS. + // + // If SystemCrypto is enabled but no crypto experiment is appropriate on the diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 3f1bf3427f2..548d456466d 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -7,10 +7,10 @@ To reproduce changes in 'src/vendor', run 'go mod vendor' in 'src'. Use a 'go' that was recently built by the current branch to ensure stable results. --- src/crypto/internal/backend/deps_ignore.go | 19 + - src/go.mod | 5 + - src/go.sum | 4 + - src/go/build/deps_test.go | 14 +- - src/go/build/vendor_test.go | 2 + + src/go.mod | 6 + + src/go.sum | 6 + + src/go/build/deps_test.go | 17 +- + src/go/build/vendor_test.go | 3 + .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + .../github.com/golang-fips/openssl/v2/LICENSE | 20 + @@ -49,6 +49,32 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../openssl/v2/thread_setup_windows.c | 64 ++ .../golang-fips/openssl/v2/tls1prf.go | 160 ++++ .../github.com/golang-fips/openssl/v2/zaes.go | 86 +++ + .../microsoft/go-crypto-darwin/LICENSE | 21 + + .../microsoft/go-crypto-darwin/bbig/big.go | 31 + + .../internal/cryptokit/CryptoKit.o | Bin 0 -> 100952 bytes + .../internal/cryptokit/cryptokit.go | 34 + + .../internal/cryptokit/cryptokit.h | 43 ++ + .../internal/cryptokit/ed25519.go | 72 ++ + .../internal/cryptokit/gcm.go | 36 + + .../internal/cryptokit/hkdf.go | 77 ++ + .../microsoft/go-crypto-darwin/xcrypto/aes.go | 306 ++++++++ + .../microsoft/go-crypto-darwin/xcrypto/big.go | 16 + + .../go-crypto-darwin/xcrypto/cgo_go124.go | 21 + + .../go-crypto-darwin/xcrypto/cipher.go | 122 +++ + .../microsoft/go-crypto-darwin/xcrypto/des.go | 117 +++ + .../microsoft/go-crypto-darwin/xcrypto/ec.go | 32 + + .../go-crypto-darwin/xcrypto/ecdh.go | 135 ++++ + .../go-crypto-darwin/xcrypto/ecdsa.go | 181 +++++ + .../go-crypto-darwin/xcrypto/ed25519.go | 100 +++ + .../microsoft/go-crypto-darwin/xcrypto/evp.go | 338 +++++++++ + .../go-crypto-darwin/xcrypto/hash.go | 391 ++++++++++ + .../go-crypto-darwin/xcrypto/hkdf.go | 66 ++ + .../go-crypto-darwin/xcrypto/hmac.go | 113 +++ + .../go-crypto-darwin/xcrypto/pbkdf2.go | 65 ++ + .../go-crypto-darwin/xcrypto/rand.go | 26 + + .../microsoft/go-crypto-darwin/xcrypto/rc4.go | 83 ++ + .../microsoft/go-crypto-darwin/xcrypto/rsa.go | 194 +++++ + .../go-crypto-darwin/xcrypto/xcrypto.go | 59 ++ .../microsoft/go-crypto-winnative/LICENSE | 21 + .../microsoft/go-crypto-winnative/cng/aes.go | 393 ++++++++++ .../go-crypto-winnative/cng/bbig/big.go | 31 + @@ -74,8 +100,8 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/bcrypt/zsyscall_windows.go | 412 ++++++++++ .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ - src/vendor/modules.txt | 11 + - 69 files changed, 11016 insertions(+), 3 deletions(-) + src/vendor/modules.txt | 16 + + 95 files changed, 13707 insertions(+), 3 deletions(-) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -115,6 +141,32 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/thread_setup_windows.c create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/tls1prf.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/zaes.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go + create mode 100644 src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/cng/bbig/big.go @@ -167,32 +219,35 @@ index 00000000000000..ba6d196a54f69d +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..4ca039fa96ba3c 100644 +index 7a1318dcac32ba..45152e6f54937b 100644 --- a/src/go.mod +++ b/src/go.mod -@@ -11,3 +11,8 @@ require ( +@@ -11,3 +11,9 @@ require ( golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect ) + +require ( + github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 ++ github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146 + github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 +) diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..abebb59dcd7739 100644 +index 9e661352f16e0b..5683f4da5e4f04 100644 --- a/src/go.sum +++ b/src/go.sum -@@ -1,3 +1,7 @@ +@@ -1,3 +1,9 @@ +github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= +github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146 h1:xg58D1m8jeq0lkMf7TmcLZXCAK/PRlT0aG02PYlA6C0= ++github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= +github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= +github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e3e01077c18b17..5551a24f8a844e 100644 +index e3e01077c18b17..e017efb1562379 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -503,7 +503,7 @@ var depsRules = ` @@ -204,12 +259,14 @@ index e3e01077c18b17..5551a24f8a844e 100644 crypto/internal/boring/sig, crypto/internal/boring/syso, crypto/internal/boring/bcache -@@ -513,6 +513,12 @@ var depsRules = ` +@@ -513,6 +513,14 @@ var depsRules = ` < crypto/sha3 < crypto/internal/fips140hash < crypto/cipher + < github.com/golang-fips/openssl/v2/internal/subtle + < github.com/golang-fips/openssl/v2 ++ < github.com/microsoft/go-crypto-darwin/internal/cryptokit ++ < github.com/microsoft/go-crypto-darwin/xcrypto + < github.com/microsoft/go-crypto-winnative/internal/subtle + < github.com/microsoft/go-crypto-winnative/internal/sysdll + < github.com/microsoft/go-crypto-winnative/internal/bcrypt @@ -217,16 +274,17 @@ index e3e01077c18b17..5551a24f8a844e 100644 < crypto/internal/boring < crypto/boring < crypto/aes, -@@ -534,6 +540,8 @@ var depsRules = ` +@@ -534,6 +542,9 @@ var depsRules = ` # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. CRYPTO, FMT, math/big + < github.com/golang-fips/openssl/v2/bbig ++ < github.com/microsoft/go-crypto-darwin/bbig + < github.com/microsoft/go-crypto-winnative/cng/bbig < crypto/internal/boring/bbig < crypto/rand < crypto/ed25519 # depends on crypto/rand.Reader -@@ -837,7 +845,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -837,7 +848,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -235,25 +293,26 @@ index e3e01077c18b17..5551a24f8a844e 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -847,7 +855,7 @@ func findImports(pkg string) ([]string, error) { +@@ -847,7 +858,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} - if pkg == "crypto/internal/boring" { -+ if pkg == "crypto/internal/boring" || pkg == "github.com/golang-fips/openssl/v2" { ++ if pkg == "crypto/internal/boring" || pkg == "github.com/golang-fips/openssl/v2" || strings.HasPrefix(pkg, "github.com/microsoft/go-crypto-darwin") { haveImport["C"] = true // kludge: prevent C from appearing in crypto/internal/boring imports } fset := token.NewFileSet() diff --git a/src/go/build/vendor_test.go b/src/go/build/vendor_test.go -index 7f6237ffd59c11..1d0b9b20e9b1d4 100644 +index 7f6237ffd59c11..6092c93d4c5b26 100644 --- a/src/go/build/vendor_test.go +++ b/src/go/build/vendor_test.go -@@ -22,6 +22,8 @@ var allowedPackagePrefixes = []string{ +@@ -22,6 +22,9 @@ var allowedPackagePrefixes = []string{ "github.com/google/pprof", "github.com/ianlancetaylor/demangle", "rsc.io/markdown", + "github.com/golang-fips/openssl", + "github.com/microsoft/go-crypto-winnative", ++ "github.com/microsoft/go-crypto-darwin", } // Verify that the vendor directories contain only packages matching the list above. @@ -7265,6 +7324,3401 @@ index 00000000000000..e60a5dde390be6 + } + return block +} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE +new file mode 100644 +index 00000000000000..9e841e7a26e4eb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/LICENSE +@@ -0,0 +1,21 @@ ++ MIT License ++ ++ Copyright (c) Microsoft Corporation. ++ ++ Permission is hereby granted, free of charge, to any person obtaining a copy ++ of this software and associated documentation files (the "Software"), to deal ++ in the Software without restriction, including without limitation the rights ++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++ copies of the Software, and to permit persons to whom the Software is ++ furnished to do so, subject to the following conditions: ++ ++ The above copyright notice and this permission notice shall be included in all ++ copies or substantial portions of the Software. ++ ++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++ SOFTWARE +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go +new file mode 100644 +index 00000000000000..73891afeab93d7 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/bbig/big.go +@@ -0,0 +1,31 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package bbig ++ ++import ( ++ "math/big" ++ ++ "github.com/microsoft/go-crypto-darwin/xcrypto" ++) ++ ++func Enc(b *big.Int) xcrypto.BigInt { ++ if b == nil { ++ return nil ++ } ++ x := b.Bytes() ++ if len(x) == 0 { ++ return xcrypto.BigInt{} ++ } ++ return x ++} ++ ++func Dec(b xcrypto.BigInt) *big.Int { ++ if b == nil { ++ return nil ++ } ++ if len(b) == 0 { ++ return new(big.Int) ++ } ++ return new(big.Int).SetBytes(b) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o +new file mode 100644 +index 0000000000000000000000000000000000000000..cedd5b03bd3078586649300d1baa94c8b12549f1 +GIT binary patch +literal 100952 +zcmeFa3t&{$wLX3(6CglLq6CeKVN_J8jwHNHl++oMz(gk!Nr3dqWD=5rq=Y2qp+rSv +z1Da`|jf%b0>TPIkn{d6ow4z4E8pKDev<0zBtJa{XV5nk?7!=I!`_A5b=FCYZiH|<+ +z|IdMwZ`NLW?Z?_{uf6s@^Z4!OkN-x~vw_xM1 +zVZX1PfxBZQ{@8HiIvsZ@nPINUDT2{U8C;6yVFK?lOvL5&*7{b~ir0e9%goOU((2XD +z3&bmy7m1g)%QfvMY*?h$AUNW$*IQmz>#Hs*PoAYGc)g+Jsd9Ll!K>?HQJ$bQEk?bN +z==B!Y)K-^OEDO+~<#o$;c_n|3sl14O<<;C!wzPJpx3<2@SM6JBZl7ba5LhAQQl<+1 +zC%OB#jaksX%8Htx0?p<9QkJLM@pD<8EWRIjy}nZK((0lWKEX1Vw^^2#6eaj=D34~) +ziuUd3SK2`B%W&p7gBiP%#A}C4+H;90Ps`ObSw%22UU|KhOTJy~En88v%vV;iw9@Mh +zEzg!LvMbpH*rDosNI{bDdP|CGi-H_;d6Q*%tul)Z<*~mGv@bp=7I?++SW#6}T +zDqs`g%BigO&8e)bfHKP}D`YtX)rWk!zUu4CihVW66~4Uc`l{N>tI7g~9j4xlvYO@2 +z>Lq2h)w1F+`9j*J>b2p8sh?T%WSuOBrfK54D~pTDoprUPzKYtiV%1sXV}4uz{JFm3 +zy6UppdY#X4!DgK)GI{Zpb(F-v5uSna&PC3J&IQiAT-R*} +z_kfe_-;wQq-sR8kaQPQ>y8M67@_(M(C+hWQZg4d_dR_j^7NA2mrZd*n*nP+~yfAzVZLI30OKkb4n#&I(QUH*F# +zkRvmBpDf~MDIl}g?2BFV8@Nta^D2zEC&ATRH`!$orDXZpT%>e>+ZjxKF3bN%q{O)_ +zpQ+wrRK$=q-!C-!Cd4+on(q;#klEUo6UTm|BW$%zZ|jqjb*O8C3czS^`#(@^Td8x{ +ztt$PMXb{XZ%GG?5&d|II8vI($ESn&tnKyIJpKu24tgGjZsy +zyZK4Bsm=+#pvjrk4=gQnXQ1E(Xyqqpep{A*k1k0it-b?(L8QYBGh6y{qFn3J*b+U< +zZyb2_IKw-a|9MfJe|zlY5jRZIwAhm!ajxexyTH_39sG-{n^n5kt>}8n21-b*8_|uH +zx%l*nSA%QxbFQZn1)=BFvq|+CYnM%TH;-Uu*SaT#em{T(=pwOk?51G)(^FzkPPe%p +z7v*Yue`CX|#~79B>f0&W(!2^r^ErBok%P`xwYi!f7SlkV0(#<;G+(6W1EkcGg(4}( +zki@Y>E)JwBy9w%T5QP6t9o_!-bbNyD7xls9>N;hPJ+5`WJ=Z!HJ3Y<i{`h%cU+h@^bFI@o#^a}=h0YF#-p(gepzz12PCY-eP1FuT +zq8Im>V2#DS^y1iwtC0gfxh2#eHy)hq^8d{>X+t68J-338s|AKmC-@SD|(PUmAxcRtC#dOoL~(W%?Mp3Ava +z&!L;C+rOa0slRfqc`0`Fqu|i9iGDo-+lKeah<(KOLhK`%zr~BX7x8D+j@U;$zr%|a +zzmI(+dlwR30^!+>KMP*QpUgkHw(X6=TC>@;?Y+3HZEq)JZF|d>wXJ(HnAv~G+O{_( +zYuh_Xu5E8m&f4}K81E*ywsj-pz9{f_La_6@*{}52Gm~G+Onxo7586Nv^}n5&$uDFk +z|26rw%w#y+BgvrmCBK9vt;0R~GxzA8?9uPK#%6*zZ-`fxI-=*-!T*4!~zuaKWcO?efE!NLLb^0R8OWmE}K@<%j1Ii?N@}nRKCC +zI96@Ide#av+#vMXoZxDPrxf1EweF-p314)Z%hE+(vF(gw +zI-5LQO{-qOnvGY#&1lMgF{5e0j*KRle3S3@8BHtx(6nG@Q{AqNrp%X`vUfY0>Rxs< +zt@@*D-Gs@m#_d?*uwaU4f>Y_h5h%x9{I+Y`XEyhgw`13y!sd4frS@G8tqK9G{Can# +z4Ryw@{x1l^jS3f-K?IA%x=fj8Th82i!kq)J1TZ8ng&9&ICYOJ*1ZRjTK1YF +zS+N;d0!#s0U_kY7;?FR9SIG3Ew_Vzj1Rwee?u((ITXDxubo7g7>BZds7u|3QS^nQ+ +z^6$*@f1HIy%Mdo`@#%oUtgkH?e$tVPNH%QviRhOrZ%~G-t&|a~^gt1_Z$m&Jvq8qn +z2o(Bf&GNsOZFvW4v2W*5e0GAL+r`Rh8}{{LBtim)7t0?h$4GG>Z-X%5N} +z(Z1qpmd(UGZbsmTS?O+Ofc+uL-|TK))!_Djiiy?Lmy23IOg{2BS5deBXkTs$qOZw% +z%|Bx_gb<#=B!B@AY^TGuZk^6(ewgDyBSM&fXhOzj+5ThqLqCOE~!oSwR3NyPzaLEDYc#HNA6eeQOb{=Sj+Oqv02Q;T==eA|r +z``=7H0!REh^;#T%r_1u&zPB)l@TqX0AN8E$@^8ay8$HbT^*kT-#JHNP5?mKnA=tY` +z3pdL@x!MSy(PwhxjZpvuUM +zedI__j=Q-A*1jA|MSzh#QA5O)cjr&^MKgZpT`!~2XRH5P} +z7v>^13bP|>PoHh6%P=lV*r|V_pG+{OVm$SknJY*0FM1f{QQ5Z#!-u6UIcgTH>8y?T +z)^=C3zB`nTPRi@ky)Mg}$uA|p +zAcd^gLO`r9daS29VyPWHJEG1ea&@4mys%WGxHm;R^*)K0+x7TH^v&Q~a4-VT3rl*g +z?-~Rzdt_!+p9_Au`Rd;0tej7_@kFpTF7}ZZ)?E|#$*!|^xvUWA;!#jA9(6U}kl<>b +z(|g1*Kca3FR+1e#KVQ=KGoQ)j4hI`@wS&(YaJ37riybm& +z=fFANg^Slm06s{L*DevUeG?nfXK1j+vw!WfyqbKZ?>(3Qw{T1FK7XV4c^a>6Q=X1( +z*r4b7o6-B+!6c3gqSfp!_#m+@$2zI%K{TY-hqER9oaT=Rg5W$i(|I;-x9I^rN^tw( +z^A5fa17NI*=^Maj-WZIm4i)`8ccY>zCs9j%( +z#`g$gcpS#yZf3mYX~GtwBisL8Sj+fTf6Hh^QnvpYH@iaP=!9{ILB#aM+Mw(LdkHz} +zpJn-15#;SGN(p`JXBqq0Ked!7wu0gpI&l>NbnsH1jM`9?Iwuw>YiC +zj&}ghJyEm6PEv7a#jWc7-kU>5p +z+#vVN(YsAwf%6Z9v|>u}Bvc-&iPIPvu^4OwB~ppHct7og?B55QKlv{Iix{>n|6%Mx +z12f|}>@s^@%~v`Gm;zb;cLzvy`Ma^%ue}k6#yerNtsk&4TGr=CV$8{Pc96qurF{R{QP#TzkLVF@fgYV{C2$TJ5b2ioHc%0k_TZGqb1B7 +z_}0vhz8o8lOS1G6AlP`Pt8vv%t@e!UHGjQjJQjWIGmfihK{x1EPz+ka=o(>!*xyM* +z6+8BItI(6D)jZ&Y&NO5-yc9++8xf^CgF0#N()gd>eww(W7v4Os!IC_K2f>3`|SKnS3TsGz&cI`M=I@E(L1h!G#plwrnV;elk4z|1aP|vBr +z?B?1@3E3Cc;)zQ`23UG#G10ObKX+vNKWCwJ=d6CMc3Hz`me@6SLszo6j49o*4JYf> +z@9D`kNK$=DMR?uDX)ILE-YTu4L&p9dV}JigFP(>{She;*7UqLZvtdmMh#M>EnV-de +zWQl$>pb%`rMU;;4lTo-Zx#q>_EON%_&5(!udSgFOe#|}P@9c4vqhG^=tu=HaTp%g- +z?RBupHMoC_n`fcM_-!cvR4V2pwx3v1W)Nf!On%d981`rCs +zAU{;o7CA%%pYMcv`VO2yYkIyDFZ&L};I)3d*@0ZaO)=KMPHqQMFhHBR#qfVh(q@>+ +zoJl-J_OxIVzo9k}X4d3dgPHHyiMcJGHlb%7*cJ6eG8w+zp;mG*y6ArcU2pcl!{5&Z +z9n-%-coDtTqUq`Z5o~qc!(!S0ZI-_?i(Bs%VmdqN)aiVLMDS(6rOOa$1De_*i`CtM +z@aoRkN1kcywwM;apf#!Z=!?eN=JjAGI{5sw@nEUjpWTF~r}|;jZk#na{l@~!22VQl +zXQ!C^VIGD0ph+1>7_HL>OB^7%+imF)b`v;JR>NdA$1XTPU4_{e9NQXCZZX`>#%KDR +zjmNAvxZxq-J->l9;>zOaR(enW3fK!CvS88b+l#*_sBUMlOK@S*(aW9Ic$l_!V52^f +zc$9-ai!dfQzRH$=NxL3qi9Pd&opbVVb4t70E>BuiPs9^norzUO;?sQW=~h;aXQ;4Z +zs8n~?3*xY&M+kYy)tuewoR25zqGUvOm_}l5e1Hu=V*SgHEWE{i3 +zp%!$M-jUtBG)kWzA2|D7hA3BSOh2AsV}(13t_qLYj7QsC+IoA=6ID~NdS(iGx;uBJ_9rg3!4o)u-o4ePsiSS&{ +z3AHw-;D9Jfy!P`92uwLj9xQQn7$zV0&`AS4VBq=^oUgYXa%tSqAz{c +z8s6~$U8q^xf18THPE105W%!G1m5hMRlMvldlMpL5{>#Ody?E8x_#7tT=hoOe{2bbK +zBjR!Hidl#gT+G7%5ht1AX|Ml&?x*zWh$4C3c@{)4m&C3MJ{r3)F(2g{A&|7eEgZ30 +zT@b$o7DnvE2b#rMn4t78IIl9!V%ciBBIO4I%70ixI`!V^LF+%Njvg=E#y?V<%3!6b +zZc~=N4yWDzUVY7bOTF2_r6HJTO=G5Oghk_AXtETO6U|{782^!oy%ou1C%Yb*swhVWP8} +zZ)U)J^Q5>c56&4mopd+zmZ}n`@?z0vlMUw7tZ(^oCdm_MT{D;$s!w73%^3KbyK#Sl +zJ0JeW2hnQWjkv#$+vso9GzgiA`iY!8-;&ehU&VJWM0BDbLDroKPlhwdr~07%KKL{Y +zt#o*Pt9~NrEZ82H*5a)Oq9cX_y?*DJINtgc=b3+Y6(2%~rQ}mYV`*-6@zf$;&Bgj# +z3?&ng;VWhiyouGew5Y7yS7N)NthUtVtFErBzSO2^nH7WcBO*~qeSOtjO@HOBlITpH +z?yMEBbC-o;y`FO}PL?UFBtlceP}abEkS#aP*DNdJEOF7JqFT`DNhpfN^mt8rHJAIW$Q8^tx6#mw{_S7{u3xHLQ#;J%-!Mc!&F#)p +z?eWR+xS~?Alhj#F#na_6U7x;~6v$>wj4SapvWj*G6#&QPBH`!dCq|N1> +z6DFUz{djsCa+&$x2;m0bb3c^557$1g{DSs2+;UGE!hX#98g99tD1C&n%P(8*65aYx +z_}5(Sv@fWKaCR6k`~79deYkoVZa(w;j~GIK=KR;2$MLGc{n69r@=bo!Ja2}YSO09j +zS+DrmkhrdhiF3vzIAd&$*6+bq%>5Xr@<}xF`8gQ<3giF6*^{|F@?$wc`%iDgD$?Jd +zhRbJe*HG>Ls{DXo4Abwi2E7>9dzJiE&@pP1TJ7{=K0$oJ7e^(2Y@${AaO*rQx*tMj10)B7cJ1luKW>U%ij#nVEhIYbh^bFR(>b>VxzLc)kPKhbn(4zFtIVwE;@BFA(Mj($x!_ +zcoC^+Gs<}smLDes!s@3GoWb-zl)P<-@f%8>J^w28H^9ez75Sm;kK;4g_zu;-ugXsv +zqJIr&-(d6W&=B%A$m0rYKQ^8Huj5ny5mAw0=kHMMbFlq`%4zOCL`y|enc)7&Uz?YHlE!gdEEn3>Ez~6&@mUax9 +zpK{v?d=!WeYT17ctU@~<0KR~HtAXc&UIqLe=mkI+&-kl=-Jnx}l$!ypM7~pjzec(h +z_+ym&Ix^#piS|uE(mw{GYxdhErULQbK1pJX#P?w#TOfxzHJnY@yMUDAdBFc5eLe8M +zP~JKq%Z09Wz8A>yu97$v7!5ieh{s#@&oM5f_ep#K_%PBpOZrDZJP5Wwgi8Mc91Eqh +zpGVQj9|7M7-UECc$n@UXo~&Y5*J9kQsOry9*z}u_y-{KKO*rSi8o8k0pi_Y_NyeF0)#2p +zFOccy0BO%%F`D)$a61r9v$q3j*BgPf>mLGHj}J)u{U(t1I~_>-JsU{-Jp)Ml9S5Xd +zV}MoY7r(fH_S=o8SCc^h2}t|>6%cwJ{|g|;?;arKT7Z?v=LfPqHNc0!F9K3;-7p%C +z&r3ks-?KpK^*2EB9|dx}?f}wmt7Q68Ano^CK+0b(af-x~fcS6kg%QvW-vW|;9!Pur +zrKIl$(k@p?x(dj4F9%km-BVB2w0FTzl&DGc0V}{S0PX|-TR^sVJ`iu)Nz0J@yMb?k +z|1yyJe@x;>K-O~*$a)G+5&YYLP|aC&z(1m#=YW35S+OzaxbcQ$_hxBud>1$$@6KjDb0l62WIM(I*}hRS{TTAI9UlVQfZag0<4-`g<0T;5@feWp +z_%V>}Xa=&r>ru`c;M3U1v%W_q-Ys#p#7ZFRcS(A-#AKO1TGGeyg)S`TZHcc+ydTJR +zTq^0)B}N0;{v!!Ou1Df)z@H+02ax@E7RdR~31m6H0J1+<0$JbXK$bHN$niKANIgsd +zQhq#;a>vkL%Dn)j9v+g|3gmc5Bxduy$EFa&j8uJ +zr+}>I9w6(vS>k9QT#MZTr2LzxhwXg{$Z^{aWP7&)S>D4ymUADF<&*;1-h3d(EnU*H +zfShN^z#7b}BD9nAVj$_;fpEq4A4vQ;uo3b=vWfz<1E;B!dd3S5bN4+EbEy-A?G +z97uf@0O^nC1F83`fYkeJ$v+E7eUFs*A@oN2RUrLqDi%SwQ2T{ImNyZ|bu$w9BFZ@m +zJ?;RGK2Nmkb1Wuo-y1;6y$qzj`H^x$Es@bi; +zt;qkuxg!5QAjji%AjjiXAoaZyNPWKmq`sdLXnz=psb~KQ5URA_3%n8ez7M4R+ySfy +zeLaxlQVHa^lma;}1p@7PK$hbKvYb@lD&)Hu$a2mH-VFK_AjfYkkmDB#__^e71X92E0;$)#fzF{8SriNV*~I_;IlyLr4x7)_#-Y5v<4)7IgsUC3gmcB +z2XdUfGW|b*9G_eu$L&^`ej|{2t^wW#{1tE?>T3t$Oe^gtzyy^0ED(OiZqYRD4;C#O +zb3%Iwh~-?{4Mg4ABS2)+HUVb>p9M|@{x2{M_$%O5z^8$kGW}b?r$FaQdKnOVg6twm +z!yWT%Z!s|$Lu?aRKwM|hVlsf_6Q_ai5?DaI1N?HyCr$?+F(k2oxEB2Nl24og{sw^s +z#M{AtM)Ha1Q*@WW0wS)M!}!DciL=1(6<9!ou3{$O5BbDPz_$r3Ai}O=+>%dB0Y67z +z0nrNn&5}<{1;0UH0WlK%2PL0)Dfk#OVgYdk_=vIf`iYl;zeivJaU}SMC7(DO{9b_t +z#8KeKqmgVs5n~vgAh3WK1^#TwCw>!rhrj|N;_a9c$tPY8eyP9$BK&5|TFECmz;6*) +zK!lCOYyq-B94uTh7!{uPlSy`#|bPTwqSg@zfA|9 +z2%C&f5m-RyeTPs{^?w_K#T`}t>hE`1N;_&1;p{-KPdUcYr)?vuz-m5E#_s(CoTqmkH7-rY2Y80e4+<@ +zey<|1fS3S&JSI8&Pb>gGL0|##bns_OKG6%lLtp{%4Dd@NpI8WfslWo_nc%OLd}0y! +zEdmRO@aZuRN4zm92j%kGD`|(MPl7TjUnS{8Nw-M)Qc34PiM%Q#-EGrJEf#}7`NFdW{a=#K +zIZx0pNV-bWqcK>_-y-Q5lHM$7ucUWM`YsNxMbi#R`YFk`oiEBCi*aFj4oRm=x6;}z +z8k2(Zt0jGnr0w!kv}(VU^axI-k=Ub18ejLN(_JR|kcm!!ljWuIJ4|$y +ziEcH~T_(EML{Em(HkO}nq8m(ftBLM3(fdtw+=Zd#rfoq$ElSiZwVS4mp6e}jp?*+lO#(Od+L6Mb^ +zxfa{gAn7(qH%a=iq+29?_PHYe21(~jx>eE-NV-kZuSt5dq%W8xa_YbA;R{@z6I0ln0UgBXMS#RmD+SjQ$AXud?1+^g#s>8nkA +z$}9feQeM&FJFyl|0W~cqw@!pYkd`i^aOc_A8qCslNu?yp+6=Pk9y3Iin8iJXeD2$O9$nRe7*jY +zMTYfK-XUovpJb9Z@+q(4*R4`s(c$Ece9EhM_n?$lw32t2>NoQB{>%2BhIL)<{}Ao( +zHt;F0;_1tzyrNb8=KdS`lvnZhGAXa3ta +zUxd +zmr8j>hm$w*Dc>UH+oZgr!^s=@l;14ncT0Iihm$w*DZf+7e=g+}9ZufJr~Dx)pFC6O +zPti)=Jim;5%B%CQ0x7R(C2!WhkxzLC;(lJ6q`ab)yhG;($Ir;8e1nvKOUf%+$(!46 +zg>D|wr#|3*ILbFlB=^{A9r +zbU1k$eSl +zn|u||Es?Z}e;$&winn4SMgBsR&Fd^l3kuJ+B(2u36iGM8^(#}-D*pVIq*Xk4gQQh_ +zwpP+AUizV=Rs7NhnmSY0TP8YoL@56<6TQqt`%U!kO!N^Gos4q@WBvIidX0&`&qTj# +zqQ5yRw7dsR^eIuH{45iFvx)xDL}!i;mH(BAe#=CU8xxxU8Wa6p6a7aMeb_`#92;7m +z$3!=o=!odh{CAn?H%#>BCVJvYq4G;i^!+9}HYPOx3=_S}M0;XG^WR~je{7;3HPL%b +z^idOiG90VXzAiJ-xh8tKiN4=NKWU=hFwq~H=p!cjtdm3AGs#3dO?179zSl%QX`(+i +z(Gl2}8v7q-qG#*0Lrs6}Y7@=(#apx>f0K!R(L{e>qQ~LkvQd7ziOx6C*XwkkIod5I +z`gej2Xi +zDqlU4%2!;Olv`FaGpnL@`m}}K+?@KFnF~OqES#HL=Da$$EVruOnT^-Aa|UQfGJa{a +z8b8fAKtrb2;Co+uwf);tQ&e6n+cF)EWgEUy6KcwqRb-Y-n>jN%HTjY%bgih?hrX$b +zFIj<~s>4rPx{{Kzq&`w1az)+JrM_x(&(LA7Gb?wQ=&@^V?y>=UJiSDGosBaycW!!i +za?+Y3<_}=bO-d?5oii)&bAvt*-v%+gsHg-lm-A(9(K5U&=gZ2vTD)B0!a#&H +z2Lo_T=*_{%nTx-)g&pRXjuie}Ux +z<*M*ShuELy4H<8c0l&c4fw`%9`>RCr4%Q~YHK{=J8YY|O4H-?{J0t~vxiWb=e)tvh +zAh))%8q+U*=92naU(Kv?-6J{Ea~I|=^TMkXFD)KQa+X&Y&AmQ%+4akY%6y4e)R0>? +zoV=Awm)7`dhm$wEs9()9@oSm2Wy|U+>uRoG-*Vtv`PEhnDr$)0y2*>ndBaxm!->qMU)-eKnI)0}E4fQhHtW^*-Gb +z&$}cSZW+H2IxjgXX!i?~D +zo7}I{Ur)KtxhuW3R}~wJ@28~sH{| +z$e|v69sWYPa?Y(U{t}H7Ryb5msR2K^FnLy4&BCJcvJ#HH-YYM=mAho6_d0K_v3JSS +zX!yz;=ili3_Eqz})k)srbrOozdKiHQ>02D3({&2S;Y^_7JFNOXE- +ziEp7<7lUN2UpW^(@RDp14VGjkDJK}z#k84{+rOsls?gp~M}ReNIwHV%Gb*cm72cV3 +z{5j<08AXO4vIgDHBRMlubA3hl62vPiS1$BAoynnHUy13Sm6R1S-TxzO%{3@V)-1wI +zbNwN;t?XZ&GjrzE3{SBZV}f2~Y;M09dfj|EL&LU5mL)7<0H0}^^ZgxWP^q#gvnBM; +zV44fT3b4Z3cH|3ulSYFnMNGjjyhx5)ns9`>8bcPj}Dyadt +zGB;@fXxXjV4D_v*5u@)_JN +zI-NsK>|kpVPl%{%S!gpum5Mf&&oQ-SR<6rAZRV_noR)MsYE#|cQ>dI~RR_{dcFFYV +zDKmyyGII`8vYtLb$upCu4YOqC9H?YH-BfZ)Rt2{32u3USn?V +ztfDIT(31N4++01l$<4i*J}-BXamw{GGZmNSF4A+?Bqz(Cr=MF_TeEP+vg*nkP-2;0 +zVomZ)FOCK(YQ1$8<(0+DeW;8<$&Ix&$+Nh}ou`{We%{_!w89XH)J&W14MzFS>gu9; +zwVx47PtCMh8NQ`Ob>+2?#R`Cv6JK>zWw{=ZE))$LG|K?>*NAw#W@aY8B3G&BkEmIhN!Eu8sC*$;?13w%bhK*;?m_cwadLFMb$TyLE&Eg>v_F% +z=FLyf^t$IcGrW^TQhMczDl~gZS$SD)Jvxn{=We8aP?2h1aK|@D#*CpV&nT-w<;A6g +zlrgM|vgTb?Ry#-`^Ok(uhl8@~eTdb=Y9c=e+!ekR#Z~CMP*+ho%m!9N1GOYSn7p?GRRnVefbHmD%RgvwhEn;w$i(QVf;6-J% +z6$obXik6fIlB+|j$N5_k$6WNGt^!K{dhaXI4U1FEIKjknm^3S^qP(oacSX{|dc-)3 +zuyM#+I-{b*i(&@KpPb|_s$S;H#W{{|m=ZI+q5HOZ!>Xtr!DVr7-uxTYRJbIw+_wUI +zzxlQL-piTp&097TZC$3?8hT_pJ>;Y$ME%StJ!{fS~L&# +zIM5(Ci$iz!i^^f$a@5NzYHEvcP66ZLq=rfOXp%g8G8pB+<-%*4hHB9~*qU+EAB;c( +zq2!`@oW`>Hs_IJ4IPa3mmA(>hWmVC2bv~R-mDSW@=&-(flY@Cnd^NSzmGwj9HT$zr +z2j?v>zkUULedQ8ULkB*cFl@wfm+1}v_c&|sKQVI`v&DHSofWOwR!S+0))QK}D>fT#`FI +zS#zgP!#y4M48$AtE0$CuBCs+3^zyeGY=cD7=KS6&n~Z&N?i^Z_SO3umu*D-vGdp*g +zEoff-R;EF754k*;rR(*+%{5dwh&|haliOSldK+x>Ak(d%F1}0yIHAl9_%h{iGJVx@ +z%o8c-rK){P%NeCtR`3y14N%K;dFNCkcuv-q;z{?#zTs^Yu(b(1oxrb?poVappWwb= +z_%dQsGyMGNmB!uD@a5FrX!sJ?zzjdLzGWJI_Hf(8ekBYmP<3+w8N@fxcVuVinZ$P3 +zTct?h0_YL0s1<3!dDL(2=Pom68FIq+7g26{pg=_9KC+x;j}V!K@HsZ)atqlyd7ie4VBf)r!K3s>+esgw2Sko{t1G; +zysUQW#Y^hS%1fr=aIoArRXK>geRhLtH!#3!ZL +z`D=Txb#RY2j2*PT2!;CpkTbd=iwHem9x}VWXD?k|vh@GdG}If+Alvwc?f&LuV4FVl +z@elf}h4Ibg{hIUd@)4AONjt)yh4*(d|Lk-66OZSN4~7OivnxOGc#encd?)RR$8+J{ +zVr)F+9QdG1nvp5C_-9Z1L0nSk0{ms3_wbC@{JiJHgDd&Q$j}&NFo$D0r9JVGAnY6a +zhn{sNT@Lc(R6Q~ZMy@9w5>(=Cl7nlZ-zonWdtT8`d|=<{4u00bk1b;s{VI}>*ozDrQE;l_13ZvNI` +zxT_G~L&_@(-!I5Z(Ik1}Yy0%e>(xJ8C@K7woHs8sKQBNAUOafdc**kkot33&_}xdo +zh}0ScNBqSHrOWW)(xUQY(ExLKn`Jrp+ByB|!1tZwD;)zDzJ4#{!Y5Mku@rn(R;HTE +z>y+hrCBMs59-C;q|5fwwJ4VKWPnM_J@dH_2K*03E>-Cj-m-5Z)f?+OCeQ#?Q#(~!clt(k@M*E)8Q$qjrZ(oKp +z&l$|4e)q;9lV~TpSuNCmKQ5S2zVdo2mwda}Tebq<(!}qH!`C*2l(%83$cV3{)UQ^Q +zr}{3FLcoiU8rK#Dlg#C*-`#1IS=wa#9B3cD`mW!_{^FC#_zYoP1wO%y5AM4&jF}us +zg0gWg;d0^oZgu^kykwCS(p(Y=xDQ>6`amSD!tVpZ_NO7uhMTsb|Dv9DlKxuPon?j< +zKSQB^Cx22t33)#|TAHa(vWug&=?S1iHjZ1vv~9I%{_ +zPYbXP+>-|?r`nh6tG*tezpVi`d_I0H9FP6a}W{@J;3~p^Wvd*0|oN +z25)csx!SJD7Q8+i?XX5|!n)NG7vVUnMO^;M0jqXrR2uHT-h9_&OVo>P)>C^YTC_V= +z8K0rNc$Cp}&cL!`AnS(g6if7r?TzDmFNdtT4*cHmoo9gW1*&pet?_!>+N|S-Y}a(O +z>(&VTl&5t17>{G>+@tYduw$Wqrp`Hf0`f +zq|6z*%v&gXywvrAGqs0XF@_c`s+sveMgG5|Ep3gpfi%^=w#J3MXIrDt?$h=1k0S3U +z$h!q&+BC*-bW7s`v>|@e#>PdxPguwIzGXdglV-X66}Ip3c`5B3uO*>x324Kq=kte5@?R*UVgAQ77W4!T` +zs!kP +zWwAJa%{-k}+V-b^V_6Sd6GG~F3wl)TMm*NCn&XVVQwPk?a>pS3N{i#@l@qn2t_vcd +z$1^rrP;Z3o*h}e_hWU{|=AAqWve5rV>jJ$`ZPr}9pRLftMr)p))_TWvoX_i98|U|K +zY|Ld_)_3dnB*viijw+qcIs{MH*>vdQD8_VSV;;s?*Z}38O1JDfep4pqdIsivI_CZr +z@Bz;DW0lXfby~fz97g{>gPpY2T+u%H*e$yshn`2HKU1J1^egVd`nHZMEn}M<5xNErmepP8+e;Gh4w-&-hU44)-t;1-AFCZ$Yc6= +zq|ZV6Mr%&58t;3o+EF#;9B#>4=8; +z=R%i}urKz7dEndhSO;HOulw?IH0?$FT;NAN*6-YV>v8Kx2cxvSzD5mtw!oKacfvPq +z8jX7TinZQ8^sDDGEj1c+4DOR~$Ktl&j>CO2Zu&1PZfqG|8i9Kx?lHKd@H4uwzb)PH +zaeLuo*`D{Uj@1359H|E`aHRHJ=t!OV#>(9*o~+v4bDAUdqcf2{)scE|x+C?_C63gK +z?=RiGc2(i-(FOUt4^4EW#wEITCx0_%ccCYLcTcP%b?-Pw>bW-;?k+*Tp0S|Mb)@=G +z)<~4ua~bNfST;pjPQo37J9^Xdv$Rt%rkje+%6X_u8-uhFxFc~}acj6whEIvxbo?e~ +zJM?iU?Th+5JnuJHXM}EOZ&(j?{r%nAbg%N=mL$hx5v7iL_K|arK4mZL_pmiW@Auu7 +z-bX1L$dCD@=Kn;urF}2*v);q=p4RP}^&VODBxuxoQ$+i5w8sHm9)_*|9p%i_v>pVw +z+|dPm%2StWAN?*u%Zt)BpYl{hRL>ZlFV;O{``8XKC&k?3c(>kCxZ7g6;@9{Z^LUHa +zi*aTc&T;O=SZeVif4tt8vtM`I#d#Exra6Co{H80=UMJ@1cD)aM)`(rb-bm0RkUkRq +z7}b7!yX8)<0Ux7IVYiN>!lyZo?mgGq-u(xx_r=0Tjig44 +zSM8p195!(YXxQ=?$c=@}fy=ej{pnijXvjuG=KZ;lzl!|Q-BFM^Fi%T8n5(6tjyvC9 +zq@~WVOxD*`jw{Ex8|fUkWa#1&_>n2c3-6v~Ij!faQCeR7$Bw%=A5~uF=eV_EP2ubP +z5n9ijky>6&gjgFVYNz%@ZT`W%r=Tp#&hj|nhr`QvL4GNG5amCPIJM_FVGHXgYU5GP +zJ@=L(9r3|Odtsv-C+Il7?`_QIQ5x2zV7Yo9&=1u<+LzM58sFnL&Bgf5!8m5Z|7Nsf +zTmy51cB*drnfq|>$L+x24jHdu9Y2P6?Nb@A9mX2`8RpATv_ZsdLEC1`7Bxhyb_rsl +zKEy<7j!~w~n%q8=oF3yLPBX@MtyuqcdBi@$lMjs%TM;t~`O}7!55{t*2V%J+u$5lu +zp~xDKG~xSO5t~sr8zaup?T};EdPl0ho-(#l^NBGTW4O1l#;RCsyiI%fk+)OZA3==S +zjTmV!;up$ySWoH2zMv%m@whP#d<5(0enY-CtogU;@tKGn)wv +z&x`nS+@{A6TfN0~9BX0IM3Ig)WBxg~-^r-Wk +z?Ppt}dftuJ@)!f1ioMk1sGt4(3HWczwy}Mj%d}g*<{pLqU&QJn&SN^;#F(EpKTx}l +zAkJnC$JkKWt_AVjX=u-^O7=6DUSvJBXAWYT4(O9|$6z~L*DmWT+-=NPYCV1V`S8`M +zUq&AFLphf5_l)OGD*tgtrfV;3Axy`4zw8p)VD2jho5 +z0BF{u#$hR_&sA7Vw;#XKrTOhSSK +zHx_>_2lr&$Rk)2Y5XWlbXzjXIP0O1&Lc7js(ekDrcHD*iMLg%74X+^r`y3aDX+Xyt +zBcMmdrYxs0LOc2iVrM1GSeLe__XquGV1LlBZ9qN$5yxGsOwb|i4=saj +z2>PMDXp_EP>3cxfi9Y5*U9g{%xt?9)c&tlnnl&2jk2=e7*BGaEr^_<=yEaQyGxJ!Y +z9Y>jObe1!C34wKhfE#$hUuOS%I{g{iYuEWyTacw#P|3hEbgngKpSEKcDC~U-;31e@pGs;JmVt%T# +z12I-S%TRkz#___>4tLJQVQ{dfY8T;7!HsLsaq6>LcCoFk*3;qNg{|^z<%{TD$x$!%~U!eW^*$v0Cb=0Npq}BWk#0-s$IpTxy +zhJ|ai(3|jMLZ3FQRq4>jLpZ1CI)!>a6Z(zU*L&*zu#9#7D(yz>6R_vS8PnFrgs^-2 +zjc*A1Y18-iN%!NlTUB?^p2T@t+o+Y& +z$HTVK#zN>NXhXs$)5o(fJfG@sLyWh@IxO~uLWX1ZRcz|hWlta;w;(Q$Kzwe+{tD-z +zR-A=mFHd{o+*Ni#KY0f1!ZpPFpMiNyyD*MD*KeN1wT`-M;IU61Z0va^C;HB@$GXC$ +zWj)80_QY6J=yH5uPV?+U?Vp7%gJp=li;5edKg^xuH)Wvz>CnR!(1#P}L(i(UWbk>n +zUE9@*J;yQZIe3O7))F!QsJp@RrRGs8=E~)mD+A4=csa)sux~HY=aPsSR17ruTsl24 +zmllM~C7$1ka%O4`cl{XpM2vse{Xo|^rMJ^DpK#s=TRj~%#y$LJSYv-YO8e-)v9=ZI +zXT~C~V9fOx<}_mx>VRXzn`anmj<;fNGi^Zx=QQIiA!~dc95YdGaP9}&y8!KEe9ALw +zjz8s}fX`Fq{iyGj-93nL)OwHgAZ|?k6CG15W15d)zSoIhCQ>H&vtBtUtk~m_k(3AKNjpu +z9s1%x{eG-XQCOQ;?{kPb&1JJ**3Y_~$NKWlv}iMK9i?4&8_sD|+ZluM91^}Xz7G8p +zYZ1>RCmKQqW~Si~54!lozCPNi>S84pJ!^qh|~ +zgbuW|zYc=^4sFBuFC2$5)}#ZNg!=*9`M7ZnYo2~8&jx5akU^X%&Mov08Tql1YWQ^hn$2^$qB+O^wi$7 +zwSNqKtLKBCT$_&PHWvMCdhmH|*~Rw=9LBu<81uSUt}C1;%Jw<0&*Z*$h`)ga}&>E!p_ad-cD(U(`s1{UqE}K4qCA<0_wKL +zeUzSNP3UcHjL>5?<1;7vd}aSiM$Ln3U{|Gqy|P-5f@f-+&)-L$e`Fhy{=wzLF8`tJ +zr|yLfY3tvCuGMpQu9MswbMA59xlf*DbBxH-#|*epj@jd{-q23oUYU<$_yGKcdCc0j +zM+AJz+cNK#MRmF?%lx|h3D+E>KWUY19?V{ZKNL3pMg7ToH2yH|JQ%ClpC}zDJ686K +zbgt+6JosnvR2(AqjTj$`_AsCKc28`WZ__S+h39~3o)&)2v&-P~-O#q`{w&^Hp7~7k +zEu3i<;Y^d|tLN<~M?cp*((haoz6|GwdTfmI!zL|imdY#6-$TzMRo%za#hIw^8$zFy +z<9<*t>twEVe1DKQ?>3(C^2~DB<%}M@oPqQ++%(k&L;b98F(>pUe_(=x;l1mnGvwxva7_|X>|e^Sq;|2)j4HciW{ +zDCS!+!}9fd_$_&w{>ob=QUB_5@j7=|DAwya=gRlxDv8k4FqBoFXKcLX#`&6MWuhf6 +zdZNCLesICck5st?^Wru>dUmLM88NyV&3eFIQe3VWn^H3q%=t28HnYCW +z`5a;LncGD<<7MXCj7+>%wlCz3UN#=-1cW-iwB*2aY@2sC`r+fUkf{j2%rahiIbWbY +zlO37!xm0;yGT%_`|Ehd*djtI%qW=Lsx}@Eyetr$;7&S_*QhI54X5PmaMu1#I22#%F|0h}61-P7GEkuDg^WMK^64Mo+QafY!G}u- +z%V&InkA#KgGoBc%eK|wa?*Jc{@=Ag-{FU|?mY;#VgZ0lb1b>pKE3E!)L-3_y!pbua +z7)(Dy$#cE`D)L;{@!lg@jp&T=?@;w~{r)QTbDbVc-hsvpHhx33@2m11L-bFsuVL+v +z>*-+qqkqN~);|8#{GsO8Q2xoGcW?0dJJ|Sgef%o?q1yLV`NPytzxlJpTToLM%Gn^XP}J;REHKRmWI55m +zlTc42@MIvKG3eFOfI_h$`%n61l#S?grwvcLK+N +z-U_7L1HeBay#@GN>P4WZ3CQ|a3-mMq^?HCTFGu15wk2Qps{ka~9m@nI4-o(mAuTG2VIBlZ>``?ng%{_xft*iO0@G4}oCg<4oFFkyVx+`pPzmSLeL&`KkeDygA<+gzmF@`w)1ra$Ds-;ZB=vfVl)G18+CJd#z<(XM6Sx&fy>@vOR~#$#Q_4C$9s4kMtct+Etf8 +z&oe;kyHlWNE0A{eAdq&`0%U*I3iOmqx>VA6K=yBjOiz;O6M*cW1O0l0h&KwbUo#{o +z0NJl&;Im(cWdHX8+1@?CmyzBDWP6_x=;;Kqy;}u(I)H3%8&LPJK(@C*pr;(jc9fvL +zUjaK$7wy<0ajnD#iRD1H%O&aA5|d>5z64Rk$$O%h9iY?lp)A$Cs?m=-7b +zhwuRi%I^cRzdIz|DRDFK4`@dlko|o?pyxgyrj&gHkmauivfmD%u3sR_n+)W5CjhCx +zc!8ccAj^vu=!pWdoL=aMAE0E=`2eMx+0zEeaX%~xSdcI6|0qHj~fHz^>90Jqw&_AZ<0GaL+vdysw*$oB6S=-CH^s@>fJ(>j6g +zA>Vz1U%o-0rv*qoHUUwjeKqh^l+z&4b2AYByL_cUPc3j2%B>QZRtltC3GhSYD-`Hi +z47?fn@&%^l0S|$nBhcd#XiotiMEVSYo+RKckh@4=+GOBg!Jj11GeMv|8h8NdQ35@Y +zz*`}w2~0b7mZrTAey>2!A%XVSfz<0(;NQUS5a`(gY=Hb`foTr{{|yuS@I%VkxzE0BKiMK)5J(xxlnS +z$^08Ro%1M%O^Kl>rS{~RH|PoU>@AnopDAnj)- +zkoL1fpr;E+`*}uSS|^b9vsIvHi$HrD5dZD>;m>5?df;~;*CH^j3CMZZ0K5(9Hw#Rw +z0@Civ1$s(>w}4+FFs%?syIU;KlPA#b0^+}YHvX`_8NfA=OA?qi8OZuw!I|Zh70a;%s@OGqc6`1xQ +zQ1>4|+If>e&uU-;@-+xdyBSD3Un$U2CD2|1WWD)7)|&(LL(VNQEd$7UX9Js%o+2>K +z2E-EOo**zS5@EB8OdJ2K`Z;J(b@`0-$mnSf-2}rrsK-x=# +zK+nxU+Q&+Po?0O7r%GVj13=2P0y*yY3G{3La-7!-^t1qPh1^>{Ya|3C2E`e#Qf$V1k@O9|pW`UksAWY5P3dFi+w`iL7nMGTLK53r=5esO2 +zKEoO$~6K8{;A~2Eo5cqkLPedD{^93dnJHW4%eBw93Unww=_-pVVlzigl +z;BOX~NQ5q8UY2~K1N=P#6NwSv9|N-eL?`$Z0wxkMA7d^8l25z>{3L;i#7OWLOFl6j +z{6c|=#F5~ymwaLd_!|T!5=Vo-Rq~0@d32}1L?YISnAatrI0yW0fr&(naSYFu*goQ1 +z@S_AK65$79E|Pqr3rR@=6N%VI$K**qF$?^Bfr&({YcV|6V)?`?!RL7wFp-FLG^Py* +zo0&j#ga4qwL?ZeW^Ni#Zv%&8Ym`HpWe4e{eo_IC*R5~z`_$2rffaDYBfo~I-NW}gx +zhUb0c6LY}N7nn%=4fwT^PrL?vo+|z7yOGxi1LYx +z!A}yHNQA$MSuFWP5BP-w6N!lLW7bPPu>kxH0uza6fWJlZiC*wK1SS&C1pj5pCl-Rg +zM_?jx0{Dj|pI8KbufRm&S>VTG5>h|JCEzCrOe7|PKST0~#o(t1OeDf*#w?b6VhQ+# +z0uzZg@NbrUq7VEAfr-Sk!GA#ViA%w66PQRm2YjBFvVBDO*65uA6N%@7e^~N~rQr7p +zOe9VMf5IpsPb>r9CNPnB9{95*pZIO?9Rd@H=Yzjk@`=mAFBF(aya4>0fovbK9Q+1> +ziA1bhF%L*SaRvBo0uzZ-z=vDaMn-5cQNSo5&VV%ds+a_z6=(yF0HQ2yG%yJ`3YY?n +z08;J-)KA1(6;1h-poz#E&2s8N6O%#PfH#6BP6N$yZvsu64muxr8))JT(51je&_t|> +z(N)0Jpoz0UHvn%3O}qqj3$O_^F$FY0U*~KCy;)*8%Y1lLg{C1K>AY$kbbieNdMRX +zq#tYr(%*Fg>DRh}^j~ZY%8a2ur9W~2>30f&^e+uS`jJ*3{Y58`exV!4`Oi+A2DAY= +zpB+HX+d?4cX9JM)uocMp)(Pai>IT|?JcK_RXak-DbO6r<(tk_>HUQ59wgPFdoxlr# +z-N4B}Dvx#+6|vUZVvUMeZEeEewulEKq9P7kdM!~AJ1jf#x5a|5po=&h*&7)Zv1LTZ +z2;?8tG72dpdq+k^92|LQ-DE?I1N&#wcu~}>HAKPis(9h2mW^czxJ*^wyo>BGhA9J+ZuaG2G~oQF|eCtOKd$# +zq&_S;&=d7V>&x+zC2wf(Oo>kvV~S+>VT)N%2&l5Efd>eKv3Y~jYJjn+m@&ABfvSKD +zXsg?LMY=hKH#mR`c$v}Z4{tGsEJzA(*g5Z=L*94zA^M|9hWP?~e7|?@@7{C2&pq#v +zZ~KMq4c@cc&%yEd_T}wf@AYjP+aRxPZ^Lo%@ukNbyr-U6d7{C4^T`jM^m-S4OFq!S +zch=YFUGbfU<4NBsxN_;K%TG0UKiY9?N27Ob$9Xs|>{x{3#b@4r26B1k0vwM&vkb?L +zr*Ayn=so-Nxu>DL&z^s_(R<;!i_d|!&#l98;kiXPUfy+O7sT0h4vr^wpWF@H-OF%1 +z-L%>S`e-W})N1fVu+e)Za5d22T@PFczXAzE9JFay!co#YsJ0X7O`A(>Z&U0|S+Ia?!OI^piK-#s~)#&}G^A=n= +z*R=*$&UBrHE2q0w;drgzBg5$#8 +zML2%cbqnI$?D_!WAMal7h8FBzg5!pMLxu@})pVJ|oo|PWZA#^+hI)oNO!0ox! +z110LY1jn_W^B_ImyW9(H)VtK%=)DzMfb&bC%Mky3XdU9;=)DP7uJ>+$^lI-lI6vEa +z4vwdKSK!LqeV6(gychZ|_Cd|}t;6|p-w8P0>Ro{2jsBbcaJ_%MzrlO1e+|yB_iaGT +zi-T_uLTe6Q7z7;#&%^ok!3{WG9lQotE)QOT^M&wY7_=R{1y^nkegIcag;(IpiSWrV +z^s(?VoUet?!|`nR99&rqpMm4jzT^9#r27`(czS4c2y_^_3CGppGs6wumEqHHJU_e+ +z$8*DLaJ)2p8IBi+-yVjt4=;?sl;%0~7z{?3n-VZSF&qZ`E)4NXiKS{m}lOcv*5MCkdg-HtIpC!DDFh59jkZ|`_ +zhyOa^*9fEk7WwOh(Z7orZywkICO^bG2|tgMA(a0rIIl4T2y37h2G;l1b_aJ6zY8Wy +z3|xN~VUom{4U9H(#G&5SQIe5#|Xbfc%1MXgqI1g5xzqB +z=Y)MQ`D18?#Rb#D{WFHI5XOBnhM(f%1NwZKun+1LV#5IN^T6e?@qd@cV?n +zOc?#bm|m1H`lAtN2(J-dAlwN3NFAKaT@HK()rZWbv4Zd7X{uBxUos(N4OQoQ^Sgf-#73w;lm{V2H{!4|3ElR`13x8KTo)w +z@B(3r@Dkw@gqI2bGvbF9JS&9%hwv)l9Zxy(vxJ)ouMzGiyiPby_#)v`gf9{P5#cL@ +z8^B1%{I3yiCcHuTCBioe`W`$Esi52s?7-vjW8;(@}S!nzY>0N?2MRq=;_XMm;h +zcPsqAfOTT0g7FlxWOKvLZ&b*Uzm@XDbqV>5tMOGi@_od|bp!c~;ndC_%qlw|#{7K_ +zwDm!LfbdJiXN>Vt|Mt&05fCF^l_Q_+y<5a*%zRZ}~HoClK%p^;hM{ +zXZ!XV@fl8OZRXOt6KL1PNGiLsNyL6@cQ{~9#0rL*=88g3I@KrhTyQzR56Q42jy98gABcJyR +zzXR*O-G3=P=JyId$45Ex*D3xu@fkC}Tkuu6U4Ghs%oCsYC(Oq_gaPp=9w5N}34BA~C%`UI^BWiV4+VZp +z;P(XHxyzm2u)wbfjCPHh{|SK~fI5icfr4CLz60^2EQIeL0IsyY^iq4}z)r#b#Tb*u +z_IZ%fK#c99%CUV1iN8dA#>~h2QyB0I`KlcGyr2Cs@fl-$%%8e%k*~^;kI(C2_$l!j +zGhgbj%8`GQ_&15qnEBmaCw;`IzbZ#Q@4tt@4#E0kjPWb!ugZ~+&*Nb*h|ie$Qh!yB +zeDqsjm?b`A=KJsj0)C{8c&f +z*8OZRXOt6 +z-}oQIXIzc1%8}3h$?ZX>{uo!|t8(PCKeLzkjH~fgIr7>6d5rjsncwAfk7E6)a^$nW +z^fd7qGygHcSLMiO|LRTRGiH9b;Hz@vvp@FPR;T_LGhgbj%8}3h+k?bs%=|%-zbZ#Q +z`+L7ie8$!IsvP<3AO1G+88ctjpDIT_`;-5h_>8OZRXOt6{~T^}>W^_XzA8sP`>Wq1 +zK4a#~`d8)1Xa6?5^TnP&7&Bj%pXFa`hq|M-!LNT5xUs`6-!Jeca+ +zza{WhfgkO3r)LU$T;T5uyag&!EpNZT_~)al{2hU@KGpRe&5kV(_=@Y_8-#g%{Q?kB +z&i2%6gkhSq!{d+u%6WeOF5};Fd{bEduKT`#k2(tiM_PyFI^V&8H*D=-^OqzrT4l +zlAZ0(C#UhR^!!>nb7X%io`g4*YlE%BRx*~G)dKiF>#(LB*{5lKEox=rN3H0PRe(#0 +zxqX@u&j!QETubwWY3wg#g9ib$PYf7webk5>>4H82=ehn0dibq*ct7%Vu7V;hS@{1y +zD_5>dHj>DZE-j!e>Tp*oWaF`9U$i+G^mq8%(onQW&VsUW#%*)(ie7l7_n@YQsXjV@ +z(vzQ=u`*CRrNE{hHeybR2M3H;#S*tfoxe5I`;39mh+jKW%BjCt-T30~0ZofTp1~x% +zO4tJMGJuvyBnqcT@H7{R!D#|dQ~4a6&J99CxYU6Lc+vgA#@IgqMQ|L%q$M&;w6_U_eK=m-Tmzoqbp59-v +zU7Fi5!D8Q}6#Fx&Im5D|u3i+#!j+-wNxS-=$8@zfz~a1s=f$zircO+7la}eGVo{PuwseHBv%eEipR{V?8gUM`U +z#tLbLSE8ngA7gUpP~T9ZfBa>cMgVJQ!XG#gNye-L7R*S{o>r(lGbdulbSho2^J>ne +zg43ydGUx8h#c5h;2#2ccT2DK?usoNVP9=1Gq^#CCnqL-6*C+Q^)_W8$cN7;UzZS}8 +zj#~CiJl1Bwva?tq4!oMk&xCHfK5!*UMsoR#)iRUHs5v+Vz>M{M+P-4T +zK|c06d|P#;4-}^FKsl!uZkAI=ah{y;x5l#*kwiR-ZEu&##9|p!^X4mNPA#3k89P3A +z#{;kGFAp6sGn!dn;nXbeT{ozm>b>m*N?x~J%OgqA&6Cn%X1n@yG!2!2G&>$Sb$@JRN6|K!F(1bJAWXe +z=m=PuGH8D7>oBYc{26vnYJS4hb-%ml^Dx}QTG%z*f4^$ZSxAX;cFatfzpmysU!I-b +z7aT?N6xL!GphK#O*NcJ)y#!DaL&HgjuRoN=o*G@(5xqlp-kA%(iR} +z3?j9NmDh-hNuafUhg51AvZql8OiYh))tmEJ_3l9U=s-xdCwS3)9Oc@`R)rNL32J~^BVfK~;*mrEw~M;I>A)^&3-*L#b;aCjx+@iQ +zO!Ny~T8%-yIoLXZ!xE<)-c*;*6dY4lb@96Bmw3IUJy2)L7_(B!_Vo%W2mQ@;ri?Kw +zrEFgpDYu7{u!RTHWGn#M`|HR-GGtC=ayv)EXpN*{4viKHhG82whB1nBo-wHoxw3A? +zcBwIG$IklwrU8p!GB%LUWhVl$OzIe<7`Ic*`hzC829h~5pG>5tk64fy8YQphvi?@w +zePO(I?%`Ilh%GWcQNP+h=&eD@@Ztb;ZBKbtl$s0T;RwkWF*h|!eqgc%- +z74pwI_I5Vdm&v3u&dS64RmwH!6s99Mbi=Tor{CjmCC?76QZWkY~aq;G^b~e +zWOGN%Xe4ti4)twjkHu$lX8+iMP@g$GruUjVolBwATpF~ViYMZ^0+bnA9ycR}nv{%H +zGP!F+?A?5G8%dexdZv>&8%*4%U&3hz`` +zBmun!mTVVx65~tudo2!F2`iGd_*%@$jTh2Z56ouC7%cjukvS`z#0~{ruC7Sot4EtCfT=SH`-kzFKr(7Va+Tuywc$u6W*OklvFc<5P51U~tgeg-U}H`j +z;|E^l5z*F{u;#!lJdm@uV0y?Lj|D;380v~;Y@;%|J*X`%$BD}Wb6b8qHZE`yxkE=8 +zRxF2TlC*9Itx@}S(_f{=%j$1(4Ek%O#?hzUoBzoK^nU6U@nkj^0izl^7Y=&pG8T4O +zbWJIpwsN{Ksfs3?9D}~7`UFY_O3~7s9K&Hw*{3rp9FgW!YTk;PsdVI(yakS{cs7TY +zKA5*qdX5{lvbjvEP%AFhn4fAc;Iw+8tl)xjfc_RQExr*OuxY4ItZ0nJ%-fus5n*Mr?`nkXi$ktN_6;+FF}u +z#pW6e5NYvAt)%UuTboj9mU(>6UFuo}uC8-Z1A3^!KKAyTV{F?SS?VpDR|cBG)hk2oPMfENCjY%iOLmcak>+L%?{p(^ +zckq**2GjxSm=8QfCE$LeXE@XhpBDH8;1dLUq%b#?0!zUMQ@d&6E53X+3~d?TO#8?* +z2Dh|3Dbs#87>J!am{M%Se5F2CwldX>z3JK^*#*0714@Q9I-;*M!eu&8+LF#S##~ul +z+=&7>s-yyUk`9ijyG=)qrqWcEv1Srz#ix>Z2PzBSp1wh|KLf_K-!lU@!gpKsZ6sjp +zQ@nX$WMB>=qojOuRN6Px&v7g-O@$wN~~ +zyL(&u8S=GwO!53oxw5VZckUR%yFBO+x~m7g9ACtJAKl$OYj@vAr#vMy_G$a* +z#GdW5v;AZ9zry~4Mddq#(rt+{3-|tRqP)8P|Li6#=aJ;yw#{(2*1{*VoU_WXq*r=e +zv}~!o-RErCJHN?;r!t>=_wXz#VBZ#~@OUq7B8A;@w@(4P9+oXj-LHu6`Gf0NQoMy! +z;Tc_Fo4Fq1_208cvP*ltI(E|bEg`on&*iJzGzqt}dDH0j-hK8+bmsrk=(P1kYg>J+ +zyS!H^V)4_EU(zo!)JM+C)cI6ynH6tsJLdEKTY0cM-t5Oc_iyE?&wI(cf3;kDiTk(m +z&=-%-{2>TX}NZcK`mC+hDof`()Bh>Na6&O*q1td;eZS +o)t?7!KI%kW*0{mSca}!?T06*XUUsb2uT>t<8 + +literal 0 +HcmV?d00001 + +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go +new file mode 100644 +index 00000000000000..5d331b8ed22252 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.go +@@ -0,0 +1,34 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #cgo CFLAGS: -Wno-deprecated-declarations ++// #cgo LDFLAGS: -L /Library/Developer/CommandLineTools/usr/lib/swift/macosx ${SRCDIR}/CryptoKit.o ++import "C" ++import "unsafe" ++ ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func base(b []byte) *C.uchar { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.uchar)(unsafe.Pointer(&b[0])) ++} ++ ++func sbase(b []byte) *C.char { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.char)(unsafe.Pointer(&b[0])) ++} ++ ++func pbase(b []byte) unsafe.Pointer { ++ if len(b) == 0 { ++ return nil ++ } ++ return unsafe.Pointer(&b[0]) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h +new file mode 100644 +index 00000000000000..dfc73697c392f8 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/cryptokit.h +@@ -0,0 +1,43 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++#ifndef CRYPTOKIT_H ++#define CRYPTOKIT_H ++ ++#include ++#include ++ ++// AES GCM encryption and decryption ++int encryptAESGCM(const uint8_t* key, size_t keyLength, ++ const uint8_t* data, size_t dataLength, ++ const uint8_t* nonce, size_t nonceLength, ++ const uint8_t* aad, size_t aadLength, ++ uint8_t* cipherText, size_t cipherTextLength, ++ uint8_t* tag); ++int decryptAESGCM(const uint8_t* key, size_t keyLength, ++ const uint8_t* data, size_t dataLength, ++ const uint8_t* nonce, size_t nonceLength, ++ const uint8_t* aad, size_t aadLength, ++ const uint8_t* tag, size_t tagLength, ++ uint8_t* out, size_t* outLength); ++ ++// Generates an Ed25519 keypair. ++// The private key is 64 bytes (first 32 bytes are the seed, next 32 bytes are the public key). ++// The public key is 32 bytes. ++void generateKeyEd25519(uint8_t* key); ++int newPrivateKeyEd25519FromSeed(uint8_t* key, const uint8_t* seed); ++int newPublicKeyEd25519(uint8_t* key, const uint8_t* pub); ++int signEd25519(const uint8_t* privateKey, const uint8_t* message, size_t messageLength, uint8_t* sigBuffer); ++int verifyEd25519(const uint8_t* publicKey, const uint8_t* message, size_t messageLength, const uint8_t* sig); ++ ++// HKDF key derivation ++int extractHKDF(int32_t hashFunction, ++ const uint8_t* secret, size_t secretLength, ++ const uint8_t* salt, size_t saltLength, ++ uint8_t* prk, size_t prkLength); ++int expandHKDF(int32_t hashFunction, ++ const uint8_t* prk, size_t prkLength, ++ const uint8_t* info, size_t infoLength, ++ uint8_t* okm, size_t okmLength); ++ ++#endif /* CRYPTOKIT_H */ +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go +new file mode 100644 +index 00000000000000..2fa15c8fa5529a +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/ed25519.go +@@ -0,0 +1,72 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++import ( ++ "errors" ++) ++ ++// GenerateKeyEd25519 generates an Ed25519 private key using the Swift implementation. ++func GenerateKeyEd25519(key []byte) { ++ C.generateKeyEd25519(base(key)) ++} ++ ++// NewPrivateKeyEd25519FromSeed generates an Ed25519 private key from a seed. ++func NewPrivateKeyEd25519FromSeed(key, seed []byte) error { ++ result := C.newPrivateKeyEd25519FromSeed(base(key), base(seed)) ++ if result != 0 { ++ return errors.New("failed to generate Ed25519 key from seed") ++ } ++ return nil ++} ++ ++// NewPublicKeyEd25519 creates a new Ed25519 public key from raw bytes. ++func NewPublicKeyEd25519(key, pub []byte) error { ++ result := C.newPublicKeyEd25519(base(key), base(pub)) ++ if result != 0 { ++ return errors.New("failed to create Ed25519 public key") ++ } ++ return nil ++} ++ ++// SignEd25519 signs a message using the provided private key. ++func SignEd25519(sig, privateKey, message []byte) error { ++ result := C.signEd25519(base(privateKey), base(message), C.size_t(len(message)), base(sig)) ++ if result < 0 { ++ switch result { ++ case -1: ++ return errors.New("invalid inputs to SignEd25519") ++ case -2: ++ return errors.New("failed to reconstruct private key") ++ case -3: ++ return errors.New("failed to sign the message") ++ case -4: ++ return errors.New("signature buffer too small") ++ default: ++ return errors.New("unknown error in SignEd25519") ++ } ++ } ++ return nil ++} ++ ++// VerifyEd25519 verifies a signature using the provided public key and message. ++func VerifyEd25519(publicKey, message, sig []byte) error { ++ result := C.verifyEd25519(base(publicKey), base(message), C.size_t(len(message)), base(sig)) ++ switch result { ++ case 1: ++ return nil // Valid signature ++ case 0: ++ return errors.New("ed25519: invalid signature") ++ case -1: ++ return errors.New("invalid inputs to VerifyEd25519") ++ case -2: ++ return errors.New("failed to reconstruct public key") ++ default: ++ return errors.New("unknown error in VerifyEd25519") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go +new file mode 100644 +index 00000000000000..458e9eb57416b1 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/gcm.go +@@ -0,0 +1,36 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++ ++// EncryptAESGCM performs AES-GCM encryption using Swift. ++func EncryptAESGCM(key, plaintext, nonce, additionalData, ciphertext, tag []byte) int { ++ err := C.encryptAESGCM( ++ base(key), C.size_t(len(key)), ++ base(plaintext), C.size_t(len(plaintext)), ++ base(nonce), C.size_t(len(nonce)), ++ base(additionalData), C.size_t(len(additionalData)), ++ base(ciphertext), C.size_t(len(ciphertext)), ++ base(tag), ++ ) ++ return int(err) ++} ++ ++// DecryptAESGCM performs AES-GCM decryption using Swift. ++func DecryptAESGCM(key, ciphertext, nonce, additionalData, tag, plaintext []byte) (int, int) { ++ var decSize C.size_t ++ err := C.decryptAESGCM( ++ base(key), C.size_t(len(key)), ++ base(ciphertext), C.size_t(len(ciphertext)), ++ base(nonce), C.size_t(len(nonce)), ++ base(additionalData), C.size_t(len(additionalData)), ++ base(tag), C.size_t(len(tag)), ++ base(plaintext), &decSize, ++ ) ++ return int(decSize), int(err) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go +new file mode 100644 +index 00000000000000..da161adcd88ea6 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/hkdf.go +@@ -0,0 +1,77 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package cryptokit ++ ++// #include "cryptokit.h" ++import "C" ++import ( ++ "crypto" ++ "errors" ++) ++ ++// ExtractHKDF performs the extract step of HKDF using the specified hash function. ++func ExtractHKDF(hash crypto.Hash, secret, salt []byte) ([]byte, error) { ++ h, err := cryptoHashToSwift(hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Allocate buffer for derived key ++ prk := make([]byte, hash.Size()) ++ ++ // Call Swift function ++ result := C.extractHKDF( ++ h, ++ base(secret), C.size_t(len(secret)), ++ base(salt), C.size_t(len(salt)), ++ base(prk), C.size_t(len(prk)), ++ ) ++ ++ if result != 0 { ++ return nil, errors.New("HKDF derivation failed") ++ } ++ ++ return prk, nil ++} ++ ++func ExpandHKDF(hash crypto.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ h, err := cryptoHashToSwift(hash) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Allocate buffer for derived key ++ expandedKey := make([]byte, keyLength) ++ ++ // Call Swift function ++ result := C.expandHKDF( ++ h, ++ base(pseudorandomKey), C.size_t(len(pseudorandomKey)), ++ base(info), C.size_t(len(info)), ++ base(expandedKey), C.size_t(len(expandedKey)), ++ ) ++ ++ if result != 0 { ++ return nil, errors.New("HKDF derivation failed") ++ } ++ ++ return expandedKey, nil ++} ++ ++func cryptoHashToSwift(hash crypto.Hash) (C.int32_t, error) { ++ switch hash { ++ case crypto.SHA1: ++ return 1, nil ++ case crypto.SHA256: ++ return 2, nil ++ case crypto.SHA384: ++ return 3, nil ++ case crypto.SHA512: ++ return 4, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +new file mode 100644 +index 00000000000000..27a42bfc89ca06 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/aes.go +@@ -0,0 +1,306 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto/cipher" ++ "errors" ++ "slices" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++//go:generate go run github.com/microsoft/go-crypto-darwin/cmd/gentestvectors -out vectors_test.go ++ ++type cipherGCMTLS uint8 ++ ++const ( ++ cipherGCMTLSNone cipherGCMTLS = iota ++ cipherGCMTLS12 ++ cipherGCMTLS13 ++) ++ ++const ( ++ // AES block size is the same for all key sizes ++ aesBlockSize = C.kCCBlockSizeAES128 ++ gcmTagSize = 16 ++ gcmStandardNonceSize = 12 ++ // TLS 1.2 additional data is constructed as: ++ // ++ // additional_data = seq_num(8) + TLSCompressed.type(1) + TLSCompressed.version(2) + TLSCompressed.length(2); ++ gcmTls12AddSize = 13 ++ // TLS 1.3 additional data is constructed as: ++ // ++ // additional_data = TLSCiphertext.opaque_type(1) || TLSCiphertext.legacy_record_version(2) || TLSCiphertext.length(2) ++ gcmTls13AddSize = 5 ++ gcmTlsFixedNonceSize = 4 ++) ++ ++type aesCipher struct { ++ key []byte ++ kind C.CCAlgorithm ++} ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ var alg C.CCAlgorithm ++ switch len(key) { ++ case 16, 24, 32: ++ alg = C.kCCAlgorithmAES ++ default: ++ return nil, errors.New("crypto/aes: invalid key size") ++ } ++ c := &aesCipher{ ++ key: slices.Clone(key), ++ kind: alg, ++ } ++ return c, nil ++} ++ ++func (c *aesCipher) BlockSize() int { return aesBlockSize } ++ ++func (c *aesCipher) Encrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/aes: input or output block is too small") ++ } ++ ++ src, dst = src[:blockSize], dst[:blockSize] ++ ++ if inexactOverlap(dst, src) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ ++ status := C.CCCrypt( ++ C.kCCEncrypt, // Operation ++ C.CCAlgorithm(c.kind), // Algorithm ++ 0, // Options ++ pbase(c.key), // Key ++ C.size_t(len(c.key)), // Key length ++ nil, // IV ++ pbase(src), // Input ++ C.size_t(blockSize), // Input length ++ pbase(dst), // Output ++ C.size_t(blockSize), // Output length ++ nil, // Output length ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/aes: encryption failed") ++ } ++} ++ ++func (c *aesCipher) Decrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/aes: input or output block is too small") ++ } ++ ++ src, dst = src[:blockSize], dst[:blockSize] ++ ++ if inexactOverlap(dst, src) { ++ panic("crypto/aes: invalid buffer overlap") ++ } ++ ++ status := C.CCCrypt( ++ C.kCCDecrypt, // Operation ++ C.CCAlgorithm(c.kind), // Algorithm ++ 0, // Options ++ pbase(c.key), // Key ++ C.size_t(len(c.key)), // Key length ++ nil, // IV ++ pbase(src), // Input ++ C.size_t(blockSize), // Input length ++ pbase(dst), // Output ++ C.size_t(blockSize), // Output length ++ nil, // Output length ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/aes: decryption failed") ++ } ++} ++ ++type aesGCM struct { ++ key []byte ++ tls cipherGCMTLS ++ // minNextNonce is the minimum value that the next nonce can be, enforced by ++ // all TLS modes. ++ minNextNonce uint64 ++ // mask is the nonce mask used in TLS 1.3 mode. ++ mask uint64 ++ // maskInitialized is true if mask has been initialized. This happens during ++ // the first Seal. The initialized mask may be 0. Used by TLS 1.3 mode. ++ maskInitialized bool ++} ++ ++type noGCM struct { ++ cipher.Block ++} ++ ++// NewGCM constructs a GCM block mode for AES using the cryptokit package ++func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) { ++ if nonceSize != gcmStandardNonceSize && tagSize != gcmTagSize { ++ return nil, errors.New("crypto/aes: GCM tag and nonce sizes can't be non-standard at the same time") ++ } ++ // Fall back to standard library for GCM with non-standard nonce or tag size. ++ if nonceSize != gcmStandardNonceSize { ++ return cipher.NewGCMWithNonceSize(&noGCM{c}, nonceSize) ++ } ++ if tagSize != gcmTagSize { ++ return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize) ++ } ++ return &aesGCM{key: c.key, tls: cipherGCMTLSNone}, nil ++} ++ ++func (g *aesGCM) NonceSize() int { return gcmStandardNonceSize } ++ ++func (g *aesGCM) Overhead() int { return gcmTagSize } ++ ++func (g *aesGCM) Seal(dst, nonce, plaintext, additionalData []byte) []byte { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if uint64(len(plaintext)) > ((1<<32)-2)*aesBlockSize || len(plaintext)+gcmTagSize < len(plaintext) { ++ panic("cipher: message too large for GCM") ++ } ++ if len(dst)+len(plaintext)+gcmTagSize < len(dst) { ++ panic("cipher: message too large for buffer") ++ } ++ ++ if g.tls != cipherGCMTLSNone { ++ if g.tls == cipherGCMTLS12 && len(additionalData) != gcmTls12AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.2") ++ } else if g.tls == cipherGCMTLS13 && len(additionalData) != gcmTls13AddSize { ++ panic("cipher: incorrect additional data length given to GCM TLS 1.3") ++ } ++ counter := bigUint64(nonce[gcmTlsFixedNonceSize:]) ++ ++ // TLS 1.3 Masking ++ if g.tls == cipherGCMTLS13 { ++ if !g.maskInitialized { ++ g.mask = counter ++ g.maskInitialized = true ++ } ++ // Apply mask to the counter ++ counter ^= g.mask ++ } ++ ++ // Enforce monotonicity and max limit ++ const maxUint64 = 1<<64 - 1 ++ if counter == maxUint64 { ++ panic("cipher: nonce counter must be less than 2^64 - 1") ++ } ++ if counter < g.minNextNonce { ++ panic("cipher: nonce counter must be strictly monotonically increasing") ++ } ++ ++ defer func() { ++ g.minNextNonce = counter + 1 ++ }() ++ } ++ ++ // Make room in dst to append plaintext+overhead. ++ ret, out := sliceForAppend(dst, len(plaintext)+gcmTagSize) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, plaintext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ tag := out[len(out)-gcmTagSize:] ++ err := cryptokit.EncryptAESGCM(g.key, plaintext, nonce, additionalData, out[:len(out)-gcmTagSize], tag) ++ if err != 0 { ++ panic("cipher: encryption failed") ++ } ++ return ret ++} ++ ++var errOpen = errors.New("cipher: message authentication failed") ++ ++func (g *aesGCM) Open(dst, nonce, ciphertext, additionalData []byte) ([]byte, error) { ++ if len(nonce) != gcmStandardNonceSize { ++ panic("cipher: incorrect nonce length given to GCM") ++ } ++ if len(ciphertext) < gcmTagSize { ++ return nil, errOpen ++ } ++ if uint64(len(ciphertext)) > ((1<<32)-2)*aesBlockSize+gcmTagSize { ++ return nil, errOpen ++ } ++ // BoringCrypto does not do any TLS check when decrypting, neither do we. ++ ++ // Ensure we don't process if ciphertext lacks both ciphertext and tag ++ if len(ciphertext) < gcmTagSize { ++ return nil, errors.New("decryption failed: ciphertext too short for tag") ++ } ++ ++ tag := ciphertext[len(ciphertext)-gcmTagSize:] ++ ciphertext = ciphertext[:len(ciphertext)-gcmTagSize] ++ ++ // Make room in dst to append ciphertext without tag. ++ ret, out := sliceForAppend(dst, len(ciphertext)) ++ ++ // Check delayed until now to make sure len(dst) is accurate. ++ if inexactOverlap(out, ciphertext) { ++ panic("cipher: invalid buffer overlap") ++ } ++ ++ decSize, err := cryptokit.DecryptAESGCM(g.key, ciphertext, nonce, additionalData, tag, out) ++ if err != 0 || int(decSize) != len(ciphertext) { ++ // If the decrypted data size does not match, zero out `out` and return `errOpen` ++ for i := range out { ++ out[i] = 0 ++ } ++ return nil, errOpen ++ } ++ return ret, nil ++} ++ ++// NewGCMTLS returns a GCM cipher specific to TLS ++// and should not be used for non-TLS purposes. ++func NewGCMTLS(block cipher.Block) (cipher.AEAD, error) { ++ cipher, ok := block.(*aesCipher) ++ if !ok { ++ return nil, errors.New("crypto/aes: invalid block cipher") ++ } ++ return &aesGCM{key: cipher.key, tls: cipherGCMTLS12}, nil ++} ++ ++// NewGCMTLS13 returns a GCM cipher specific to TLS 1.3 and should not be used ++// for non-TLS purposes. ++func NewGCMTLS13(block cipher.Block) (cipher.AEAD, error) { ++ cipher, ok := block.(*aesCipher) ++ if !ok { ++ return nil, errors.New("crypto/aes: invalid block cipher") ++ } ++ return &aesGCM{key: cipher.key, tls: cipherGCMTLS13}, nil ++} ++ ++func (c *aesCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCEncrypt, c.kind, c.key, iv) ++} ++ ++func (c *aesCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCDecrypt, c.kind, c.key, iv) ++} ++ ++// sliceForAppend is a mirror of crypto/cipher.sliceForAppend. ++func sliceForAppend(in []byte, n int) (head, tail []byte) { ++ if total := len(in) + n; cap(in) >= total { ++ head = in[:total] ++ } else { ++ head = make([]byte, total) ++ copy(head, in) ++ } ++ tail = head[len(in):] ++ return ++} ++ ++func bigUint64(b []byte) uint64 { ++ _ = b[7] // bounds check hint to compiler; see go.dev/issue/14808 ++ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 | ++ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56 ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go +new file mode 100644 +index 00000000000000..865e22ab6a3dda +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/big.go +@@ -0,0 +1,16 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++package xcrypto ++ ++// This file does not have build constraints to ++// facilitate using BigInt in Go crypto. ++// Go crypto references BigInt unconditionally, ++// even if it is not finally used. ++ ++// A BigInt is the big-endian bytes from a math/big BigInt, ++// which are normalized to remove any leading 0 byte. ++// Windows BCrypt accepts this specific data format. ++// This definition allows us to avoid importing math/big. ++// Conversion between BigInt and *big.Int is in xcrypto/bbig. ++type BigInt []byte +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go +new file mode 100644 +index 00000000000000..375bc368162acb +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cgo_go124.go +@@ -0,0 +1,21 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build go1.24 && darwin ++ ++package xcrypto ++ ++// The following noescape and nocallback directives are used to prevent the Go ++// compiler from allocating function parameters on the heap. See ++// https://github.com/golang/go/blob/0733682e5ff4cd294f5eccb31cbe87a543147bc6/src/cmd/cgo/doc.go#L439-L461 ++// ++// If possible, write a C wrapper function to optimize a call rather than using ++// this feature so the optimization will work for all supported Go versions. ++// ++// This is just a performance optimization. Only add functions that have been ++// observed to benefit from these directives, not every function that is merely ++// expected to meet the noescape/nocallback criteria. ++ ++// #cgo noescape SecRandomCopyBytes ++// #cgo nocallback SecRandomCopyBytes ++import "C" +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +new file mode 100644 +index 00000000000000..9f3a8f92bd43fc +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/cipher.go +@@ -0,0 +1,122 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++ ++import ( ++ "runtime" ++ "unsafe" ++) ++ ++type cbcCipher struct { ++ blockSize int ++ cryptor C.CCCryptorRef ++} ++ ++func newCBC(operation C.CCOperation, kind C.CCAlgorithm, key, iv []byte) *cbcCipher { ++ var blockSize int ++ switch kind { ++ case C.kCCAlgorithmAES: ++ blockSize = aesBlockSize ++ case C.kCCAlgorithmDES, C.kCCAlgorithm3DES: ++ blockSize = desBlockSize ++ default: ++ panic("invalid algorithm") ++ } ++ ++ // Create and initialize the cbcMode struct with CCCryptorCreate here ++ x := &cbcCipher{blockSize: blockSize} ++ status := C.CCCryptorCreateWithMode( ++ operation, // Specifies whether encryption or decryption is performed (kCCEncrypt or kCCDecrypt). ++ C.kCCModeCBC, // Mode of operation, here explicitly set to CBC (Cipher Block Chaining). ++ C.CCAlgorithm(kind), // The encryption algorithm (e.g., kCCAlgorithmAES128, kCCAlgorithmDES). ++ C.ccNoPadding, // Padding option, set to no padding; padding can be handled at a higher level if necessary. ++ pbase(iv), // Initialization Vector (IV) for the cipher, required for CBC mode. Should be nil for ECB mode. ++ pbase(key), // Pointer to the encryption key. ++ C.size_t(len(key)), // Length of the encryption key in bytes. ++ nil, // Tweak key, used only for XTS mode; here set to nil as it’s not required for CBC. ++ 0, // Length of the tweak key, set to 0 as tweak is nil. ++ 0, // Number of rounds, mainly for RC2 and Blowfish; not used here, so set to 0. ++ 0, // Mode options for CTR and F8 modes; not used for CBC, so set to 0. ++ &x.cryptor, // Pointer to the CCCryptorRef output, which will hold the state for encryption or decryption. ++ ) ++ ++ if status != C.kCCSuccess { ++ panic("crypto/des: CCCryptorCreate failed") ++ } ++ ++ runtime.SetFinalizer(x, (*cbcCipher).finalize) ++ return x ++ ++} ++ ++func (x *cbcCipher) finalize() { ++ if x.cryptor != nil { ++ C.CCCryptorRelease(x.cryptor) ++ x.cryptor = nil ++ } ++} ++ ++func (x *cbcCipher) BlockSize() int { return x.blockSize } ++ ++func (x *cbcCipher) CryptBlocks(dst, src []byte) { ++ if inexactOverlap(dst, src) { ++ panic("crypto/cipher: invalid buffer overlap") ++ } ++ if len(src)%x.blockSize != 0 { ++ panic("crypto/cipher: input not full blocks") ++ } ++ if len(dst) < len(src) { ++ panic("crypto/cipher: output smaller than input") ++ } ++ if len(src) == 0 { ++ return ++ } ++ var outLength C.size_t ++ status := C.CCCryptorUpdate( ++ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. ++ pbase(src), // Pointer to the input data (source buffer) to be encrypted or decrypted. ++ C.size_t(len(src)), // Length of the input data in bytes. ++ pbase(dst), // Pointer to the output buffer (destination buffer) where the result will be stored. ++ C.size_t(len(dst)), // Size of the output buffer in bytes; must be large enough to hold the processed data. ++ &outLength, // Pointer to a variable that will contain the number of bytes written to the output buffer. ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/cipher: CCCryptorUpdate failed") ++ } ++ runtime.KeepAlive(x) ++} ++ ++func (x *cbcCipher) SetIV(iv []byte) { ++ if len(iv) != x.blockSize { ++ panic("crypto/cipher: incorrect IV length") ++ } ++ status := C.CCCryptorReset( ++ x.cryptor, // CCCryptorRef created by CCCryptorCreateWithMode; holds the encryption/decryption state. ++ pbase(iv), // Pointer to the new IV to be set. ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/cipher: CCCryptorReset failed") ++ } ++ runtime.KeepAlive(x) ++} ++ ++// The following two functions are a mirror of golang.org/x/crypto/internal/subtle. ++ ++func anyOverlap(x, y []byte) bool { ++ return len(x) > 0 && len(y) > 0 && ++ uintptr(unsafe.Pointer(&x[0])) <= uintptr(unsafe.Pointer(&y[len(y)-1])) && ++ uintptr(unsafe.Pointer(&y[0])) <= uintptr(unsafe.Pointer(&x[len(x)-1])) ++} ++ ++func inexactOverlap(x, y []byte) bool { ++ if len(x) == 0 || len(y) == 0 || &x[0] == &y[0] { ++ return false ++ } ++ return anyOverlap(x, y) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +new file mode 100644 +index 00000000000000..ce490c1167c536 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/des.go +@@ -0,0 +1,117 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto/cipher" ++ "errors" ++ "slices" ++) ++ ++const desBlockSize = C.kCCBlockSizeDES ++ ++type desCipher struct { ++ key []byte ++ kind C.CCAlgorithm ++} ++ ++// NewDESCipher creates a new DES cipher block using the specified key (8 bytes). ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 8 { ++ return nil, errors.New("crypto/des: invalid key size for DES") ++ } ++ ++ c := &desCipher{ ++ key: slices.Clone(key), ++ kind: C.kCCAlgorithmDES, ++ } ++ return c, nil ++} ++ ++// NewTripleDESCipher creates a new 3DES cipher block using the specified key (24 bytes). ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ if len(key) != 24 { ++ return nil, errors.New("crypto/des: invalid key size for 3DES") ++ } ++ ++ c := &desCipher{ ++ key: slices.Clone(key), ++ kind: C.kCCAlgorithm3DES, ++ } ++ return c, nil ++} ++ ++func (c *desCipher) BlockSize() int { return desBlockSize } ++ ++func (c *desCipher) Encrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/des: input or output block is too small") ++ } ++ ++ if inexactOverlap(dst[:blockSize], src[:blockSize]) { ++ panic("crypto/des: invalid buffer overlap") ++ } ++ ++ var outLength C.size_t ++ status := C.CCCrypt( ++ C.kCCEncrypt, ++ C.CCAlgorithm(c.kind), ++ C.kCCOptionECBMode, ++ pbase(c.key), ++ C.size_t(len(c.key)), ++ nil, ++ pbase(src[:blockSize]), ++ C.size_t(blockSize), ++ pbase(dst[:blockSize]), ++ C.size_t(blockSize), ++ &outLength, ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/des: encryption failed") ++ } ++} ++ ++func (c *desCipher) Decrypt(dst, src []byte) { ++ blockSize := c.BlockSize() ++ if len(src) < blockSize || len(dst) < blockSize { ++ panic("crypto/des: input or output block is too small") ++ } ++ ++ if inexactOverlap(dst[:blockSize], src[:blockSize]) { ++ panic("crypto/des: invalid buffer overlap") ++ } ++ ++ var outLength C.size_t ++ status := C.CCCrypt( ++ C.kCCDecrypt, ++ C.CCAlgorithm(c.kind), ++ C.kCCOptionECBMode, ++ pbase(c.key), ++ C.size_t(len(c.key)), ++ nil, ++ pbase(src[:blockSize]), ++ C.size_t(blockSize), ++ pbase(dst[:blockSize]), ++ C.size_t(blockSize), ++ &outLength, ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/des: decryption failed") ++ } ++} ++ ++// CBC mode encrypter ++func (c *desCipher) NewCBCEncrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCEncrypt, c.kind, c.key, iv) ++} ++ ++// CBC mode decrypter ++func (c *desCipher) NewCBCDecrypter(iv []byte) cipher.BlockMode { ++ return newCBC(C.kCCDecrypt, c.kind, c.key, iv) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go +new file mode 100644 +index 00000000000000..e57bde33af4c98 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ec.go +@@ -0,0 +1,32 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++func curveToKeySizeInBits(curve string) int { ++ switch curve { ++ case "P-256": ++ return 256 ++ case "P-384": ++ return 384 ++ case "P-521": ++ return 521 ++ default: ++ return 0 ++ } ++} ++ ++func curveToKeySizeInBytes(curve string) int { ++ switch curve { ++ case "P-256": ++ return (256 + 7) / 8 ++ case "P-384": ++ return (384 + 7) / 8 ++ case "P-521": ++ return (521 + 7) / 8 ++ default: ++ return 0 ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +new file mode 100644 +index 00000000000000..3bdd3937670285 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdh.go +@@ -0,0 +1,135 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "runtime" ++ "slices" ++) ++ ++type PublicKeyECDH struct { ++ _pkey C.SecKeyRef ++ bytes []byte ++} ++ ++func (k *PublicKeyECDH) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++type PrivateKeyECDH struct { ++ _pkey C.SecKeyRef ++ pub []byte ++} ++ ++func (k *PrivateKeyECDH) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) { ++ if len(bytes) < 1 { ++ return nil, errors.New("NewPublicKeyECDH: missing key") ++ } ++ pubKeyRef, err := createSecKeyWithData(bytes, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ pubKey := &PublicKeyECDH{pubKeyRef, slices.Clone(bytes)} ++ runtime.SetFinalizer(pubKey, (*PublicKeyECDH).finalize) ++ return pubKey, nil ++} ++ ++func (k *PublicKeyECDH) Bytes() []byte { return k.bytes } ++ ++// bytes expects the public key to be in uncompressed ANSI X9.63 format ++func NewPrivateKeyECDH(curve string, pub, priv []byte) (*PrivateKeyECDH, error) { ++ key := append(slices.Clone(pub), priv...) ++ privKeyRef, err := createSecKeyWithData(key, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ privKey := &PrivateKeyECDH{privKeyRef, pub} ++ runtime.SetFinalizer(privKey, (*PrivateKeyECDH).finalize) ++ return privKey, nil ++} ++ ++func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { ++ defer runtime.KeepAlive(k) ++ pubKeyRef := C.SecKeyCopyPublicKey(k._pkey) ++ if pubKeyRef == 0 { ++ return nil, errors.New("failed to extract public key") ++ } ++ pubKey := &PublicKeyECDH{pubKeyRef, k.pub} ++ runtime.SetFinalizer(pubKey, (*PublicKeyECDH).finalize) ++ return pubKey, nil ++} ++ ++func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) { ++ defer runtime.KeepAlive(priv) ++ defer runtime.KeepAlive(pub) ++ ++ var algorithm C.CFStringRef = C.kSecKeyAlgorithmECDHKeyExchangeStandard ++ ++ supported := C.SecKeyIsAlgorithmSupported(priv._pkey, C.kSecKeyOperationTypeKeyExchange, algorithm) ++ if supported == 0 { ++ return nil, errors.New("ECDH algorithm not supported for the given private key") ++ } ++ ++ var cfErr C.CFErrorRef ++ // Perform the key exchange ++ sharedSecretRef := C.SecKeyCopyKeyExchangeResult( ++ priv._pkey, ++ algorithm, ++ pub._pkey, ++ C.CFDictionaryRef(0), ++ &cfErr, ++ ) ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ defer C.CFRelease(C.CFTypeRef(sharedSecretRef)) ++ ++ sharedSecret := cfDataToBytes(sharedSecretRef) ++ return sharedSecret, nil ++} ++ ++func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, nil, errors.New("unsupported curve") ++ } ++ keySizeInBits := curveToKeySizeInBits(curve) ++ // Generate the private key and get its DER representation ++ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeECSECPrimeRandom, keySizeInBits) ++ if err != nil { ++ return nil, nil, err ++ } ++ pub, priv, err := extractECDHComponents(privKeyDER, keySize) ++ if err != nil { ++ C.CFRelease(C.CFTypeRef(privKeyRef)) ++ return nil, nil, err ++ } ++ k := &PrivateKeyECDH{privKeyRef, pub} ++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize) ++ return k, priv, nil ++} ++ ++func extractECDHComponents(der []byte, keySize int) (pub, priv []byte, err error) { ++ // The private component is the last of the three equally-sized chunks ++ // for the elliptic curve private key. ++ if len(der) != 1+keySize*3 { ++ return nil, nil, errors.New("invalid key length: insufficient data for private component") ++ } ++ pub = der[:1+keySize*2] ++ priv = der[1+keySize*2:] ++ return ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +new file mode 100644 +index 00000000000000..fb0e207a89ff67 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ecdsa.go +@@ -0,0 +1,181 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "runtime" ++) ++ ++type PrivateKeyECDSA struct { ++ _pkey C.SecKeyRef ++} ++ ++func (k *PrivateKeyECDSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++func (k *PrivateKeyECDSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PublicKeyECDSA struct { ++ _pkey C.SecKeyRef ++} ++ ++func (k *PublicKeyECDSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++func (k *PublicKeyECDSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++func NewPublicKeyECDSA(curve string, x, y BigInt) (*PublicKeyECDSA, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, errors.New("unsupported curve") ++ } ++ encodedKey, err := encodeToUncompressedAnsiX963Key(x, y, nil, keySize) ++ if err != nil { ++ return nil, errors.New("failed to encode public key to uncompressed ANSI X9.63 format") ++ } ++ ++ pubKeyRef, err := createSecKeyWithData(encodedKey, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ ++ pubKey := &PublicKeyECDSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(pubKey, (*PublicKeyECDSA).finalize) ++ return pubKey, nil ++} ++ ++// NewPrivateKeyECDSA creates a new ECDSA private key using the provided curve name and parameters (x, y, d). ++func NewPrivateKeyECDSA(curve string, x, y, d BigInt) (*PrivateKeyECDSA, error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, errors.New("unsupported curve") ++ } ++ encodedKey, err := encodeToUncompressedAnsiX963Key(x, y, d, keySize) ++ if err != nil { ++ return nil, errors.New("crypto/ecdsa: failed to encode private key: " + err.Error()) ++ } ++ ++ privKeyRef, err := createSecKeyWithData(encodedKey, C.kSecAttrKeyTypeECSECPrimeRandom, C.kSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Wrap and finalize ++ k := &PrivateKeyECDSA{_pkey: privKeyRef} ++ runtime.SetFinalizer(k, (*PrivateKeyECDSA).finalize) ++ return k, nil ++} ++ ++func GenerateKeyECDSA(curve string) (x, y, d BigInt, err error) { ++ keySize := curveToKeySizeInBytes(curve) ++ if keySize == 0 { ++ return nil, nil, nil, errors.New("unsupported curve") ++ } ++ ++ keySizeInBits := curveToKeySizeInBits(curve) ++ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeECSECPrimeRandom, keySizeInBits) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ defer C.CFRelease(C.CFTypeRef(privKeyRef)) ++ return decodeFromUncompressedAnsiX963Key(privKeyDER, keySize) ++} ++ ++func SignMarshalECDSA(priv *PrivateKeyECDSA, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypeECDSA, 0, hashed) ++} ++ ++func VerifyECDSA(pub *PublicKeyECDSA, hashed []byte, sig []byte) bool { ++ return evpVerify(pub.withKey, algorithmTypeECDSA, 0, hashed, sig) == nil ++} ++ ++// encodeToUncompressedAnsiX963Key encodes the given elliptic curve point (x, y) and optional private key (d) ++// into an uncompressed ANSI X9.63 format byte slice. ++func encodeToUncompressedAnsiX963Key(x, y, d BigInt, keySize int) ([]byte, error) { ++ // Build the uncompressed key point (0x04 || x || y { || d }) ++ size := 1 + keySize*2 ++ if d != nil { ++ size += keySize ++ } ++ out := make([]byte, size) ++ out[0] = 0x04 ++ err := encodeBigInt(out[1:], []sizedBigInt{ ++ {x, keySize}, {y, keySize}, ++ {d, keySize}, ++ }) ++ if err != nil { ++ return nil, err ++ } ++ return out, nil ++} ++ ++// decodeFromUncompressedAnsiX963Key decodes the given uncompressed ANSI X9.63 format byte slice into ++// the elliptic curve point (x, y) and optional private key (d). ++func decodeFromUncompressedAnsiX963Key(key []byte, keySize int) (x, y, d BigInt, err error) { ++ if len(key) < 1 || key[0] != 0x04 { ++ return nil, nil, nil, errors.New("invalid uncompressed key format") ++ } ++ if len(key) < 1+keySize*2 { ++ return nil, nil, nil, errors.New("invalid key length") ++ } ++ x = normalizeBigInt(key[1 : 1+keySize]) ++ y = normalizeBigInt(key[1+keySize : 1+keySize*2]) ++ if len(key) > 1+keySize*2 { ++ d = normalizeBigInt(key[1+keySize*2:]) ++ return x, y, d, nil ++ } ++ return x, y, nil, nil ++} ++ ++func normalizeBigInt(b []byte) BigInt { ++ // Remove leading zero bytes ++ for len(b) > 0 && b[0] == 0 { ++ b = b[1:] ++ } ++ return b ++} ++ ++// sizedBigInt defines a big integer with ++// a size that can be different from the ++// one provided by len(b). ++type sizedBigInt struct { ++ b BigInt ++ size int ++} ++ ++// encodeBigInt encodes ints into data. ++// It stops iterating over ints when it finds one nil element. ++func encodeBigInt(data []byte, ints []sizedBigInt) error { ++ for _, v := range ints { ++ if v.b == nil { ++ return nil ++ } ++ normalized := normalizeBigInt(v.b) ++ // b might be shorter than size if the original big number contained leading zeros. ++ leadingZeros := int(v.size) - len(normalized) ++ if leadingZeros < 0 { ++ return errors.New("commoncrypto: invalid parameters") ++ } ++ copy(data[leadingZeros:], normalized) ++ data = data[v.size:] ++ } ++ return nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +new file mode 100644 +index 00000000000000..f59e6f9af58cd4 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/ed25519.go +@@ -0,0 +1,100 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin && cgo ++ ++package xcrypto ++ ++import ( ++ "strconv" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++const ( ++ // publicKeySizeEd25519 is the size, in bytes, of public keys as used in crypto/ed25519. ++ publicKeySizeEd25519 = 32 ++ // privateKeySizeEd25519 is the size, in bytes, of private keys as used in crypto/ed25519. ++ privateKeySizeEd25519 = 64 ++ // signatureSizeEd25519 is the size, in bytes, of signatures generated and verified by crypto/ed25519. ++ signatureSizeEd25519 = 64 ++ // seedSizeEd25519 is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032. ++ seedSizeEd25519 = 32 ++) ++ ++// PublicKeyEd25519 represents an Ed25519 public key. ++type PublicKeyEd25519 []byte ++ ++// PrivateKeyEd25519 represents an Ed25519 private key. ++type PrivateKeyEd25519 []byte ++ ++func (k PrivateKeyEd25519) Public() PublicKeyEd25519 { ++ publicKey := make([]byte, publicKeySizeEd25519) ++ copy(publicKey, k[seedSizeEd25519:]) ++ return PublicKeyEd25519(publicKey) ++} ++ ++// GenerateKeyEd25519 generates a new Ed25519 private key. ++func GenerateKeyEd25519() PrivateKeyEd25519 { ++ pkeyPriv := make([]byte, privateKeySizeEd25519) ++ cryptokit.GenerateKeyEd25519(pkeyPriv) ++ return pkeyPriv ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ if len(priv) != privateKeySizeEd25519 { ++ panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) ++ } ++ return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) ++} ++ ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { ++ return k, nil ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ if len(pub) != publicKeySizeEd25519 { ++ panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) ++ } ++ pkey := make([]byte, publicKeySizeEd25519) ++ err := cryptokit.NewPublicKeyEd25519(pkey, pub) ++ if err != nil { ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { ++ return k, nil ++} ++ ++// NewPrivateKeyEd25519FromSeed calculates a private key from a seed. It will panic if ++// len(seed) is not [SeedSize]. RFC 8032's private keys correspond to seeds in this ++// package. ++// NewPrivateKeyEd25519FromSeed creates an Ed25519 private key from a seed. ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ if len(seed) != seedSizeEd25519 { ++ panic("ed25519: bad seed length: " + strconv.Itoa(len(seed))) ++ } ++ pkey := make([]byte, privateKeySizeEd25519) ++ err := cryptokit.NewPrivateKeyEd25519FromSeed(pkey, seed) ++ if err != nil { ++ return nil, err ++ } ++ return pkey, nil ++} ++ ++// SignEd25519 signs the message with priv and returns a signature. ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ sig := make([]byte, signatureSizeEd25519) ++ err := cryptokit.SignEd25519(sig, priv, message) ++ if err != nil { ++ return nil, err ++ } ++ return sig, nil ++} ++ ++// VerifyEd25519 reports whether sig is a valid signature of message by pub. ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ return cryptokit.VerifyEd25519(pub, message, sig) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +new file mode 100644 +index 00000000000000..fcdce4c49b6723 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/evp.go +@@ -0,0 +1,338 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "unsafe" ++) ++ ++type algorithmType int ++ ++const ( ++ algorithmTypePSS algorithmType = iota ++ algorithmTypeRAW ++ algorithmTypePKCS1v15Enc ++ algorithmTypePKCS1v15Sig ++ algorithmTypeOAEP ++ algorithmTypeECDSA ++) ++ ++// Algorithm maps for translating crypto.Hash to SecKeyAlgorithm. ++var ( ++ rsaRaw = map[crypto.Hash]C.CFStringRef{ ++ 0: C.kSecKeyAlgorithmRSAEncryptionRaw, ++ } ++ rsaPKCS1v15Algorithms = map[crypto.Hash]C.CFStringRef{ ++ crypto.SHA1: C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA1, ++ crypto.SHA224: C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA224, ++ crypto.SHA256: C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA256, ++ crypto.SHA384: C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA384, ++ crypto.SHA512: C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15SHA512, ++ 0: C.kSecKeyAlgorithmRSASignatureDigestPKCS1v15Raw, ++ } ++ rsaPSSAlgorithms = map[crypto.Hash]C.CFStringRef{ ++ crypto.SHA1: C.kSecKeyAlgorithmRSASignatureDigestPSSSHA1, ++ crypto.SHA224: C.kSecKeyAlgorithmRSASignatureDigestPSSSHA224, ++ crypto.SHA256: C.kSecKeyAlgorithmRSASignatureDigestPSSSHA256, ++ crypto.SHA384: C.kSecKeyAlgorithmRSASignatureDigestPSSSHA384, ++ crypto.SHA512: C.kSecKeyAlgorithmRSASignatureDigestPSSSHA512, ++ } ++ rsaOAEPAlgorithms = map[crypto.Hash]C.CFStringRef{ ++ crypto.SHA1: C.kSecKeyAlgorithmRSAEncryptionOAEPSHA1, ++ crypto.SHA224: C.kSecKeyAlgorithmRSAEncryptionOAEPSHA224, ++ crypto.SHA256: C.kSecKeyAlgorithmRSAEncryptionOAEPSHA256, ++ crypto.SHA384: C.kSecKeyAlgorithmRSAEncryptionOAEPSHA384, ++ crypto.SHA512: C.kSecKeyAlgorithmRSAEncryptionOAEPSHA512, ++ } ++) ++ ++type withKeyFunc func(func(C.SecKeyRef) C.int) C.int ++ ++// Encrypt encrypts a plaintext message using a given key and algorithm. ++func evpEncrypt(withKey withKeyFunc, algorithmType algorithmType, plaintext []byte, hash hash.Hash) ([]byte, error) { ++ var cryptoHash crypto.Hash ++ if hash != nil { ++ var err error ++ cryptoHash, err = hashToCryptoHash(hash) ++ if err != nil { ++ return nil, err ++ } ++ } ++ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ dataRef := bytesToCFData(plaintext) ++ defer cfRelease(unsafe.Pointer(dataRef)) ++ ++ var encryptedDataRef C.CFDataRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeEncrypt, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ encryptedDataRef = C.SecKeyCreateEncryptedData(key, algorithm, dataRef, nil) ++ if encryptedDataRef == 0 { ++ return -1 // Encryption failed ++ } ++ return 0 ++ }) ++ if result != 0 { ++ return nil, errors.New("encryption failed") ++ } ++ defer cfRelease(unsafe.Pointer(encryptedDataRef)) ++ ++ return cfDataToBytes(encryptedDataRef), nil ++} ++ ++// Decrypt decrypts a ciphertext using a given key and algorithm. ++func evpDecrypt(withKey withKeyFunc, algorithmType algorithmType, ciphertext []byte, hash hash.Hash) ([]byte, error) { ++ var cryptoHash crypto.Hash ++ if hash != nil { ++ var err error ++ cryptoHash, err = hashToCryptoHash(hash) ++ if err != nil { ++ return nil, err ++ } ++ } ++ algorithm, err := selectAlgorithm(cryptoHash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ msg := bytesToCFData(ciphertext) ++ ++ var decryptedDataRef C.CFDataRef ++ var cfErr C.CFErrorRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeDecrypt, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ decryptedDataRef = C.SecKeyCreateDecryptedData(key, algorithm, msg, &cfErr) ++ if decryptedDataRef == 0 { ++ return -1 // Decryption failed ++ } ++ return 0 // Success ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ ++ if result != 0 || decryptedDataRef == 0 { ++ return nil, errors.New("decryption failed") ++ } ++ defer cfRelease(unsafe.Pointer(decryptedDataRef)) ++ ++ return cfDataToBytes(decryptedDataRef), nil ++} ++ ++func evpSign(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed []byte) ([]byte, error) { ++ algorithm, err := selectAlgorithm(hash, algorithmType) ++ if err != nil { ++ return nil, err ++ } ++ ++ var signedDataRef C.CFDataRef ++ var cfErr C.CFErrorRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeSign, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ signedDataRef = C.SecKeyCreateSignature(key, algorithm, bytesToCFData(hashed), &cfErr) ++ if signedDataRef == 0 { ++ return -1 // Signing failed ++ } ++ return 0 // Success ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return nil, err ++ } ++ ++ if result != 0 || signedDataRef == 0 { ++ return nil, errors.New("signing failed") ++ } ++ defer cfRelease(unsafe.Pointer(signedDataRef)) ++ ++ return cfDataToBytes(signedDataRef), nil ++} ++ ++func evpVerify(withKey withKeyFunc, algorithmType algorithmType, hash crypto.Hash, hashed, signature []byte) error { ++ algorithm, err := selectAlgorithm(hash, algorithmType) ++ if err != nil { ++ return err ++ } ++ ++ var cfErr C.CFErrorRef ++ result := withKey(func(key C.SecKeyRef) C.int { ++ if C.SecKeyIsAlgorithmSupported(key, C.kSecKeyOperationTypeVerify, algorithm) != 1 { ++ return -1 // Algorithm not supported by the key ++ } ++ if C.SecKeyVerifySignature(key, algorithm, bytesToCFData(hashed), bytesToCFData(signature), &cfErr) != 1 { ++ return -1 // Verification failed ++ } ++ return 0 // Success ++ }) ++ ++ if err := goCFErrorRef(cfErr); err != nil { ++ return err ++ } ++ ++ if result != 0 { ++ return errors.New("verification failed") ++ } ++ return nil ++} ++ ++// hashToCryptoHash converts a hash.Hash to a crypto.Hash. ++func hashToCryptoHash(hash hash.Hash) (crypto.Hash, error) { ++ switch hash.(type) { ++ case *sha1Hash: ++ return crypto.SHA1, nil ++ case *sha224Hash: ++ return crypto.SHA224, nil ++ case *sha256Hash: ++ return crypto.SHA256, nil ++ case *sha384Hash: ++ return crypto.SHA384, nil ++ case *sha512Hash: ++ return crypto.SHA512, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} ++ ++// selectAlgorithm selects the appropriate SecKeyAlgorithm based on hash and algorithm type. ++func selectAlgorithm(hash crypto.Hash, algorithmType algorithmType) (C.CFStringRef, error) { ++ var algorithmMap map[crypto.Hash]C.CFStringRef ++ switch algorithmType { ++ case algorithmTypePSS: ++ algorithmMap = rsaPSSAlgorithms ++ case algorithmTypeRAW: ++ algorithmMap = rsaRaw ++ case algorithmTypePKCS1v15Enc: ++ return C.kSecKeyAlgorithmRSAEncryptionPKCS1, nil ++ case algorithmTypePKCS1v15Sig: ++ algorithmMap = rsaPKCS1v15Algorithms ++ case algorithmTypeOAEP: ++ algorithmMap = rsaOAEPAlgorithms ++ case algorithmTypeECDSA: ++ return C.kSecKeyAlgorithmECDSASignatureDigestX962, nil ++ default: ++ return 0, errors.New("unsupported algorithm type") ++ } ++ ++ algorithm, ok := algorithmMap[hash] ++ if !ok { ++ return 0, errors.New("unsupported combination of algorithm type and hash") ++ } ++ ++ return algorithm, nil ++} ++ ++// bytesToCFData turns a byte slice into a CFDataRef. Caller then "owns" the ++// CFDataRef and must CFRelease the CFDataRef when done. ++func bytesToCFData(buf []byte) C.CFDataRef { ++ return C.CFDataCreate(C.kCFAllocatorDefault, base(buf), C.CFIndex(len(buf))) ++} ++ ++// cfDataToBytes turns a CFDataRef into a byte slice. ++func cfDataToBytes(cfData C.CFDataRef) []byte { ++ return C.GoBytes(unsafe.Pointer(C.CFDataGetBytePtr(cfData)), C.int(C.CFDataGetLength(cfData))) ++} ++ ++// cfRelease releases a CoreFoundation object. ++func cfRelease(ref unsafe.Pointer) { ++ C.CFRelease(C.CFTypeRef(ref)) ++} ++ ++// createSecKeyWithData creates a SecKey from the provided encoded key and attributes dictionary. ++func createSecKeyWithData(encodedKey []byte, keyType, keyClass C.CFStringRef) (C.SecKeyRef, error) { ++ encodedKeyCF := C.CFDataCreate(C.kCFAllocatorDefault, base(encodedKey), C.CFIndex(len(encodedKey))) ++ if encodedKeyCF == 0 { ++ return 0, errors.New("xcrypto: failed to create CFData for private key") ++ } ++ defer C.CFRelease(C.CFTypeRef(encodedKeyCF)) ++ ++ attrKeys := []C.CFTypeRef{ ++ C.CFTypeRef(C.kSecAttrKeyType), ++ C.CFTypeRef(C.kSecAttrKeyClass), ++ } ++ ++ attrValues := []C.CFTypeRef{ ++ C.CFTypeRef(keyType), ++ C.CFTypeRef(keyClass), ++ } ++ ++ // Create attributes dictionary for the key ++ attrDict := C.CFDictionaryCreate( ++ C.kCFAllocatorDefault, ++ (*unsafe.Pointer)(unsafe.Pointer(&attrKeys[0])), ++ (*unsafe.Pointer)(unsafe.Pointer(&attrValues[0])), ++ C.CFIndex(len(attrKeys)), ++ nil, ++ nil, ++ ) ++ if attrDict == 0 { ++ return 0, errors.New("xcrypto: failed to create attributes dictionary") ++ } ++ defer C.CFRelease(C.CFTypeRef(attrDict)) ++ ++ // Generate the SecKey ++ var errorRef C.CFErrorRef ++ key := C.SecKeyCreateWithData(encodedKeyCF, attrDict, &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return 0, err ++ } ++ return key, nil ++} ++ ++// createSecKeyRandom creates a new SecKey with the provided attributes dictionary. ++func createSecKeyRandom(keyType C.CFStringRef, keySize int) ([]byte, C.SecKeyRef, error) { ++ keyAttrs := C.CFDictionaryCreateMutable(C.kCFAllocatorDefault, 0, nil, nil) ++ if keyAttrs == 0 { ++ return nil, 0, errors.New("failed to create key attributes dictionary") ++ } ++ defer C.CFRelease(C.CFTypeRef(keyAttrs)) ++ ++ C.CFDictionarySetValue( ++ keyAttrs, ++ unsafe.Pointer(C.kSecAttrKeyType), ++ unsafe.Pointer(keyType), ++ ) ++ ++ C.CFDictionarySetValue( ++ keyAttrs, ++ unsafe.Pointer(C.kSecAttrKeySizeInBits), ++ unsafe.Pointer(C.CFNumberCreate(C.kCFAllocatorDefault, C.kCFNumberIntType, unsafe.Pointer(&keySize))), ++ ) ++ ++ // Generate the private key ++ var errorRef C.CFErrorRef ++ var privKeyRef C.SecKeyRef = C.SecKeyCreateRandomKey(C.CFDictionaryRef(keyAttrs), &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, 0, err ++ } ++ ++ // Export the private key as DER ++ privData := C.SecKeyCopyExternalRepresentation(privKeyRef, &errorRef) ++ if err := goCFErrorRef(errorRef); err != nil { ++ return nil, 0, err ++ } ++ defer C.CFRelease(C.CFTypeRef(privData)) ++ ++ privKeyDER := cfDataToBytes(privData) ++ if privKeyDER == nil { ++ return nil, 0, errors.New("failed to convert CFData to bytes") ++ } ++ return privKeyDER, privKeyRef, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go +new file mode 100644 +index 00000000000000..2618e53134e915 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go +@@ -0,0 +1,391 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "unsafe" ++) ++ ++// NOTE: Implementation ported from https://go-review.googlesource.com/c/go/+/404295. ++// The cgo calls in this file are arranged to avoid marking the parameters as escaping. ++// To do that, we call noescape (including via addr). ++// We must also make sure that the data pointer arguments have the form unsafe.Pointer(&...) ++// so that cgo does not annotate them with cgoCheckPointer calls. If it did that, it might look ++// beyond the byte slice and find Go pointers in unprocessed parts of a larger allocation. ++// To do both of these simultaneously, the idiom is unsafe.Pointer(&*addr(p)), ++// where addr returns the base pointer of p, substituting a non-nil pointer for nil, ++// and applying a noescape along the way. ++// This is all to preserve compatibility with the allocation behavior of the non-commoncrypto implementations. ++ ++// SupportsHash returns true if a hash.Hash implementation is supported for h. ++func SupportsHash(h crypto.Hash) bool { ++ switch h { ++ case crypto.MD4, crypto.MD5, crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512: ++ return true ++ default: ++ return false ++ } ++} ++ ++func MD4(p []byte) (sum [16]byte) { ++ result := C.CC_MD4(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: MD4 failed") ++ } ++ return ++} ++ ++func MD5(p []byte) (sum [16]byte) { ++ result := C.CC_MD5(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: MD5 failed") ++ } ++ return ++} ++ ++func SHA1(p []byte) (sum [20]byte) { ++ result := C.CC_SHA1(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: SHA1 failed") ++ } ++ return ++} ++ ++func SHA224(p []byte) (sum [28]byte) { ++ result := C.CC_SHA224(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: SHA224 failed") ++ } ++ return ++} ++ ++func SHA256(p []byte) (sum [32]byte) { ++ result := C.CC_SHA256(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: SHA256 failed") ++ } ++ return ++} ++ ++func SHA384(p []byte) (sum [48]byte) { ++ result := C.CC_SHA384(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: SHA384 failed") ++ } ++ return ++} ++ ++func SHA512(p []byte) (sum [64]byte) { ++ result := C.CC_SHA512(unsafe.Pointer(&*addr(p)), C.CC_LONG(len(p)), (*C.uchar)(&*addr(sum[:]))) ++ if result == nil { ++ panic("commoncrypto: SHA512 failed") ++ } ++ return ++} ++ ++// cloneHash is an interface that defines a Clone method. ++// ++// hash.CloneHash will probably be added in Go 1.25, see https://golang.org/issue/69521, ++// but we need it now. ++type cloneHash interface { ++ hash.Hash ++ // Clone returns a separate Hash instance with the same state as h. ++ Clone() hash.Hash ++} ++ ++var _ hash.Hash = (*evpHash)(nil) ++var _ cloneHash = (*evpHash)(nil) ++ ++// evpHash implements generic hash methods. ++type evpHash struct { ++ ctx unsafe.Pointer ++ // ctx2 is used in evpHash.sum to avoid changing ++ // the state of ctx. Having it here allows reusing the ++ // same allocated object multiple times. ++ ctx2 unsafe.Pointer ++ init func(ctx unsafe.Pointer) C.int ++ update func(ctx unsafe.Pointer, data []byte) C.int ++ final func(ctx unsafe.Pointer, digest []byte) C.int ++ blockSize int ++ size int ++ ctxSize int ++} ++ ++func newEvpHash(init func(ctx unsafe.Pointer) C.int, update func(ctx unsafe.Pointer, data []byte) C.int, final func(ctx unsafe.Pointer, digest []byte) C.int, ctxSize, blockSize, size int) *evpHash { ++ h := &evpHash{ ++ init: init, ++ update: update, ++ final: final, ++ blockSize: blockSize, ++ size: size, ++ ctxSize: ctxSize, ++ } ++ runtime.SetFinalizer(h, (*evpHash).finalize) ++ return h ++} ++ ++func (h *evpHash) finalize() { ++ if h.ctx != nil { ++ C.free(h.ctx) ++ } ++ if h.ctx2 != nil { ++ C.free(h.ctx2) ++ } ++} ++ ++func (h *evpHash) initialize() { ++ if h.ctx == nil { ++ h.ctx = C.malloc(C.size_t(h.ctxSize)) ++ h.ctx2 = C.malloc(C.size_t(h.ctxSize)) ++ if h.init(h.ctx) != 1 { ++ C.free(h.ctx) ++ C.free(h.ctx2) ++ panic("commoncrypto: initialization failed") ++ } ++ } ++} ++ ++func (h *evpHash) Reset() { ++ if h.ctx == nil { ++ // The hash is not initialized yet, no need to reset. ++ return ++ } ++ // There is no need to reset h.ctx2 because it is always reset after ++ // use in evpHash.sum. ++ h.init(h.ctx) ++ runtime.KeepAlive(h) ++} ++ ++func (h *evpHash) Write(p []byte) (int, error) { ++ h.initialize() ++ if len(p) > 0 { ++ // Use a local variable to prevent the compiler from misinterpreting the pointer ++ data := p ++ if h.update(h.ctx, data) != 1 { ++ return 0, errors.New("commoncrypto: Update function failed") ++ } ++ } ++ runtime.KeepAlive(h) // Ensure the hash object is not garbage-collected ++ return len(p), nil ++} ++ ++func (h *evpHash) WriteString(s string) (int, error) { ++ h.initialize() ++ if len(s) > 0 { ++ data := []byte(s) ++ if h.update(h.ctx, data) != 1 { ++ return 0, errors.New("commoncrypto: Update function failed") ++ } ++ } ++ runtime.KeepAlive(h) ++ return len(s), nil ++} ++ ++func (h *evpHash) WriteByte(c byte) error { ++ h.initialize() ++ if h.update(h.ctx, []byte{c}) != 1 { ++ return errors.New("commoncrypto: Update function failed") ++ } ++ runtime.KeepAlive(h) ++ return nil ++} ++func (h *evpHash) Size() int { ++ return h.size ++} ++ ++func (h *evpHash) BlockSize() int { ++ return h.blockSize ++} ++ ++func (h *evpHash) Sum(b []byte) []byte { ++ h.initialize() ++ digest := make([]byte, h.size) ++ C.memcpy(h.ctx2, h.ctx, C.size_t(h.ctxSize)) ++ h.final(h.ctx2, digest) ++ return append(b, digest...) ++} ++ ++// Clone returns a new evpHash object that is a deep clone of itself. ++// The duplicate object contains all state and data contained in the ++// original object at the point of duplication. ++func (h *evpHash) Clone() hash.Hash { ++ h.initialize() ++ cloned := &evpHash{ ++ init: h.init, ++ update: h.update, ++ final: h.final, ++ blockSize: h.blockSize, ++ size: h.size, ++ ctxSize: h.ctxSize, ++ } ++ cloned.ctx = C.malloc(C.size_t(h.ctxSize)) ++ cloned.ctx2 = C.malloc(C.size_t(h.ctxSize)) ++ C.memcpy(cloned.ctx, h.ctx, C.size_t(h.ctxSize)) ++ C.memcpy(cloned.ctx2, h.ctx2, C.size_t(h.ctxSize)) ++ runtime.SetFinalizer(cloned, (*evpHash).finalize) ++ runtime.KeepAlive(h) ++ return cloned ++} ++ ++type md4Hash struct { ++ *evpHash ++} ++ ++// NewMD4 initializes a new MD4 hasher. ++func NewMD4() hash.Hash { ++ return &md4Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_MD4_Init((*C.CC_MD4_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_MD4_Update((*C.CC_MD4_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_MD4_Final(base(digest), (*C.CC_MD4_CTX)(ctx)) ++ }, ++ C.sizeof_CC_MD4_CTX, ++ C.CC_MD4_BLOCK_BYTES, ++ C.CC_MD4_DIGEST_LENGTH, ++ ), ++ } ++} ++ ++type md5Hash struct { ++ *evpHash ++} ++ ++// NewMD5 initializes a new MD5 hasher. ++func NewMD5() hash.Hash { ++ return &md5Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_MD5_Init((*C.CC_MD5_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_MD5_Update((*C.CC_MD5_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_MD5_Final(base(digest), (*C.CC_MD5_CTX)(ctx)) ++ }, ++ C.sizeof_CC_MD5_CTX, ++ C.CC_MD5_BLOCK_BYTES, ++ C.CC_MD5_DIGEST_LENGTH, ++ ), ++ } ++} ++ ++type sha1Hash struct { ++ *evpHash ++} ++ ++// NewSHA1 initializes a new SHA1 hasher. ++func NewSHA1() hash.Hash { ++ return &sha1Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_SHA1_Init((*C.CC_SHA1_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_SHA1_Update((*C.CC_SHA1_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_SHA1_Final(base(digest), (*C.CC_SHA1_CTX)(ctx)) ++ }, ++ C.sizeof_CC_SHA1_CTX, ++ C.CC_SHA1_BLOCK_BYTES, ++ C.CC_SHA1_DIGEST_LENGTH, ++ ), ++ } ++} ++ ++type sha224Hash struct { ++ *evpHash ++} ++ ++// NewSHA224 initializes a new SHA224 hasher. ++func NewSHA224() hash.Hash { ++ return &sha224Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_SHA224_Init((*C.CC_SHA256_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_SHA224_Update((*C.CC_SHA256_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_SHA224_Final(base(digest), (*C.CC_SHA256_CTX)(ctx)) ++ }, ++ C.sizeof_CC_SHA256_CTX, ++ C.CC_SHA224_BLOCK_BYTES, ++ C.CC_SHA224_DIGEST_LENGTH, ++ ), ++ } ++} ++ ++type sha256Hash struct { ++ *evpHash ++} ++ ++// NewSHA256 initializes a new SHA256 hasher. ++func NewSHA256() hash.Hash { ++ return &sha256Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_SHA256_Init((*C.CC_SHA256_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_SHA256_Update((*C.CC_SHA256_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_SHA256_Final(base(digest), (*C.CC_SHA256_CTX)(ctx)) ++ }, ++ C.sizeof_CC_SHA256_CTX, ++ C.CC_SHA256_BLOCK_BYTES, ++ C.CC_SHA256_DIGEST_LENGTH, ++ ), ++ } ++} ++ ++type sha384Hash struct { ++ *evpHash ++} ++ ++// NewSHA384 initializes a new SHA384 hasher. ++func NewSHA384() hash.Hash { ++ return &sha384Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_SHA384_Init((*C.CC_SHA512_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_SHA384_Update((*C.CC_SHA512_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_SHA384_Final(base(digest), (*C.CC_SHA512_CTX)(ctx)) ++ }, ++ C.sizeof_CC_SHA512_CTX, ++ C.CC_SHA384_BLOCK_BYTES, ++ C.CC_SHA384_DIGEST_LENGTH, ++ ), ++ } ++} ++ ++type sha512Hash struct { ++ *evpHash ++} ++ ++// NewSHA512 initializes a new SHA512 hasher. ++func NewSHA512() hash.Hash { ++ return &sha512Hash{ ++ evpHash: newEvpHash( ++ func(ctx unsafe.Pointer) C.int { return C.CC_SHA512_Init((*C.CC_SHA512_CTX)(ctx)) }, ++ func(ctx unsafe.Pointer, data []byte) C.int { ++ return C.CC_SHA512_Update((*C.CC_SHA512_CTX)(ctx), unsafe.Pointer(&*addr(data)), C.CC_LONG(len(data))) ++ }, ++ func(ctx unsafe.Pointer, digest []byte) C.int { ++ return C.CC_SHA512_Final(base(digest), (*C.CC_SHA512_CTX)(ctx)) ++ }, ++ C.sizeof_CC_SHA512_CTX, ++ C.CC_SHA512_BLOCK_BYTES, ++ C.CC_SHA512_DIGEST_LENGTH, ++ ), ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go +new file mode 100644 +index 00000000000000..3cc2d5d31927e0 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hkdf.go +@@ -0,0 +1,66 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin && cgo ++ ++package xcrypto ++ ++import ( ++ "errors" ++ "hash" ++ ++ "github.com/microsoft/go-crypto-darwin/internal/cryptokit" ++) ++ ++// ExtractHKDF performs the extract step of HKDF using the specified hash function. ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ // Handle empty secret ++ if len(secret) == 0 { ++ return nil, errors.New("secret cannot be empty") ++ } ++ ++ hash, err := hashToCryptoHash(h()) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Default salt to a zero-filled array if not provided ++ if len(salt) == 0 { ++ salt = make([]byte, hash.Size()) ++ } ++ ++ prk, err := cryptokit.ExtractHKDF(hash, secret, salt) ++ if err != nil { ++ return nil, err ++ } ++ ++ return prk, nil ++} ++ ++// ExpandHKDF performs the expand step of HKDF using the specified hash function. ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ // Handle empty secret ++ if len(pseudorandomKey) == 0 { ++ return nil, errors.New("pseudorandom key cannot be empty") ++ } ++ ++ hash, err := hashToCryptoHash(h()) ++ if err != nil { ++ return nil, err ++ } ++ ++ // Determine the maximum expandable key length based on the hash function ++ maxAllowedLength := hash.Size() * 255 ++ ++ // Validate requested key length ++ if keyLength > maxAllowedLength { ++ return nil, errors.New("requested key length exceeds maximum allowable size") ++ } ++ ++ expandedKey, err := cryptokit.ExpandHKDF(hash, pseudorandomKey, info, keyLength) ++ if err != nil { ++ return nil, err ++ } ++ ++ return expandedKey, nil ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go +new file mode 100644 +index 00000000000000..1b22b0a331f825 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hmac.go +@@ -0,0 +1,113 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "hash" ++ "runtime" ++ "slices" ++ "unsafe" ++) ++ ++// commonCryptoHMAC encapsulates an HMAC using xcrypto. ++type commonCryptoHMAC struct { ++ ctx C.CCHmacContext ++ alg C.CCAlgorithm ++ key []byte ++ output []byte ++ size int ++ blockSize int ++} ++ ++// NewHMAC returns a new HMAC using xcrypto. ++// The function h must return a hash implemented by ++// CommonCrypto (for example, h could be xcrypto.NewSHA256). ++// If h is not recognized, NewHMAC returns nil. ++func NewHMAC(fh func() hash.Hash, key []byte) hash.Hash { ++ h := fh() ++ ccDigest, err := hashToCCDigestHMAC(h) ++ if err != nil { ++ return nil // Unsupported hash function. ++ } ++ ++ // Handle empty key case to match CommonCrypto's behavior. ++ if len(key) == 0 { ++ key = make([]byte, C.CC_SHA512_DIGEST_LENGTH) ++ } else { ++ key = slices.Clone(key) ++ } ++ ++ hmac := &commonCryptoHMAC{ ++ alg: ccDigest, ++ key: key, ++ size: h.Size(), ++ blockSize: h.BlockSize(), ++ } ++ ++ // Initialize the HMAC context with xcrypto. ++ C.CCHmacInit(&hmac.ctx, hmac.alg, pbase(hmac.key), C.size_t(len(hmac.key))) ++ return hmac ++} ++ ++// Write adds more data to the running HMAC hash. ++func (h *commonCryptoHMAC) Write(p []byte) (int, error) { ++ if len(p) > 0 { ++ C.CCHmacUpdate(&h.ctx, unsafe.Pointer(&*addr(p)), C.size_t(len(p))) ++ } ++ runtime.KeepAlive(h) ++ return len(p), nil ++} ++ ++// Sum appends the current HMAC of the data to `in`. ++func (h *commonCryptoHMAC) Sum(in []byte) []byte { ++ if h.output == nil { ++ h.output = make([]byte, h.size) ++ } ++ // Copy the context to preserve it for further operations after Sum is called. ++ hmacCtxCopy := h.ctx ++ C.CCHmacFinal(&hmacCtxCopy, pbase(h.output)) ++ return append(in, h.output...) ++} ++ ++// Reset resets the HMAC state to initial values. ++func (h *commonCryptoHMAC) Reset() { ++ // Re-initialize the HMAC context with the stored key and algorithm. ++ C.CCHmacInit(&h.ctx, h.alg, pbase(h.key), C.size_t(len(h.key))) ++ runtime.KeepAlive(h) ++} ++ ++// Size returns the size of the HMAC output. ++func (h commonCryptoHMAC) Size() int { ++ return h.size ++} ++ ++// BlockSize returns the block size of the underlying hash function. ++func (h commonCryptoHMAC) BlockSize() int { ++ return h.blockSize ++} ++ ++// Mapping Go hash functions to CommonCrypto hash constants ++func hashToCCDigestHMAC(hash hash.Hash) (C.CCAlgorithm, error) { ++ switch hash.(type) { ++ case *md5Hash: ++ return C.kCCHmacAlgMD5, nil ++ case *sha1Hash: ++ return C.kCCHmacAlgSHA1, nil ++ case *sha224Hash: ++ return C.kCCHmacAlgSHA224, nil ++ case *sha256Hash: ++ return C.kCCHmacAlgSHA256, nil ++ case *sha384Hash: ++ return C.kCCHmacAlgSHA384, nil ++ case *sha512Hash: ++ return C.kCCHmacAlgSHA512, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +new file mode 100644 +index 00000000000000..e49dc1c0de3cef +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/pbkdf2.go +@@ -0,0 +1,65 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "hash" ++ "unsafe" ++) ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ // Map Go hash function to CommonCrypto hash constant ++ ccDigest, err := hashToCCDigestPBKDF2(fh()) ++ if err != nil { ++ return nil, err ++ } ++ ++ if len(password) == 0 { ++ // CommonCrypto requires a non-empty password ++ // Substitute empty password with placeholder ++ password = make([]byte, 1) ++ } ++ ++ // Allocate output buffer for the derived key ++ derivedKey := make([]byte, keyLen) ++ ++ // Call CommonCrypto's PBKDF2 implementation ++ status := C.CCKeyDerivationPBKDF( ++ C.kCCPBKDF2, // PBKDF2 algorithm ++ sbase(password), C.size_t(len(password)), // Password and its length ++ base(salt), C.size_t(len(salt)), // Salt and its length ++ ccDigest, // Digest algorithm ++ C.uint(iter), // Iteration count ++ (*C.uchar)(unsafe.Pointer(&derivedKey[0])), C.size_t(keyLen), // Output buffer for derived key and its length ++ ) ++ ++ if status != C.kCCSuccess { ++ return nil, errors.New("PBKDF2 key derivation failed") ++ } ++ ++ return derivedKey, nil ++} ++ ++// Mapping Go hash functions to CommonCrypto hash constants ++func hashToCCDigestPBKDF2(hash hash.Hash) (C.CCAlgorithm, error) { ++ switch hash.(type) { ++ case *sha1Hash: ++ return C.kCCPRFHmacAlgSHA1, nil ++ case *sha224Hash: ++ return C.kCCPRFHmacAlgSHA224, nil ++ case *sha256Hash: ++ return C.kCCPRFHmacAlgSHA256, nil ++ case *sha384Hash: ++ return C.kCCPRFHmacAlgSHA384, nil ++ case *sha512Hash: ++ return C.kCCPRFHmacAlgSHA512, nil ++ default: ++ return 0, errors.New("unsupported hash function") ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +new file mode 100644 +index 00000000000000..e58c0b3b19a68b +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rand.go +@@ -0,0 +1,26 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "unsafe" ++) ++ ++type randReader int ++ ++func (randReader) Read(b []byte) (int, error) { ++ // Note: RAND_bytes should never fail; the return value exists only for historical reasons. ++ // We check it even so. ++ if len(b) > 0 && C.SecRandomCopyBytes(C.kSecRandomDefault, C.size_t(len(b)), unsafe.Pointer(&b[0])) != 0 { ++ return 0, errors.New("crypto/rand: unable to read from source") ++ } ++ return len(b), nil ++} ++ ++const RandReader = randReader(0) +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +new file mode 100644 +index 00000000000000..415889c4f1bdd2 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rc4.go +@@ -0,0 +1,83 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "errors" ++ "runtime" ++ "slices" ++ "unsafe" ++) ++ ++// RC4Cipher is an instance of RC4 using a particular key. ++type RC4Cipher struct { ++ ctx C.CCCryptorRef ++} ++ ++// NewRC4Cipher creates and returns a new RC4 cipher with the given key. ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { ++ // Clone the key to prevent modification. ++ key = slices.Clone(key) ++ var ctx C.CCCryptorRef ++ status := C.CCCryptorCreate( ++ C.kCCEncrypt, // Operation (RC4 stream) ++ C.kCCAlgorithmRC4, // Algorithm ++ 0, // No padding or other options ++ pbase(key), // Key ++ C.size_t(len(key)), // Key length ++ nil, // No IV needed for RC4 ++ &ctx, // Output: CCCryptorRef ++ ) ++ if status != C.kCCSuccess { ++ return nil, errors.New("failed to create RC4 cipher") ++ } ++ c := &RC4Cipher{ctx: ctx} ++ runtime.SetFinalizer(c, (*RC4Cipher).finalize) ++ return c, nil ++} ++ ++// finalize releases the RC4 cipher context when no longer needed. ++func (c *RC4Cipher) finalize() { ++ if c.ctx != nil { ++ C.CCCryptorRelease(c.ctx) ++ } ++} ++ ++// Reset zeros the key data and makes the cipher unusable. ++func (c *RC4Cipher) Reset() { ++ if c.ctx != nil { ++ C.CCCryptorRelease(c.ctx) ++ c.ctx = nil ++ } ++} ++ ++// XORKeyStream sets dst to the result of XORing src with the key stream. ++func (c *RC4Cipher) XORKeyStream(dst, src []byte) { ++ if c.ctx == nil || len(src) == 0 { ++ return ++ } ++ if inexactOverlap(dst[:len(src)], src) { ++ panic("crypto/rc4: invalid buffer overlap") ++ } ++ // Ensures `dst` has sufficient space. ++ _ = dst[len(src)-1] ++ var outLen C.size_t ++ status := C.CCCryptorUpdate( ++ c.ctx, ++ unsafe.Pointer(&*addr(src)), C.size_t(len(src)), // Input ++ unsafe.Pointer(&*addr(dst)), C.size_t(len(dst)), // Output ++ &outLen, ++ ) ++ if status != C.kCCSuccess { ++ panic("crypto/cipher: CCCryptorUpdate failed") ++ } ++ if int(outLen) != len(src) { ++ panic("crypto/rc4: src not fully XORed") ++ } ++ runtime.KeepAlive(c) ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +new file mode 100644 +index 00000000000000..63df684569e671 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/rsa.go +@@ -0,0 +1,194 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #include ++import "C" ++import ( ++ "crypto" ++ "errors" ++ "hash" ++ "runtime" ++ "strconv" ++) ++ ++// GenerateKeyRSA generates an RSA key pair on macOS. ++// asn1Data is encoded as PKCS#1 ASN1 DER. ++func GenerateKeyRSA(bits int) (asn1Data []byte, err error) { ++ privKeyDER, privKeyRef, err := createSecKeyRandom(C.kSecAttrKeyTypeRSA, bits) ++ if err != nil { ++ return nil, err ++ } ++ C.CFRelease(C.CFTypeRef(privKeyRef)) ++ return privKeyDER, nil ++} ++ ++type PublicKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey C.SecKeyRef ++} ++ ++func (k *PublicKeyRSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++// NewPublicKeyRSA creates a new RSA public key from ASN1 DER encoded data. ++func NewPublicKeyRSA(asn1Data []byte) (*PublicKeyRSA, error) { ++ pubKeyRef, err := createSecKeyWithData(asn1Data, C.kSecAttrKeyTypeRSA, C.kSecAttrKeyClassPublic) ++ if err != nil { ++ return nil, err ++ } ++ ++ key := &PublicKeyRSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(key, (*PublicKeyRSA).finalize) ++ return key, nil ++} ++ ++func (k *PublicKeyRSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ // Because of the finalizer, any time key is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++type PrivateKeyRSA struct { ++ // _pkey MUST NOT be accessed directly. Instead, use the withKey method. ++ _pkey C.SecKeyRef ++} ++ ++func (k *PrivateKeyRSA) finalize() { ++ if k._pkey != 0 { ++ C.CFRelease(C.CFTypeRef(k._pkey)) ++ } ++} ++ ++// NewPrivateKeyRSA creates a new RSA private key from ASN1 DER encoded data. ++func NewPrivateKeyRSA(asn1Data []byte) (*PrivateKeyRSA, error) { ++ privKeyRef, err := createSecKeyWithData(asn1Data, C.kSecAttrKeyTypeRSA, C.kSecAttrKeyClassPrivate) ++ if err != nil { ++ return nil, err ++ } ++ ++ key := &PrivateKeyRSA{_pkey: privKeyRef} ++ runtime.SetFinalizer(key, (*PrivateKeyRSA).finalize) ++ return key, nil ++} ++ ++func (k *PrivateKeyRSA) PublicKey() *PublicKeyRSA { ++ var pubKeyRef C.SecKeyRef ++ k.withKey(func(key C.SecKeyRef) C.int { ++ pubKeyRef = C.SecKeyCopyPublicKey(k._pkey) ++ return 0 ++ }) ++ pubKey := &PublicKeyRSA{_pkey: pubKeyRef} ++ runtime.SetFinalizer(pubKey, (*PublicKeyRSA).finalize) ++ return pubKey ++} ++ ++func (k *PrivateKeyRSA) withKey(f func(C.SecKeyRef) C.int) C.int { ++ // Because of the finalizer, any time _pkey is passed to cgo, that call must ++ // be followed by a call to runtime.KeepAlive, to make sure k is not ++ // collected (and finalized) before the cgo call returns. ++ defer runtime.KeepAlive(k) ++ return f(k._pkey) ++} ++ ++// DecryptRSAOAEP decrypts data using RSA-OAEP. ++func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ if len(label) > 0 { ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ panic("crypto/rsa: label is not supported on macOS") ++ } ++ return evpDecrypt(priv.withKey, algorithmTypeOAEP, ciphertext, h) ++} ++ ++// EncryptRSAOAEP encrypts data using RSA-OAEP. ++func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ if len(label) > 0 { ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ panic("crypto/rsa: label is not supported on macOS") ++ } ++ return evpEncrypt(pub.withKey, algorithmTypeOAEP, msg, h) ++} ++ ++// SignRSAPSS signs data with RSA-PSS. ++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypePSS, h, hashed) ++} ++ ++// VerifyRSAPSS verifies data with RSA-PSS. ++func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return evpVerify(pub.withKey, algorithmTypePSS, h, hashed, sig) ++} ++ ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return evpSign(priv.withKey, algorithmTypePKCS1v15Sig, h, hashed) ++} ++ ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ if pub.withKey(func(key C.SecKeyRef) C.int { ++ size := C.SecKeyGetBlockSize(key) ++ if len(sig) < int(size) { ++ return 0 ++ } ++ return 1 ++ }) == 0 { ++ return errors.New("crypto/rsa: verification error") ++ } ++ return evpVerify(pub.withKey, algorithmTypePKCS1v15Sig, h, hashed, sig) ++} ++ ++// DecryptRSAPKCS1 decrypts data using RSA PKCS#1 v1.5 padding. ++func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, algorithmTypePKCS1v15Enc, ciphertext, nil) ++} ++ ++// EncryptRSAPKCS1 encrypts data using RSA PKCS#1 v1.5 padding. ++func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, algorithmTypePKCS1v15Enc, msg, nil) ++} ++ ++func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return evpDecrypt(priv.withKey, algorithmTypeRAW, ciphertext, nil) ++} ++ ++func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ return evpEncrypt(pub.withKey, algorithmTypeRAW, msg, nil) ++} ++ ++// Helper functions ++ ++type cfError struct { ++ code int ++ message string ++} ++ ++func (e *cfError) Error() string { ++ if e.message == "" { ++ return "CFError(" + strconv.Itoa(e.code) + "): unknown error" ++ } ++ return "CFError(" + strconv.Itoa(e.code) + "): " + e.message ++} ++ ++func goCFErrorRef(ref C.CFErrorRef) error { ++ if ref == 0 { ++ return nil ++ } ++ var message string ++ if desc := C.CFErrorCopyDescription(ref); desc != C.CFStringRef(0) { ++ defer C.CFRelease(C.CFTypeRef(desc)) ++ if cstr := C.CFStringGetCStringPtr(desc, C.kCFStringEncodingUTF8); cstr != nil { ++ message = C.GoString(cstr) ++ } ++ } ++ return &cfError{ ++ code: int(C.CFErrorGetCode(ref)), ++ message: message, ++ } ++} +diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go +new file mode 100644 +index 00000000000000..9451d05599f3a8 +--- /dev/null ++++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/xcrypto.go +@@ -0,0 +1,59 @@ ++// Copyright (c) Microsoft Corporation. ++// Licensed under the MIT License. ++ ++//go:build darwin ++ ++package xcrypto ++ ++// #cgo CFLAGS: -Wno-deprecated-declarations ++import "C" ++import "unsafe" ++ ++// noescape hides a pointer from escape analysis. noescape is ++// the identity function but escape analysis doesn't think the ++// output depends on the input. noescape is inlined and currently ++// compiles down to zero instructions. ++// USE CAREFULLY! ++// ++//go:nosplit ++func noescape(p unsafe.Pointer) unsafe.Pointer { ++ x := uintptr(p) ++ return unsafe.Pointer(x ^ 0) ++} ++ ++var zero byte ++ ++// addr converts p to its base addr, including a noescape along the way. ++// If p is nil, addr returns a non-nil pointer, so that the result can always ++// be dereferenced. ++// ++//go:nosplit ++func addr(p []byte) *byte { ++ if len(p) == 0 { ++ return &zero ++ } ++ return (*byte)(noescape(unsafe.Pointer(&p[0]))) ++} ++ ++// base returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func base(b []byte) *C.uchar { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.uchar)(unsafe.Pointer(&b[0])) ++} ++ ++func sbase(b []byte) *C.char { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.char)(unsafe.Pointer(&b[0])) ++} ++ ++func pbase(b []byte) unsafe.Pointer { ++ if len(b) == 0 { ++ return nil ++ } ++ return unsafe.Pointer(&b[0]) ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE b/src/vendor/github.com/microsoft/go-crypto-winnative/LICENSE new file mode 100644 index 00000000000000..9e841e7a26e4eb @@ -11603,14 +15057,19 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 1c8de570cc2f1f..5b05c5eed355ca 100644 +index 1c8de570cc2f1f..aac6c2a60b6b80 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt -@@ -1,3 +1,14 @@ +@@ -1,3 +1,19 @@ +# github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig ++# github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146 ++## explicit; go 1.22 ++github.com/microsoft/go-crypto-darwin/bbig ++github.com/microsoft/go-crypto-darwin/internal/cryptokit ++github.com/microsoft/go-crypto-darwin/xcrypto +# github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng diff --git a/patches/0003-Add-crypto-backend-foundation.patch b/patches/0003-Add-crypto-backend-foundation.patch index 1eae1e793f8..1505ab5d1ff 100644 --- a/patches/0003-Add-crypto-backend-foundation.patch +++ b/patches/0003-Add-crypto-backend-foundation.patch @@ -11,11 +11,11 @@ Subject: [PATCH] Add crypto backend foundation .../internal/backend/fips140/isrequirefips.go | 9 + .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + - src/crypto/internal/backend/nobackend.go | 236 ++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 240 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- src/runtime/runtime_boring.go | 5 + - 11 files changed, 446 insertions(+), 1 deletion(-) + 11 files changed, 450 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/bbig/big.go create mode 100644 src/crypto/internal/backend/common.go @@ -64,7 +64,7 @@ index 00000000000000..c2c06d3bff8c74 +} diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go new file mode 100644 -index 00000000000000..20251a290dc2e0 +index 00000000000000..ab3f30825dcfa1 --- /dev/null +++ b/src/crypto/internal/backend/bbig/big.go @@ -0,0 +1,17 @@ @@ -72,7 +72,7 @@ index 00000000000000..20251a290dc2e0 +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build !goexperiment.systemcrypto ++//go:build !goexperiment.systemcrypto || (goexperiment.darwincrypto && !cgo) + +package bbig + @@ -87,7 +87,7 @@ index 00000000000000..20251a290dc2e0 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..0402524861dc53 +index 00000000000000..84447174284ffd --- /dev/null +++ b/src/crypto/internal/backend/common.go @@ -0,0 +1,58 @@ @@ -106,7 +106,7 @@ index 00000000000000..0402524861dc53 +func init() { + if fips140.Enabled() { + if !Enabled { -+ if runtime.GOOS != "linux" && runtime.GOOS != "windows" { ++ if runtime.GOOS != "linux" && runtime.GOOS != "windows" && runtime.GOOS != "darwin" { + panic("FIPS mode requested (" + fips140.Message + ") but no crypto backend is supported on " + runtime.GOOS) + } + panic("FIPS mode requested (" + fips140.Message + ") but no supported crypto backend is enabled") @@ -262,10 +262,10 @@ index 00000000000000..83691d7dd42d51 +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..4a3d8b729da30f +index 00000000000000..eca1ceab2a04b9 --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,236 @@ +@@ -0,0 +1,240 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -294,6 +294,10 @@ index 00000000000000..4a3d8b729da30f + +func SupportsHash(h crypto.Hash) bool { panic("cryptobackend: not available") } + ++func SupportsCurve(curve string) bool { panic("cryptobackend: not available") } ++func SupportsRSAOAEPLabel(label []byte) bool { panic("cryptobackend: not available") } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { panic("cryptobackend: not available") } ++ +func NewMD5() hash.Hash { panic("cryptobackend: not available") } +func NewSHA1() hash.Hash { panic("cryptobackend: not available") } +func NewSHA224() hash.Hash { panic("cryptobackend: not available") } @@ -337,8 +341,8 @@ index 00000000000000..4a3d8b729da30f + panic("cryptobackend: not available") +} + -+func SupportsRSAKeyPrimes(primes int) bool { panic("cryptobackend: not available") } -+func SupportsRSASaltLength(salt int) bool { panic("cryptobackend: not available") } ++func SupportsRSAKeyPrimes(primes int) bool { panic("cryptobackend: not available") } ++func SupportsRSASaltLength(sign bool, salt int) bool { panic("cryptobackend: not available") } + +type PublicKeyRSA struct{ _ int } +type PrivateKeyRSA struct{ _ int } @@ -438,37 +442,37 @@ index 00000000000000..4a3d8b729da30f + +type PublicKeyEd25519 struct{} + -+func (k *PublicKeyEd25519) Bytes() ([]byte, error) { ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { + panic("cryptobackend: not available") +} + +type PrivateKeyEd25519 struct{} + -+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { + panic("cryptobackend: not available") +} + -+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func SignEd25519(priv *PrivateKeyEd25519, message []byte) ([]byte, error) { ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { + panic("cryptobackend: not available") +} + -+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { + panic("cryptobackend: not available") +} + @@ -519,7 +523,7 @@ index 00000000000000..5e4b436554d44d +// from complaining about the missing body +// (because the implementation might be here). diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 5551a24f8a844e..c86b63454c6f7a 100644 +index e017efb1562379..ab5539f978a266 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -493,6 +493,8 @@ var depsRules = ` @@ -541,7 +545,7 @@ index 5551a24f8a844e..c86b63454c6f7a 100644 < crypto/internal/fips140only < crypto < crypto/subtle -@@ -520,6 +523,7 @@ var depsRules = ` +@@ -522,6 +525,7 @@ var depsRules = ` < github.com/microsoft/go-crypto-winnative/internal/bcrypt < github.com/microsoft/go-crypto-winnative/cng < crypto/internal/boring @@ -549,8 +553,8 @@ index 5551a24f8a844e..c86b63454c6f7a 100644 < crypto/boring < crypto/aes, crypto/des, -@@ -543,6 +547,7 @@ var depsRules = ` - < github.com/golang-fips/openssl/v2/bbig +@@ -546,6 +550,7 @@ var depsRules = ` + < github.com/microsoft/go-crypto-darwin/bbig < github.com/microsoft/go-crypto-winnative/cng/bbig < crypto/internal/boring/bbig + < crypto/internal/backend/bbig diff --git a/patches/0004-Add-BoringSSL-crypto-backend.patch b/patches/0004-Add-BoringSSL-crypto-backend.patch index 7ab03583455..9abecb7aca9 100644 --- a/patches/0004-Add-BoringSSL-crypto-backend.patch +++ b/patches/0004-Add-BoringSSL-crypto-backend.patch @@ -5,9 +5,9 @@ Subject: [PATCH] Add BoringSSL crypto backend --- .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 275 ++++++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 279 ++++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + - 3 files changed, 298 insertions(+) + 3 files changed, 302 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/boring_linux.go create mode 100644 src/crypto/internal/backend/fips140/boring.go @@ -32,10 +32,10 @@ index 00000000000000..0b62cef68546d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go new file mode 100644 -index 00000000000000..c49291c2f62b4c +index 00000000000000..f06fcc63b5af11 --- /dev/null +++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,275 @@ +@@ -0,0 +1,279 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -69,6 +69,10 @@ index 00000000000000..c49291c2f62b4c + } +} + ++func SupportsCurve(curve string) bool { return true } ++func SupportsRSAOAEPLabel(label []byte) bool { return true } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } ++ +func NewMD5() hash.Hash { panic("cryptobackend: not available") } +func NewSHA1() hash.Hash { return boring.NewSHA1() } +func NewSHA224() hash.Hash { return boring.NewSHA224() } @@ -120,7 +124,7 @@ index 00000000000000..c49291c2f62b4c + return true +} + -+func SupportsRSASaltLength(salt int) bool { ++func SupportsRSASaltLength(sign bool, salt int) bool { + return true +} + @@ -247,37 +251,37 @@ index 00000000000000..c49291c2f62b4c + +type PublicKeyEd25519 struct{} + -+func (k *PublicKeyEd25519) Bytes() ([]byte, error) { ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { + panic("cryptobackend: not available") +} + +type PrivateKeyEd25519 struct{} + -+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { + panic("cryptobackend: not available") +} + -+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func SignEd25519(priv *PrivateKeyEd25519, message []byte) ([]byte, error) { ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { + panic("cryptobackend: not available") +} + -+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { + panic("cryptobackend: not available") +} + diff --git a/patches/0005-Add-OpenSSL-crypto-backend.patch b/patches/0005-Add-OpenSSL-crypto-backend.patch index f58b2cbc2ea..7b44965e884 100644 --- a/patches/0005-Add-OpenSSL-crypto-backend.patch +++ b/patches/0005-Add-OpenSSL-crypto-backend.patch @@ -8,9 +8,9 @@ Subject: [PATCH] Add OpenSSL crypto backend src/cmd/link/internal/ld/lib.go | 1 + .../internal/backend/bbig/big_openssl.go | 12 + .../internal/backend/fips140/openssl.go | 41 ++ - src/crypto/internal/backend/openssl_linux.go | 358 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ src/os/exec/exec_test.go | 9 + - 6 files changed, 422 insertions(+), 2 deletions(-) + 6 files changed, 426 insertions(+), 2 deletions(-) create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go create mode 100644 src/crypto/internal/backend/fips140/openssl.go create mode 100644 src/crypto/internal/backend/openssl_linux.go @@ -112,10 +112,10 @@ index 00000000000000..118efa3a492a7d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..0f3aea733ac2a5 +index 00000000000000..57293ff2128dd6 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,358 @@ +@@ -0,0 +1,362 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -203,6 +203,10 @@ index 00000000000000..0f3aea733ac2a5 + return openssl.SupportsHash(h) +} + ++func SupportsCurve(curve string) bool { return true } ++func SupportsRSAOAEPLabel(label []byte) bool { return true } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } ++ +func NewMD5() hash.Hash { return openssl.NewMD5() } +func NewSHA1() hash.Hash { return openssl.NewSHA1() } +func NewSHA224() hash.Hash { return openssl.NewSHA224() } @@ -259,7 +263,7 @@ index 00000000000000..0f3aea733ac2a5 + return primes == 2 +} + -+func SupportsRSASaltLength(salt int) bool { ++func SupportsRSASaltLength(sign bool, salt int) bool { + return true +} + @@ -391,40 +395,40 @@ index 00000000000000..0f3aea733ac2a5 + +func SupportsEd25519() bool { return openssl.SupportsEd25519() } + -+type PublicKeyEd25519 = openssl.PublicKeyEd25519 -+type PrivateKeyEd25519 = openssl.PrivateKeyEd25519 ++type PublicKeyEd25519 = *openssl.PublicKeyEd25519 ++type PrivateKeyEd25519 = *openssl.PrivateKeyEd25519 + -+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { + return openssl.GenerateKeyEd25519() +} + +// Deprecated: use NewPrivateKeyEd25519 instead. -+func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25119(priv []byte) (PrivateKeyEd25519, error) { + return openssl.NewPrivateKeyEd25519(priv) +} + +// Deprecated: use NewPublicKeyEd25519 instead. -+func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25119(pub []byte) (PublicKeyEd25519, error) { + return openssl.NewPublicKeyEd25519(pub) +} + -+func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { + return openssl.NewPrivateKeyEd25519(priv) +} + -+func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { + return openssl.NewPublicKeyEd25519(pub) +} + -+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { + return openssl.NewPrivateKeyEd25519FromSeed(seed) +} + -+func SignEd25519(priv *PrivateKeyEd25519, message []byte) ([]byte, error) { ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { + return openssl.SignEd25519(priv, message) +} + -+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { + return openssl.VerifyEd25519(pub, message, sig) +} + diff --git a/patches/0006-Add-CNG-crypto-backend.patch b/patches/0006-Add-CNG-crypto-backend.patch index e6bc7dab684..aaae7bf10f9 100644 --- a/patches/0006-Add-CNG-crypto-backend.patch +++ b/patches/0006-Add-CNG-crypto-backend.patch @@ -5,9 +5,9 @@ Subject: [PATCH] Add CNG crypto backend --- src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 329 ++++++++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 336 ++++++++++++++++++++ src/crypto/internal/backend/fips140/cng.go | 33 ++ - 3 files changed, 374 insertions(+) + 3 files changed, 381 insertions(+) create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go create mode 100644 src/crypto/internal/backend/fips140/cng.go @@ -32,10 +32,10 @@ index 00000000000000..92623031fd87d0 +var Dec = bbig.Dec diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go new file mode 100644 -index 00000000000000..6bfbdc57f0518b +index 00000000000000..31dfc9b19ee63e --- /dev/null +++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,329 @@ +@@ -0,0 +1,336 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -82,6 +82,10 @@ index 00000000000000..6bfbdc57f0518b + return cng.SupportsHash(h) +} + ++func SupportsCurve(curve string) bool { return true } ++func SupportsRSAOAEPLabel(label []byte) bool { return true } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } ++ +func NewMD5() hash.Hash { return cng.NewMD5() } +func NewSHA1() hash.Hash { return cng.NewSHA1() } +func NewSHA224() hash.Hash { panic("cngcrypto: not available") } @@ -166,7 +170,10 @@ index 00000000000000..6bfbdc57f0518b + return primes == 2 +} + -+func SupportsRSASaltLength(salt int) bool { ++func SupportsRSASaltLength(sign bool, salt int) bool { ++ if sign { ++ return true ++ } + return salt != 0 // rsa.PSSSaltLengthAuto +} + @@ -296,37 +303,37 @@ index 00000000000000..6bfbdc57f0518b + +type PublicKeyEd25519 struct{} + -+func (k *PublicKeyEd25519) Bytes() ([]byte, error) { ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { + panic("cryptobackend: not available") +} + +type PrivateKeyEd25519 struct{} + -+func (k *PrivateKeyEd25519) Bytes() ([]byte, error) { ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { + panic("cryptobackend: not available") +} + -+func GenerateKeyEd25519() (*PrivateKeyEd25519, error) { ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func NewPrivateKeyEd25519FromSeed(seed []byte) (*PrivateKeyEd25519, error) { ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { + panic("cryptobackend: not available") +} + -+func SignEd25519(priv *PrivateKeyEd25519, message []byte) ([]byte, error) { ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { + panic("cryptobackend: not available") +} + -+func VerifyEd25519(pub *PublicKeyEd25519, message, sig []byte) error { ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { + panic("cryptobackend: not available") +} + diff --git a/patches/0007-Add-Darwin-crypto-backend.patch b/patches/0007-Add-Darwin-crypto-backend.patch new file mode 100644 index 00000000000..6cd2cd3a969 --- /dev/null +++ b/patches/0007-Add-Darwin-crypto-backend.patch @@ -0,0 +1,547 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: George Adams +Date: Tue, 17 Dec 2024 13:17:39 +0000 +Subject: [PATCH] Add Darwin crypto backend + +--- + .gitignore | 2 + + .../internal/backend/bbig/big_darwin.go | 12 + + src/crypto/internal/backend/darwin_darwin.go | 359 ++++++++++++++++++ + src/crypto/internal/backend/fips140/darwin.go | 11 + + src/crypto/rsa/darwin.go | 71 ++++ + src/net/lookup_test.go | 3 + + src/runtime/pprof/vminfo_darwin_test.go | 6 + + 7 files changed, 464 insertions(+) + create mode 100644 src/crypto/internal/backend/bbig/big_darwin.go + create mode 100644 src/crypto/internal/backend/darwin_darwin.go + create mode 100644 src/crypto/internal/backend/fips140/darwin.go + create mode 100644 src/crypto/rsa/darwin.go + +diff --git a/.gitignore b/.gitignore +index c6512e64a4ef39..b3b01db73b009d 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -46,6 +46,8 @@ _testmain.go + /test/run.out + /test/times.out + ++!/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o ++ + # This file includes artifacts of Go build that should not be checked in. + # For files created by specific development environment (e.g. editor), + # use alternative ways to exclude files from git. +diff --git a/src/crypto/internal/backend/bbig/big_darwin.go b/src/crypto/internal/backend/bbig/big_darwin.go +new file mode 100644 +index 00000000000000..77f3ca5d262769 +--- /dev/null ++++ b/src/crypto/internal/backend/bbig/big_darwin.go +@@ -0,0 +1,12 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto && cgo ++ ++package bbig ++ ++import "github.com/microsoft/go-crypto-darwin/bbig" ++ ++var Enc = bbig.Enc ++var Dec = bbig.Dec +diff --git a/src/crypto/internal/backend/darwin_darwin.go b/src/crypto/internal/backend/darwin_darwin.go +new file mode 100644 +index 00000000000000..2250852ada8cc8 +--- /dev/null ++++ b/src/crypto/internal/backend/darwin_darwin.go +@@ -0,0 +1,359 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto && darwin && cgo ++ ++// Package darwin provides access to DarwinCrypto implementation functions. ++// Check the variable Enabled to find out whether DarwinCrypto is available. ++// If DarwinCrypto is not available, the functions in this package all panic. ++package backend ++ ++import ( ++ "crypto" ++ "crypto/cipher" ++ "crypto/internal/boring/sig" ++ "crypto/internal/fips140/nistec" ++ "errors" ++ "hash" ++ _ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/xcrypto" ++) ++ ++// Enabled controls whether FIPS crypto is enabled. ++const Enabled = true ++ ++type BigInt = xcrypto.BigInt ++ ++func init() { ++ sig.BoringCrypto() ++} ++ ++const RandReader = xcrypto.RandReader ++ ++func SupportsHash(h crypto.Hash) bool { ++ return xcrypto.SupportsHash(h) ++} ++ ++func SupportsCurve(curve string) bool { ++ switch curve { ++ case "P-256", "P-384", "P-521": ++ return true ++ } ++ return false ++} ++ ++func SupportsRSAOAEPLabel(label []byte) bool { ++ // CommonCrypto doesn't support labels ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ return len(label) == 0 ++} ++ ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { ++ switch hash { ++ case crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512, 0: ++ return true ++ } ++ return false ++} ++ ++func NewMD5() hash.Hash { return xcrypto.NewMD5() } ++func NewSHA1() hash.Hash { return xcrypto.NewSHA1() } ++func NewSHA224() hash.Hash { return xcrypto.NewSHA224() } ++func NewSHA256() hash.Hash { return xcrypto.NewSHA256() } ++func NewSHA384() hash.Hash { return xcrypto.NewSHA384() } ++func NewSHA512() hash.Hash { return xcrypto.NewSHA512() } ++ ++func MD5(p []byte) (sum [16]byte) { return xcrypto.MD5(p) } ++func SHA1(p []byte) (sum [20]byte) { return xcrypto.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { return xcrypto.SHA224(p) } ++func SHA256(p []byte) (sum [32]byte) { return xcrypto.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return xcrypto.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return xcrypto.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } ++ ++func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { ++ return xcrypto.NewHMAC(h, key) ++} ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ return xcrypto.NewAESCipher(key) ++} ++ ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { ++ return xcrypto.NewGCMTLS(c) ++} ++ ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { ++ return xcrypto.NewGCMTLS13(c) ++} ++ ++type PublicKeyECDSA = xcrypto.PublicKeyECDSA ++type PrivateKeyECDSA = xcrypto.PrivateKeyECDSA ++ ++func GenerateKeyECDSA(curve string) (X, Y, D xcrypto.BigInt, err error) { ++ return xcrypto.GenerateKeyECDSA(curve) ++} ++ ++func NewPrivateKeyECDSA(curve string, X, Y, D xcrypto.BigInt) (*xcrypto.PrivateKeyECDSA, error) { ++ return xcrypto.NewPrivateKeyECDSA(curve, X, Y, D) ++} ++ ++func NewPublicKeyECDSA(curve string, X, Y xcrypto.BigInt) (*xcrypto.PublicKeyECDSA, error) { ++ return xcrypto.NewPublicKeyECDSA(curve, X, Y) ++} ++ ++//go:linkname encodeSignature crypto/ecdsa.encodeSignature ++func encodeSignature(r, s []byte) ([]byte, error) ++ ++//go:linkname parseSignature crypto/ecdsa.parseSignature ++func parseSignature(sig []byte) (r, s []byte, err error) ++ ++func SignMarshalECDSA(priv *xcrypto.PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ return xcrypto.SignMarshalECDSA(priv, hash) ++} ++ ++func VerifyECDSA(pub *xcrypto.PublicKeyECDSA, hash []byte, sig []byte) bool { ++ return xcrypto.VerifyECDSA(pub, hash, sig) ++} ++ ++func SupportsRSAKeyPrimes(primes int) bool { ++ return primes == 2 ++} ++ ++func SupportsRSASaltLength(sign bool, salt int) bool { ++ // CommonCrypto doesn't support custom salt length ++ return salt == -1 ++} ++ ++type PublicKeyRSA = xcrypto.PublicKeyRSA ++type PrivateKeyRSA = xcrypto.PrivateKeyRSA ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *xcrypto.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return xcrypto.DecryptRSAOAEP(h, priv, ciphertext, label) ++} ++ ++func DecryptRSAPKCS1(priv *xcrypto.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return xcrypto.DecryptRSAPKCS1(priv, ciphertext) ++} ++ ++func DecryptRSANoPadding(priv *xcrypto.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return xcrypto.DecryptRSANoPadding(priv, ciphertext) ++} ++ ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *xcrypto.PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return xcrypto.EncryptRSAOAEP(h, pub, msg, label) ++} ++ ++func EncryptRSAPKCS1(pub *xcrypto.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return xcrypto.EncryptRSAPKCS1(pub, msg) ++} ++ ++func EncryptRSANoPadding(pub *xcrypto.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return xcrypto.EncryptRSANoPadding(pub, msg) ++} ++ ++//go:linkname decodeKeyRSA crypto/rsa.decodeKey ++func decodeKeyRSA(data []byte) (N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt, err error) ++ ++//go:linkname encodeKeyRSA crypto/rsa.encodeKey ++func encodeKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt) ([]byte, error) ++ ++//go:linkname encodePublicKeyRSA crypto/rsa.encodePublicKey ++func encodePublicKeyRSA(N, E xcrypto.BigInt) ([]byte, error) ++ ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt, err error) { ++ data, err := xcrypto.GenerateKeyRSA(bits) ++ if err != nil { ++ return ++ } ++ return decodeKeyRSA(data) ++} ++ ++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt) (*xcrypto.PrivateKeyRSA, error) { ++ encoded, err := encodeKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) ++ if err != nil { ++ return nil, err ++ } ++ return xcrypto.NewPrivateKeyRSA(encoded) ++} ++ ++func NewPublicKeyRSA(N, E xcrypto.BigInt) (*xcrypto.PublicKeyRSA, error) { ++ encoded, err := encodePublicKeyRSA(N, E) ++ if err != nil { ++ return nil, err ++ } ++ return xcrypto.NewPublicKeyRSA(encoded) ++} ++ ++func SignRSAPKCS1v15(priv *xcrypto.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return xcrypto.SignRSAPKCS1v15(priv, h, hashed) ++} ++ ++func SignRSAPSS(priv *xcrypto.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return xcrypto.SignRSAPSS(priv, h, hashed, saltLen) ++} ++ ++func VerifyRSAPKCS1v15(pub *xcrypto.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ return xcrypto.VerifyRSAPKCS1v15(pub, h, hashed, sig) ++} ++ ++func VerifyRSAPSS(pub *xcrypto.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return xcrypto.VerifyRSAPSS(pub, h, hashed, sig, saltLen) ++} ++ ++type PrivateKeyECDH = xcrypto.PrivateKeyECDH ++type PublicKeyECDH = xcrypto.PublicKeyECDH ++ ++func ECDH(priv *xcrypto.PrivateKeyECDH, pub *xcrypto.PublicKeyECDH) ([]byte, error) { ++ return xcrypto.ECDH(priv, pub) ++} ++ ++func GenerateKeyECDH(curve string) (*xcrypto.PrivateKeyECDH, []byte, error) { ++ return xcrypto.GenerateKeyECDH(curve) ++} ++ ++func NewPrivateKeyECDH(curve string, bytes []byte) (*xcrypto.PrivateKeyECDH, error) { ++ var key []byte ++ switch curve { ++ case "P-256": ++ p, err := nistec.NewP256Point().ScalarBaseMult(bytes) ++ if err != nil { ++ return nil, err ++ } ++ key = p.Bytes() ++ case "P-384": ++ p, err := nistec.NewP384Point().ScalarBaseMult(bytes) ++ if err != nil { ++ return nil, err ++ } ++ key = p.Bytes() ++ case "P-521": ++ p, err := nistec.NewP521Point().ScalarBaseMult(bytes) ++ if err != nil { ++ return nil, err ++ } ++ key = p.Bytes() ++ default: ++ return nil, errors.New("NewPrivateKeyECDH: unsupported curve: " + curve) ++ } ++ return xcrypto.NewPrivateKeyECDH(curve, key, bytes) ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*xcrypto.PublicKeyECDH, error) { ++ return xcrypto.NewPublicKeyECDH(curve, bytes) ++} ++ ++func SupportsHKDF() bool { ++ return true ++} ++ ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ return xcrypto.ExpandHKDF(h, pseudorandomKey, info, keyLength) ++} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ return xcrypto.ExtractHKDF(h, secret, salt) ++} ++ ++func SupportsPBKDF2() bool { ++ return true ++} ++ ++func PBKDF2(pass, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { ++ return xcrypto.PBKDF2(pass, salt, iter, keyLen, h) ++} ++ ++func SupportsTLS1PRF() bool { ++ return false ++} ++ ++func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsDESCipher() bool { ++ return true ++} ++ ++func SupportsTripleDESCipher() bool { ++ return true ++} ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ return xcrypto.NewDESCipher(key) ++} ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ return xcrypto.NewTripleDESCipher(key) ++} ++ ++func SupportsRC4() bool { return true } ++ ++type RC4Cipher = xcrypto.RC4Cipher ++ ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return xcrypto.NewRC4Cipher(key) } ++ ++func SupportsEd25519() bool { ++ return true ++} ++ ++type PublicKeyEd25519 = xcrypto.PublicKeyEd25519 ++type PrivateKeyEd25519 = xcrypto.PrivateKeyEd25519 ++ ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { ++ return xcrypto.GenerateKeyEd25519(), nil ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ return xcrypto.NewPrivateKeyEd25519(priv) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ return xcrypto.NewPublicKeyEd25519(pub) ++} ++ ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ return xcrypto.NewPrivateKeyEd25519FromSeed(seed) ++} ++ ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ return xcrypto.SignEd25519(priv, message) ++} ++ ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ return xcrypto.VerifyEd25519(pub, message, sig) ++} ++ ++func SupportsDSA(l, n int) bool { ++ return false ++} ++ ++func GenerateParametersDSA(l, n int) (p, q, g xcrypto.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyDSA struct{} ++type PublicKeyDSA struct{} ++ ++func GenerateKeyDSA(p, q, g xcrypto.BigInt) (x, y xcrypto.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y xcrypto.BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyDSA(p, q, g, y xcrypto.BigInt) (*PublicKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (xcrypto.BigInt, xcrypto.BigInt, error)) (r, s xcrypto.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s xcrypto.BigInt, encodeSignature func(r, s xcrypto.BigInt) ([]byte, error)) bool { ++ panic("cryptobackend: not available") ++} +diff --git a/src/crypto/internal/backend/fips140/darwin.go b/src/crypto/internal/backend/fips140/darwin.go +new file mode 100644 +index 00000000000000..ef5af5d956163e +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/darwin.go +@@ -0,0 +1,11 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} +diff --git a/src/crypto/rsa/darwin.go b/src/crypto/rsa/darwin.go +new file mode 100644 +index 00000000000000..1b9c63523ee90e +--- /dev/null ++++ b/src/crypto/rsa/darwin.go +@@ -0,0 +1,71 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto ++ ++package rsa ++ ++import ( ++ "crypto/internal/backend" ++ "crypto/internal/backend/bbig" ++ "errors" ++ "math/big" ++ _ "unsafe" ++ ++ "golang.org/x/crypto/cryptobyte" ++ "golang.org/x/crypto/cryptobyte/asn1" ++) ++ ++//go:linkname decodeKey ++func decodeKey(data []byte) (N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt, err error) { ++ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt, err error) { ++ return nil, nil, nil, nil, nil, nil, nil, nil, e ++ } ++ input := cryptobyte.String(data) ++ var version int ++ n, e, d, p, q, dp, dq, qinv := new(big.Int), new(big.Int), new(big.Int), new(big.Int), ++ new(big.Int), new(big.Int), new(big.Int), new(big.Int) ++ // Parse the ASN.1 sequence ++ if !input.ReadASN1(&input, asn1.SEQUENCE) { ++ return bad(errors.New("invalid ASN.1 structure: not a sequence")) ++ } ++ if !input.ReadASN1Integer(&version) || version != 0 { ++ return bad(errors.New("invalid ASN.1 structure: unsupported version")) ++ } ++ if !input.ReadASN1Integer(n) || !input.ReadASN1Integer(e) || ++ !input.ReadASN1Integer(d) || !input.ReadASN1Integer(p) || ++ !input.ReadASN1Integer(q) || !input.ReadASN1Integer(dp) || ++ !input.ReadASN1Integer(dq) || !input.ReadASN1Integer(qinv) { ++ return bad(errors.New("invalid ASN.1 structure")) ++ } ++ return bbig.Enc(n), bbig.Enc(e), bbig.Enc(d), bbig.Enc(p), bbig.Enc(q), ++ bbig.Enc(dp), bbig.Enc(dq), bbig.Enc(qinv), nil ++} ++ ++//go:linkname encodeKey ++func encodeKey(N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt) ([]byte, error) { ++ builder := cryptobyte.NewBuilder(nil) ++ builder.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ b.AddASN1Int64(0) // Add version as int64 ++ b.AddASN1BigInt(bbig.Dec(N)) // Add modulus ++ b.AddASN1BigInt(bbig.Dec(E)) // Add public exponent ++ b.AddASN1BigInt(bbig.Dec(D)) // Add private exponent ++ b.AddASN1BigInt(bbig.Dec(P)) // Add prime1 ++ b.AddASN1BigInt(bbig.Dec(Q)) // Add prime2 ++ b.AddASN1BigInt(bbig.Dec(Dp)) // Add exponent1 ++ b.AddASN1BigInt(bbig.Dec(Dq)) // Add exponent2 ++ b.AddASN1BigInt(bbig.Dec(Qinv)) // Add coefficient ++ }) ++ return builder.Bytes() ++} ++ ++//go:linkname encodePublicKey ++func encodePublicKey(N, E backend.BigInt) ([]byte, error) { ++ builder := cryptobyte.NewBuilder(nil) ++ builder.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ b.AddASN1BigInt(bbig.Dec(N)) // Add modulus ++ b.AddASN1BigInt(bbig.Dec(E)) // Add public exponent ++ }) ++ return builder.Bytes() ++} +diff --git a/src/net/lookup_test.go b/src/net/lookup_test.go +index 514cbd098ae772..8ec689416dde1d 100644 +--- a/src/net/lookup_test.go ++++ b/src/net/lookup_test.go +@@ -1501,6 +1501,9 @@ func TestLookupPortIPNetworkString(t *testing.T) { + } + + func TestLookupNoSuchHost(t *testing.T) { ++ if runtime.GOOS == "darwin" { ++ t.Skip("skipping on darwin; see https://github.com/microsoft/go/issues/1394") ++ } + mustHaveExternalNetwork(t) + + const testNXDOMAIN = "invalid.invalid." +diff --git a/src/runtime/pprof/vminfo_darwin_test.go b/src/runtime/pprof/vminfo_darwin_test.go +index 6d375c5d53368a..39154b000ddc67 100644 +--- a/src/runtime/pprof/vminfo_darwin_test.go ++++ b/src/runtime/pprof/vminfo_darwin_test.go +@@ -11,6 +11,7 @@ import ( + "bytes" + "fmt" + "internal/abi" ++ "internal/goexperiment" + "internal/testenv" + "os" + "os/exec" +@@ -21,6 +22,11 @@ import ( + ) + + func TestVMInfo(t *testing.T) { ++ if goexperiment.DarwinCrypto { ++ // Fails on macOS when using system crypto. ++ // https://github.com/microsoft/go/issues/1466 ++ t.Skip("skipping on Darwin") ++ } + var begin, end, offset uint64 + var filename string + first := true diff --git a/patches/0007-Use-crypto-backends.patch b/patches/0008-Use-crypto-backends.patch similarity index 91% rename from patches/0007-Use-crypto-backends.patch rename to patches/0008-Use-crypto-backends.patch index 37d40160d56..1d2f62ffeb0 100644 --- a/patches/0007-Use-crypto-backends.patch +++ b/patches/0008-Use-crypto-backends.patch @@ -5,8 +5,11 @@ Subject: [PATCH] Use crypto backends --- src/cmd/api/boring_test.go | 2 +- - src/cmd/go/go_boring_test.go | 2 +- + src/cmd/dist/test.go | 5 + + src/cmd/go/go_boring_test.go | 11 +- + src/cmd/go/testdata/script/darwin_no_cgo.txt | 2 + .../go/testdata/script/gopath_std_vendor.txt | 9 + + src/cmd/link/internal/ld/config.go | 8 + src/crypto/aes/aes.go | 2 +- src/crypto/boring/boring.go | 4 +- src/crypto/cipher/ctr_aes_test.go | 2 +- @@ -20,10 +23,11 @@ Subject: [PATCH] Use crypto backends src/crypto/ecdh/nist.go | 2 +- src/crypto/ecdsa/badlinkname.go | 19 ++ src/crypto/ecdsa/boring.go | 6 +- - src/crypto/ecdsa/ecdsa.go | 4 +- + src/crypto/ecdsa/ecdsa.go | 10 +- src/crypto/ecdsa/notboring.go | 4 +- src/crypto/ed25519/boring.go | 71 +++++++ src/crypto/ed25519/ed25519.go | 73 +++++++ + src/crypto/ed25519/ed25519_test.go | 3 +- src/crypto/ed25519/notboring.go | 16 ++ src/crypto/fips140/fips140.go | 3 +- src/crypto/hkdf/hkdf.go | 14 ++ @@ -39,13 +43,13 @@ Subject: [PATCH] Use crypto backends src/crypto/purego_test.go | 2 +- src/crypto/rand/rand.go | 2 +- src/crypto/rc4/rc4.go | 18 ++ - src/crypto/rsa/boring.go | 6 +- + src/crypto/rsa/boring.go | 12 +- src/crypto/rsa/boring_test.go | 2 +- - src/crypto/rsa/fips.go | 10 +- + src/crypto/rsa/fips.go | 14 +- src/crypto/rsa/notboring.go | 4 +- src/crypto/rsa/pkcs1v15.go | 6 +- src/crypto/rsa/pkcs1v15_test.go | 5 + - src/crypto/rsa/pss_test.go | 9 +- + src/crypto/rsa/pss_test.go | 13 +- src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 15 +- src/crypto/sha1/sha1.go | 8 +- @@ -72,7 +76,7 @@ Subject: [PATCH] Use crypto backends src/hash/marshal_test.go | 9 + src/hash/notboring_test.go | 9 + src/net/smtp/smtp_test.go | 72 ++++--- - 68 files changed, 1012 insertions(+), 100 deletions(-) + 72 files changed, 1052 insertions(+), 107 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -96,11 +100,27 @@ index f0e3575637c62a..9eab3b4e66e60b 100644 package main +diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go +index 0de6e80fd985a3..3316bb52a61ff1 100644 +--- a/src/cmd/dist/test.go ++++ b/src/cmd/dist/test.go +@@ -1161,6 +1161,11 @@ func (t *tester) internalLink() bool { + if goos == "windows" && goarch == "arm64" { + return false + } ++ if goos == "darwin" && (strings.Contains(goexperiment, "systemcrypto") || strings.Contains(goexperiment, "darwincrypto")) { ++ // linkmode=internal isn't supported with system/darwin crypto. ++ // see https://github.com/microsoft/go-crypto-darwin/issues/33 ++ return false ++ } + // Internally linking cgo is incomplete on some architectures. + // https://golang.org/issue/10373 + // https://golang.org/issue/14449 diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go -index ed0fbf3d53d75b..06478963f4be44 100644 +index ed0fbf3d53d75b..8111b143a1295b 100644 --- a/src/cmd/go/go_boring_test.go +++ b/src/cmd/go/go_boring_test.go -@@ -2,7 +2,7 @@ +@@ -2,13 +2,20 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -109,6 +129,33 @@ index ed0fbf3d53d75b..06478963f4be44 100644 package main_test +-import "testing" ++import ( ++ "internal/goexperiment" ++ "testing" ++) + + func TestBoringInternalLink(t *testing.T) { ++ if goexperiment.DarwinCrypto { ++ // https://github.com/microsoft/go-crypto-darwin/issues/33 ++ t.Skip("skipping on Darwin") ++ } + tg := testgo(t) + defer tg.cleanup() + tg.parallel() +diff --git a/src/cmd/go/testdata/script/darwin_no_cgo.txt b/src/cmd/go/testdata/script/darwin_no_cgo.txt +index fa445925b7c374..e36ac86fcaa58d 100644 +--- a/src/cmd/go/testdata/script/darwin_no_cgo.txt ++++ b/src/cmd/go/testdata/script/darwin_no_cgo.txt +@@ -4,6 +4,8 @@ + # of cmd/go, which imports approximately everything + # in std (certainly everything relevant). + [!GOOS:darwin] skip ++[GOEXPERIMENT:darwincrypto] skip ++[GOEXPERIMENT:systemcrypto] skip + go list -deps cmd/go + ! stdout runtime/cgo + diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt index 4aaf46b5d0f0dc..ec58a217400caa 100644 --- a/src/cmd/go/testdata/script/gopath_std_vendor.txt @@ -128,6 +175,32 @@ index 4aaf46b5d0f0dc..ec58a217400caa 100644 [!compiler:gc] skip go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack +diff --git a/src/cmd/link/internal/ld/config.go b/src/cmd/link/internal/ld/config.go +index b2d4ad7cb0e7f6..2859879041ff8f 100644 +--- a/src/cmd/link/internal/ld/config.go ++++ b/src/cmd/link/internal/ld/config.go +@@ -7,6 +7,7 @@ package ld + import ( + "fmt" + "internal/buildcfg" ++ "internal/goexperiment" + "internal/platform" + ) + +@@ -34,6 +35,13 @@ func (mode *BuildMode) Set(s string) error { + return fmt.Errorf("invalid buildmode: %q", s) + case "exe": + switch buildcfg.GOOS + "/" + buildcfg.GOARCH { ++ case "darwin/amd64": ++ // We can't link against the static object file when using no_pie ++ if goexperiment.DarwinCrypto || goexperiment.SystemCrypto { ++ *mode = BuildModePIE ++ } else { ++ *mode = BuildModeExe ++ } + case "darwin/arm64", "windows/arm", "windows/arm64": // On these platforms, everything is PIE + *mode = BuildModePIE + default: diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go index 5bc2d13d673e0a..b803c77be62a66 100644 --- a/src/crypto/aes/aes.go @@ -590,7 +663,7 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index cb308b41e9df86..8f73855aa738de 100644 +index cb308b41e9df86..5c841d2f021967 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -20,8 +20,8 @@ import ( @@ -604,6 +677,33 @@ index cb308b41e9df86..8f73855aa738de 100644 "crypto/internal/fips140/ecdsa" "crypto/internal/fips140hash" "crypto/internal/fips140only" +@@ -162,7 +162,7 @@ func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOp + func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error) { + randutil.MaybeReadByte(rand) + +- if boring.Enabled && rand == boring.RandReader { ++ if boring.Enabled && rand == boring.RandReader && boring.SupportsCurve(c.Params().Name) { + x, y, d, err := boring.GenerateKeyECDSA(c.Params().Name) + if err != nil { + return nil, err +@@ -211,7 +211,7 @@ var errNoAsm = errors.New("no assembly implementation available") + func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error) { + randutil.MaybeReadByte(rand) + +- if boring.Enabled && rand == boring.RandReader { ++ if boring.Enabled && rand == boring.RandReader && boring.SupportsCurve(priv.Curve.Params().Name) { + b, err := boringPrivateKey(priv) + if err != nil { + return nil, err +@@ -326,7 +326,7 @@ func addASN1IntBytes(b *cryptobyte.Builder, bytes []byte) { + // The inputs are not considered confidential, and may leak through timing side + // channels, or if an attacker has control of part of the inputs. + func VerifyASN1(pub *PublicKey, hash, sig []byte) bool { +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsCurve(pub.Curve.Params().Name) { + key, err := boringPublicKey(pub) + if err != nil { + return false diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go index 039bd82ed21f9f..69a97d9bf250be 100644 --- a/src/crypto/ecdsa/notboring.go @@ -624,7 +724,7 @@ index 039bd82ed21f9f..69a97d9bf250be 100644 panic("boringcrypto: not available") diff --git a/src/crypto/ed25519/boring.go b/src/crypto/ed25519/boring.go new file mode 100644 -index 00000000000000..cce33e4d6cc927 +index 00000000000000..4e18cdfbaad4fd --- /dev/null +++ b/src/crypto/ed25519/boring.go @@ -0,0 +1,71 @@ @@ -653,11 +753,11 @@ index 00000000000000..cce33e4d6cc927 +} + +type boringPub struct { -+ key *boring.PublicKeyEd25519 ++ key boring.PublicKeyEd25519 + orig [PublicKeySize]byte +} + -+func boringPublicKey(pub PublicKey) (*boring.PublicKeyEd25519, error) { ++func boringPublicKey(pub PublicKey) (boring.PublicKeyEd25519, error) { + // Use the pointer to the underlying pub array as key. + p := unsafe.SliceData(pub) + b := pubCache.Get(p) @@ -669,7 +769,7 @@ index 00000000000000..cce33e4d6cc927 + copy(b.orig[:], pub) + key, err := boring.NewPublicKeyEd25519(b.orig[:]) + if err != nil { -+ return nil, err ++ return key, err + } + b.key = key + pubCache.Put(p, b) @@ -677,11 +777,11 @@ index 00000000000000..cce33e4d6cc927 +} + +type boringPriv struct { -+ key *boring.PrivateKeyEd25519 ++ key boring.PrivateKeyEd25519 + orig [PrivateKeySize]byte +} + -+func boringPrivateKey(priv PrivateKey) (*boring.PrivateKeyEd25519, error) { ++func boringPrivateKey(priv PrivateKey) (boring.PrivateKeyEd25519, error) { + // Use the pointer to the underlying priv array as key. + p := unsafe.SliceData(priv) + b := privCache.Get(p) @@ -693,7 +793,7 @@ index 00000000000000..cce33e4d6cc927 + copy(b.orig[:], priv) + key, err := boring.NewPrivateKeyEd25519(b.orig[:]) + if err != nil { -+ return nil, err ++ return key, err + } + b.key = key + privCache.Put(p, b) @@ -825,9 +925,30 @@ index c1f8ff784e4a5c..6476bfbe896d6c 100644 return ed25519.Verify(k, message, sig) default: return errors.New("ed25519: expected opts.Hash zero (unhashed message, for standard Ed25519) or SHA-512 (for Ed25519ph)") +diff --git a/src/crypto/ed25519/ed25519_test.go b/src/crypto/ed25519/ed25519_test.go +index 87d0132df11d8b..00dd5224a70418 100644 +--- a/src/crypto/ed25519/ed25519_test.go ++++ b/src/crypto/ed25519/ed25519_test.go +@@ -13,6 +13,7 @@ import ( + "crypto/rand" + "crypto/sha512" + "encoding/hex" ++ "internal/goexperiment" + "log" + "os" + "strings" +@@ -316,7 +317,7 @@ func TestGolden(t *testing.T) { + copy(priv[32:], pubKey) + + sig2 := Sign(priv[:], msg) +- if !bytes.Equal(sig, sig2[:]) { ++ if !bytes.Equal(sig, sig2[:]) && !goexperiment.DarwinCrypto { + t.Errorf("different signature result on line %d: %x vs %x", lineNo, sig, sig2) + } + diff --git a/src/crypto/ed25519/notboring.go b/src/crypto/ed25519/notboring.go new file mode 100644 -index 00000000000000..b0cdd44d81c753 +index 00000000000000..77b69a3be88183 --- /dev/null +++ b/src/crypto/ed25519/notboring.go @@ -0,0 +1,16 @@ @@ -841,10 +962,10 @@ index 00000000000000..b0cdd44d81c753 + +import boring "crypto/internal/backend" + -+func boringPublicKey(PublicKey) (*boring.PublicKeyEd25519, error) { ++func boringPublicKey(PublicKey) (boring.PublicKeyEd25519, error) { + panic("boringcrypto: not available") +} -+func boringPrivateKey(PrivateKey) (*boring.PrivateKeyEd25519, error) { ++func boringPrivateKey(PrivateKey) (boring.PrivateKeyEd25519, error) { + panic("boringcrypto: not available") +} diff --git a/src/crypto/fips140/fips140.go b/src/crypto/fips140/fips140.go @@ -1200,10 +1321,10 @@ index 90943a0935befb..09ebdfd733e5d6 100644 return } diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go -index b9f9d3154f2589..d52faddef45549 100644 +index 28d16a89f6a1cf..b276571ddf9fc8 100644 --- a/src/crypto/rsa/boring.go +++ b/src/crypto/rsa/boring.go -@@ -2,13 +2,13 @@ +@@ -2,14 +2,15 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -1218,8 +1339,22 @@ index b9f9d3154f2589..d52faddef45549 100644 + boring "crypto/internal/backend" + "crypto/internal/backend/bbig" "crypto/internal/boring/bcache" ++ "internal/goexperiment" "math/big" ) + +@@ -62,6 +63,11 @@ type boringPriv struct { + } + + func boringPrivateKey(priv *PrivateKey) (*boring.PrivateKeyRSA, error) { ++ // CommonCrypto requires the CRT values to be precomputed if nil ++ if goexperiment.DarwinCrypto && (priv.Precomputed.Dp == nil || priv.Precomputed.Dq == nil || priv.Precomputed.Qinv == nil) { ++ priv.Precompute() ++ priv.Precomputed.fips = nil ++ } + b := privCache.Get(priv) + if b != nil && privateKeyEqual(&b.orig, priv) { + return b.key, nil diff --git a/src/crypto/rsa/boring_test.go b/src/crypto/rsa/boring_test.go index 838fcc1244bdbe..d89f732345e8a3 100644 --- a/src/crypto/rsa/boring_test.go @@ -1234,7 +1369,7 @@ index 838fcc1244bdbe..d89f732345e8a3 100644 // Note: Can run these tests against the non-BoringCrypto // version of the code by using "CGO_ENABLED=0 go test". diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go -index 8373c125ae3096..cee523891d5897 100644 +index 8373c125ae3096..319fae6fb282db 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -6,7 +6,7 @@ package rsa @@ -1251,7 +1386,7 @@ index 8373c125ae3096..cee523891d5897 100644 } - if boring.Enabled && rand == boring.RandReader { -+ if boring.Enabled && rand == boring.RandReader && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsHash(hash) { ++ if boring.Enabled && rand == boring.RandReader && boring.SupportsRSASaltLength(true, opts.saltLength()) && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsHash(hash) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err @@ -1260,16 +1395,25 @@ index 8373c125ae3096..cee523891d5897 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSASaltLength(opts.saltLength()) && boring.SupportsHash(hash) { ++ if boring.Enabled && boring.SupportsRSASaltLength(false, opts.saltLength()) && boring.SupportsHash(hash) { bkey, err := boringPublicKey(pub) if err != nil { return err +@@ -197,7 +197,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l + + defer hash.Reset() + +- if boring.Enabled && random == boring.RandReader { ++ if boring.Enabled && random == boring.RandReader && boring.SupportsRSAOAEPLabel(label) { + hash.Reset() + k := pub.Size() + if len(msg) > k-2*hash.Size()-2 { @@ -250,7 +250,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, priv *PrivateKey, ciphertext []byte, l return nil, err } - if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsRSAOAEPLabel(label) { k := priv.Size() if len(ciphertext) > k || k < hash.Size()*2+2 { @@ -1278,10 +1422,19 @@ index 8373c125ae3096..cee523891d5897 100644 } - if boring.Enabled { -+ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) { ++ if boring.Enabled && boring.SupportsRSAKeyPrimes(len(priv.Primes)) && boring.SupportsPKCS1v15Hash(hash) { bkey, err := boringPrivateKey(priv) if err != nil { return nil, err +@@ -355,7 +355,7 @@ func VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) + return err + } + +- if boring.Enabled { ++ if boring.Enabled && boring.SupportsPKCS1v15Hash(hash) { + bkey, err := boringPublicKey(pub) + if err != nil { + return err diff --git a/src/crypto/rsa/notboring.go b/src/crypto/rsa/notboring.go index 2abc0436405f8a..3e4d6f3eef61e6 100644 --- a/src/crypto/rsa/notboring.go @@ -1355,10 +1508,10 @@ index c65552cd93526a..910416abe842f5 100644 ciphertext := decodeBase64("fjOVdirUzFoLlukv80dBllMLjXythIf22feqPrNo0YoIjzyzyoMFiLjAc/Y4krkeZ11XFThIrEvw\nkRiZcCq5ng==") _, err := DecryptPKCS1v15(nil, test512Key, ciphertext) diff --git a/src/crypto/rsa/pss_test.go b/src/crypto/rsa/pss_test.go -index e03f4ab06603c6..f31d492d53cf96 100644 +index e03f4ab06603c6..cd44f3af23b0d4 100644 --- a/src/crypto/rsa/pss_test.go +++ b/src/crypto/rsa/pss_test.go -@@ -8,6 +8,7 @@ import ( +@@ -8,12 +8,14 @@ import ( "bufio" "compress/bzip2" "crypto" @@ -1366,7 +1519,24 @@ index e03f4ab06603c6..f31d492d53cf96 100644 "crypto/internal/fips140" "crypto/rand" . "crypto/rsa" -@@ -180,6 +181,10 @@ func TestPSSSigning(t *testing.T) { + "crypto/sha256" + "crypto/sha512" + "encoding/hex" ++ "internal/goexperiment" + "math/big" + "os" + "strconv" +@@ -104,6 +106,9 @@ func TestPSSGolden(t *testing.T) { + hashed = h.Sum(hashed[:0]) + + if err := VerifyPSS(key, hash, hashed, sig, opts); err != nil { ++ if goexperiment.DarwinCrypto && key.N.BitLen() == 1025 { ++ t.Skip("CommonCrypto doesn't support golden test entries with this key size") ++ } + t.Error(err) + } + default: +@@ -180,6 +185,10 @@ func TestPSSSigning(t *testing.T) { continue } @@ -1377,7 +1547,7 @@ index e03f4ab06603c6..f31d492d53cf96 100644 opts.SaltLength = test.verifySaltLength err = VerifyPSS(&rsaPrivateKey.PublicKey, hash, hashed, sig, &opts) good := test.good -@@ -241,7 +246,9 @@ func fromHex(hexStr string) []byte { +@@ -241,7 +250,9 @@ func fromHex(hexStr string) []byte { func TestInvalidPSSSaltLength(t *testing.T) { t.Setenv("GODEBUG", "rsa1024min=0") @@ -2273,7 +2443,7 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 8d175079a8c793..48879720026837 100644 +index ab5539f978a266..484c95dfb65f60 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -495,7 +495,7 @@ var depsRules = ` @@ -2285,7 +2455,7 @@ index 8d175079a8c793..48879720026837 100644 crypto, hash !< FIPS; -@@ -537,6 +537,7 @@ var depsRules = ` +@@ -539,6 +539,7 @@ var depsRules = ` crypto/pbkdf2, crypto/ecdh, crypto/mlkem @@ -2293,7 +2463,7 @@ index 8d175079a8c793..48879720026837 100644 < CRYPTO; CGO, fmt, net !< CRYPTO; -@@ -561,7 +562,7 @@ var depsRules = ` +@@ -564,7 +565,7 @@ var depsRules = ` # TLS, Prince of Dependencies. diff --git a/patches/0008-Add-backend-code-gen.patch b/patches/0009-Add-backend-code-gen.patch similarity index 82% rename from patches/0008-Add-backend-code-gen.patch rename to patches/0009-Add-backend-code-gen.patch index 6ef13b7efdd..966a918bcbb 100644 --- a/patches/0008-Add-backend-code-gen.patch +++ b/patches/0009-Add-backend-code-gen.patch @@ -32,23 +32,31 @@ the repository to run the generators. .../exp_allowcryptofallback_on.go | 9 + src/internal/goexperiment/flags.go | 8 + .../backenderr_gen_conflict_boring_cng.go | 17 ++ + .../backenderr_gen_conflict_boring_darwin.go | 17 ++ .../backenderr_gen_conflict_boring_openssl.go | 17 ++ + .../backenderr_gen_conflict_cng_darwin.go | 17 ++ .../backenderr_gen_conflict_cng_openssl.go | 17 ++ + .../backenderr_gen_conflict_darwin_openssl.go | 17 ++ .../backenderr_gen_nofallback_boring.go | 24 ++ src/runtime/backenderr_gen_nofallback_cng.go | 24 ++ + .../backenderr_gen_nofallback_darwin.go | 24 ++ .../backenderr_gen_nofallback_openssl.go | 24 ++ ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 ++ .../backenderr_gen_systemcrypto_nobackend.go | 16 + - 14 files changed, 487 insertions(+), 1 deletion(-) + 18 files changed, 562 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go create mode 100644 src/internal/goexperiment/exp_allowcryptofallback_off.go create mode 100644 src/internal/goexperiment/exp_allowcryptofallback_on.go create mode 100644 src/runtime/backenderr_gen_conflict_boring_cng.go + create mode 100644 src/runtime/backenderr_gen_conflict_boring_darwin.go create mode 100644 src/runtime/backenderr_gen_conflict_boring_openssl.go + create mode 100644 src/runtime/backenderr_gen_conflict_cng_darwin.go create mode 100644 src/runtime/backenderr_gen_conflict_cng_openssl.go + create mode 100644 src/runtime/backenderr_gen_conflict_darwin_openssl.go create mode 100644 src/runtime/backenderr_gen_nofallback_boring.go create mode 100644 src/runtime/backenderr_gen_nofallback_cng.go + create mode 100644 src/runtime/backenderr_gen_nofallback_darwin.go create mode 100644 src/runtime/backenderr_gen_nofallback_openssl.go create mode 100644 src/runtime/backenderr_gen_requirefips_nosystemcrypto.go create mode 100644 src/runtime/backenderr_gen_systemcrypto_nobackend.go @@ -370,7 +378,7 @@ index 00000000000000..1ba948c8f207e5 + return bs +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go -index ad6081552af15d..d5948dbc5f8a2a 100644 +index 5c2f56d000a2a8..6f87fc053bb4b1 100644 --- a/src/crypto/internal/backend/nobackend.go +++ b/src/crypto/internal/backend/nobackend.go @@ -4,7 +4,7 @@ @@ -378,7 +386,7 @@ index ad6081552af15d..d5948dbc5f8a2a 100644 // Do not edit the build constraint by hand. It is generated by "backendgen.go". -//go:build ignore -+//go:build !(goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan) && !(goexperiment.cngcrypto && windows) && !(goexperiment.opensslcrypto && linux && cgo) ++//go:build !(goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan) && !(goexperiment.cngcrypto && windows) && !(goexperiment.darwincrypto && darwin && cgo) && !(goexperiment.opensslcrypto && linux && cgo) package backend @@ -413,10 +421,10 @@ index 00000000000000..8d0c3fde9ab5e8 +const AllowCryptoFallback = true +const AllowCryptoFallbackInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index c2f69930e2240e..c8e10ebc1696c4 100644 +index e6c9b7d5e62dc0..65d339be7dde32 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go -@@ -77,6 +77,14 @@ type Flags struct { +@@ -78,6 +78,14 @@ type Flags struct { // being used to build the Go program. SystemCrypto bool @@ -454,6 +462,29 @@ index 00000000000000..361db2a962d60f + For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips + ` +} +diff --git a/src/runtime/backenderr_gen_conflict_boring_darwin.go b/src/runtime/backenderr_gen_conflict_boring_darwin.go +new file mode 100644 +index 00000000000000..6c48a4e50fa72e +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_boring_darwin.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.boringcrypto && goexperiment.darwincrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The boring and darwin backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} diff --git a/src/runtime/backenderr_gen_conflict_boring_openssl.go b/src/runtime/backenderr_gen_conflict_boring_openssl.go new file mode 100644 index 00000000000000..91fac35011b24c @@ -477,6 +508,29 @@ index 00000000000000..91fac35011b24c + For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips + ` +} +diff --git a/src/runtime/backenderr_gen_conflict_cng_darwin.go b/src/runtime/backenderr_gen_conflict_cng_darwin.go +new file mode 100644 +index 00000000000000..2e82a5cff034b7 +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_cng_darwin.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.cngcrypto && goexperiment.darwincrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The cng and darwin backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} diff --git a/src/runtime/backenderr_gen_conflict_cng_openssl.go b/src/runtime/backenderr_gen_conflict_cng_openssl.go new file mode 100644 index 00000000000000..bf44084570bbbc @@ -500,6 +554,29 @@ index 00000000000000..bf44084570bbbc + For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips + ` +} +diff --git a/src/runtime/backenderr_gen_conflict_darwin_openssl.go b/src/runtime/backenderr_gen_conflict_darwin_openssl.go +new file mode 100644 +index 00000000000000..90f4361e28cd94 +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_darwin_openssl.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.darwincrypto && goexperiment.opensslcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The darwin and openssl backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} diff --git a/src/runtime/backenderr_gen_nofallback_boring.go b/src/runtime/backenderr_gen_nofallback_boring.go new file mode 100644 index 00000000000000..6db0ed6dc09639 @@ -560,9 +637,39 @@ index 00000000000000..ae7f798ea41225 + For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips + ` +} +diff --git a/src/runtime/backenderr_gen_nofallback_darwin.go b/src/runtime/backenderr_gen_nofallback_darwin.go +new file mode 100644 +index 00000000000000..8a32f2cb25bda2 +--- /dev/null ++++ b/src/runtime/backenderr_gen_nofallback_darwin.go +@@ -0,0 +1,24 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.darwincrypto && !(goexperiment.darwincrypto && darwin && cgo) && !goexperiment.allowcryptofallback ++ ++package runtime ++ ++func init() { ++ ` ++ The goexperiment.darwincrypto tag is specified, but other tags required to enable that backend were not met. ++ Required build tags: ++ goexperiment.darwincrypto && darwin && cgo ++ Please check your build environment and build command for a reason one or more of these tags weren't specified. ++ ++ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. ++ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. ++ Removing darwincrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. ++ ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} diff --git a/src/runtime/backenderr_gen_nofallback_openssl.go b/src/runtime/backenderr_gen_nofallback_openssl.go new file mode 100644 -index 00000000000000..351be70262084b +index 00000000000000..7e1679dfc37a23 --- /dev/null +++ b/src/runtime/backenderr_gen_nofallback_openssl.go @@ -0,0 +1,24 @@ @@ -615,7 +722,7 @@ index 00000000000000..1c015dd2b08972 +} diff --git a/src/runtime/backenderr_gen_systemcrypto_nobackend.go b/src/runtime/backenderr_gen_systemcrypto_nobackend.go new file mode 100644 -index 00000000000000..97ba7da6260b50 +index 00000000000000..95be7ad8d38cae --- /dev/null +++ b/src/runtime/backenderr_gen_systemcrypto_nobackend.go @@ -0,0 +1,16 @@ @@ -625,7 +732,7 @@ index 00000000000000..97ba7da6260b50 + +// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". + -+//go:build goexperiment.systemcrypto && !goexperiment.boringcrypto && !goexperiment.cngcrypto && !goexperiment.opensslcrypto ++//go:build goexperiment.systemcrypto && !goexperiment.boringcrypto && !goexperiment.cngcrypto && !goexperiment.darwincrypto && !goexperiment.opensslcrypto + +package runtime + diff --git a/patches/0009-Update-default-go.env.patch b/patches/0010-Update-default-go.env.patch similarity index 100% rename from patches/0009-Update-default-go.env.patch rename to patches/0010-Update-default-go.env.patch diff --git a/patches/0010-Skip-failing-tests-on-Windows.patch b/patches/0011-Skip-failing-tests-on-Windows.patch similarity index 100% rename from patches/0010-Skip-failing-tests-on-Windows.patch rename to patches/0011-Skip-failing-tests-on-Windows.patch diff --git a/patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0012-unset-GOFIPS-when-running-the-Go-toolchain.patch similarity index 100% rename from patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch rename to patches/0012-unset-GOFIPS-when-running-the-Go-toolchain.patch diff --git a/patches/0012-add-support-for-logging-used-Windows-APIs.patch b/patches/0013-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0012-add-support-for-logging-used-Windows-APIs.patch rename to patches/0013-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0013-remove-long-path-support-hack.patch b/patches/0014-remove-long-path-support-hack.patch similarity index 100% rename from patches/0013-remove-long-path-support-hack.patch rename to patches/0014-remove-long-path-support-hack.patch diff --git a/patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0015-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0015-Omit-internal-go.mod-files-used-for-codegen.patch diff --git a/patches/0015-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0016-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch similarity index 100% rename from patches/0015-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch rename to patches/0016-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch From 9dc29ab89bd54e235880c015a102daf0f38cbdd4 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Wed, 15 Jan 2025 16:34:16 +0100 Subject: [PATCH 192/887] Merge backend patch files --- .../0003-Add-crypto-backend-foundation.patch | 576 ----- ...03-Implement-crypto-internal-backend.patch | 2166 +++++++++++++++++ .../0004-Add-BoringSSL-crypto-backend.patch | 334 --- ...s.patch => 0004-Use-crypto-backends.patch} | 186 +- patches/0005-Add-OpenSSL-crypto-backend.patch | 507 ---- ....patch => 0005-Add-backend-code-gen.patch} | 0 patches/0006-Add-CNG-crypto-backend.patch | 413 ---- ...patch => 0006-Update-default-go.env.patch} | 0 patches/0007-Add-Darwin-crypto-backend.patch | 547 ----- ... 0007-Skip-failing-tests-on-Windows.patch} | 0 ...OFIPS-when-running-the-Go-toolchain.patch} | 0 ...pport-for-logging-used-Windows-APIs.patch} | 0 ... 0010-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 ...21-when-TLS-fipsonly-mode-is-enable.patch} | 0 15 files changed, 2346 insertions(+), 2383 deletions(-) delete mode 100644 patches/0003-Add-crypto-backend-foundation.patch create mode 100644 patches/0003-Implement-crypto-internal-backend.patch delete mode 100644 patches/0004-Add-BoringSSL-crypto-backend.patch rename patches/{0008-Use-crypto-backends.patch => 0004-Use-crypto-backends.patch} (92%) delete mode 100644 patches/0005-Add-OpenSSL-crypto-backend.patch rename patches/{0009-Add-backend-code-gen.patch => 0005-Add-backend-code-gen.patch} (100%) delete mode 100644 patches/0006-Add-CNG-crypto-backend.patch rename patches/{0010-Update-default-go.env.patch => 0006-Update-default-go.env.patch} (100%) delete mode 100644 patches/0007-Add-Darwin-crypto-backend.patch rename patches/{0011-Skip-failing-tests-on-Windows.patch => 0007-Skip-failing-tests-on-Windows.patch} (100%) rename patches/{0012-unset-GOFIPS-when-running-the-Go-toolchain.patch => 0008-unset-GOFIPS-when-running-the-Go-toolchain.patch} (100%) rename patches/{0013-add-support-for-logging-used-Windows-APIs.patch => 0009-add-support-for-logging-used-Windows-APIs.patch} (100%) rename patches/{0014-remove-long-path-support-hack.patch => 0010-remove-long-path-support-hack.patch} (100%) rename patches/{0015-Omit-internal-go.mod-files-used-for-codegen.patch => 0011-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) rename patches/{0016-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch => 0012-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch} (100%) diff --git a/patches/0003-Add-crypto-backend-foundation.patch b/patches/0003-Add-crypto-backend-foundation.patch deleted file mode 100644 index 1505ab5d1ff..00000000000 --- a/patches/0003-Add-crypto-backend-foundation.patch +++ /dev/null @@ -1,576 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: qmuntal -Date: Tue, 14 Jan 2025 11:09:56 +0100 -Subject: [PATCH] Add crypto backend foundation - ---- - src/crypto/internal/backend/backend_test.go | 30 +++ - src/crypto/internal/backend/bbig/big.go | 17 ++ - src/crypto/internal/backend/common.go | 58 +++++ - .../internal/backend/fips140/fips140.go | 55 ++++ - .../internal/backend/fips140/isrequirefips.go | 9 + - .../internal/backend/fips140/norequirefips.go | 9 + - .../backend/fips140/nosystemcrypto.go | 11 + - src/crypto/internal/backend/nobackend.go | 240 ++++++++++++++++++ - src/crypto/internal/backend/stub.s | 10 + - src/go/build/deps_test.go | 7 +- - src/runtime/runtime_boring.go | 5 + - 11 files changed, 450 insertions(+), 1 deletion(-) - create mode 100644 src/crypto/internal/backend/backend_test.go - create mode 100644 src/crypto/internal/backend/bbig/big.go - create mode 100644 src/crypto/internal/backend/common.go - create mode 100644 src/crypto/internal/backend/fips140/fips140.go - create mode 100644 src/crypto/internal/backend/fips140/isrequirefips.go - create mode 100644 src/crypto/internal/backend/fips140/norequirefips.go - create mode 100644 src/crypto/internal/backend/fips140/nosystemcrypto.go - create mode 100644 src/crypto/internal/backend/nobackend.go - create mode 100644 src/crypto/internal/backend/stub.s - -diff --git a/src/crypto/internal/backend/backend_test.go b/src/crypto/internal/backend/backend_test.go -new file mode 100644 -index 00000000000000..c2c06d3bff8c74 ---- /dev/null -+++ b/src/crypto/internal/backend/backend_test.go -@@ -0,0 +1,30 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package backend -+ -+import ( -+ "testing" -+) -+ -+// Test that Unreachable panics. -+func TestUnreachable(t *testing.T) { -+ defer func() { -+ if Enabled { -+ if err := recover(); err == nil { -+ t.Fatal("expected Unreachable to panic") -+ } -+ } else { -+ if err := recover(); err != nil { -+ t.Fatalf("expected Unreachable to be a no-op") -+ } -+ } -+ }() -+ Unreachable() -+} -+ -+// Test that UnreachableExceptTests does not panic (this is a test). -+func TestUnreachableExceptTests(t *testing.T) { -+ UnreachableExceptTests() -+} -diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go -new file mode 100644 -index 00000000000000..ab3f30825dcfa1 ---- /dev/null -+++ b/src/crypto/internal/backend/bbig/big.go -@@ -0,0 +1,17 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !goexperiment.systemcrypto || (goexperiment.darwincrypto && !cgo) -+ -+package bbig -+ -+import "math/big" -+ -+func Enc(b *big.Int) []uint { -+ return nil -+} -+ -+func Dec(b []uint) *big.Int { -+ return nil -+} -diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -new file mode 100644 -index 00000000000000..84447174284ffd ---- /dev/null -+++ b/src/crypto/internal/backend/common.go -@@ -0,0 +1,58 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package backend -+ -+import ( -+ "crypto/internal/backend/fips140" -+ "crypto/internal/boring/sig" -+ "runtime" -+) -+ -+func init() { -+ if fips140.Enabled() { -+ if !Enabled { -+ if runtime.GOOS != "linux" && runtime.GOOS != "windows" && runtime.GOOS != "darwin" { -+ panic("FIPS mode requested (" + fips140.Message + ") but no crypto backend is supported on " + runtime.GOOS) -+ } -+ panic("FIPS mode requested (" + fips140.Message + ") but no supported crypto backend is enabled") -+ } -+ } -+} -+ -+// Unreachable marks code that should be unreachable -+// when backend is in use. -+func Unreachable() { -+ if Enabled { -+ panic("cryptobackend: invalid code execution") -+ } else { -+ // Code that's unreachable is exactly the code -+ // we want to detect for reporting standard Go crypto. -+ sig.StandardCrypto() -+ } -+} -+ -+// Provided by runtime.crypto_backend_runtime_arg0 to avoid os import. -+func runtime_arg0() string -+ -+func hasSuffix(s, t string) bool { -+ return len(s) > len(t) && s[len(s)-len(t):] == t -+} -+ -+// UnreachableExceptTests marks code that should be unreachable -+// when backend is in use. It panics. -+func UnreachableExceptTests() { -+ // runtime_arg0 is not supported on windows. -+ // We are going through the same code patch on linux, -+ // so if we are unintentionally calling an 'unreachable' function, -+ // we will catch it there. -+ if Enabled && runtime.GOOS != "windows" { -+ name := runtime_arg0() -+ // If ran on Windows we'd need to allow _test.exe and .test.exe as well. -+ if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { -+ println("cryptobackend: unexpected code execution in", name) -+ panic("cryptobackend: invalid code execution") -+ } -+ } -+} -diff --git a/src/crypto/internal/backend/fips140/fips140.go b/src/crypto/internal/backend/fips140/fips140.go -new file mode 100644 -index 00000000000000..f54d39970319af ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/fips140.go -@@ -0,0 +1,55 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package fips140 -+ -+import "syscall" -+ -+// Enabled reports whether FIPS 140 mode is enabled by using GOFIPS=1, GOLANG_FIPS=1, -+// the 'requirefips' build tag, or any other platform-specific mechanism. -+func Enabled() bool { -+ return enabled -+} -+ -+var enabled bool -+ -+// Disabled reports whether FIPS 140 mode is disabled by using GOFIPS=0 or GOLANG_FIPS=0. -+func Disabled() bool { -+ return disabled -+} -+ -+var disabled bool -+ -+// Message is a human-readable message about how [Enabled] was set. -+var Message string -+ -+func init() { -+ // TODO: Decide which environment variable to use. -+ // See https://github.com/microsoft/go/issues/397. -+ var value string -+ var ok bool -+ if value, ok = syscall.Getenv("GOFIPS"); ok { -+ Message = "environment variable GOFIPS" -+ } else if value, ok = syscall.Getenv("GOLANG_FIPS"); ok { -+ Message = "environment variable GOLANG_FIPS" -+ } else if systemFIPSMode() { -+ Message = "system FIPS mode" -+ value = "1" -+ } -+ if value == "1" { -+ enabled = true -+ } else if value == "0" { -+ disabled = true -+ } -+ if isRequireFIPS { -+ if disabled { -+ panic("the 'requirefips' build tag is enabled, but it conflicts " + -+ "with the " + Message + "=" + value + -+ " which would disable FIPS mode") -+ } -+ Message = "requirefips tag set" -+ enabled = true -+ return -+ } -+} -\ No newline at end of file -diff --git a/src/crypto/internal/backend/fips140/isrequirefips.go b/src/crypto/internal/backend/fips140/isrequirefips.go -new file mode 100644 -index 00000000000000..b33d08c84e2dae ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/isrequirefips.go -@@ -0,0 +1,9 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build requirefips -+ -+package fips140 -+ -+const isRequireFIPS = true -\ No newline at end of file -diff --git a/src/crypto/internal/backend/fips140/norequirefips.go b/src/crypto/internal/backend/fips140/norequirefips.go -new file mode 100644 -index 00000000000000..6f01b9a3524dee ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/norequirefips.go -@@ -0,0 +1,9 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !requirefips -+ -+package fips140 -+ -+const isRequireFIPS = false -\ No newline at end of file -diff --git a/src/crypto/internal/backend/fips140/nosystemcrypto.go b/src/crypto/internal/backend/fips140/nosystemcrypto.go -new file mode 100644 -index 00000000000000..83691d7dd42d51 ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/nosystemcrypto.go -@@ -0,0 +1,11 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build !goexperiment.systemcrypto -+ -+package fips140 -+ -+func systemFIPSMode() bool { -+ return false -+} -diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go -new file mode 100644 -index 00000000000000..eca1ceab2a04b9 ---- /dev/null -+++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,240 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// Do not edit the build constraint by hand. It is generated by "backendgen.go". -+ -+//go:build ignore -+ -+package backend -+ -+import ( -+ "crypto" -+ "crypto/cipher" -+ "hash" -+) -+ -+const Enabled = false -+ -+type BigInt = []uint -+ -+type randReader int -+ -+func (randReader) Read(b []byte) (int, error) { panic("cryptobackend: not available") } -+ -+const RandReader = randReader(0) -+ -+func SupportsHash(h crypto.Hash) bool { panic("cryptobackend: not available") } -+ -+func SupportsCurve(curve string) bool { panic("cryptobackend: not available") } -+func SupportsRSAOAEPLabel(label []byte) bool { panic("cryptobackend: not available") } -+func SupportsPKCS1v15Hash(hash crypto.Hash) bool { panic("cryptobackend: not available") } -+ -+func NewMD5() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA1() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA224() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA256() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA384() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA512() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA512_224() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA512_256() hash.Hash { panic("cryptobackend: not available") } -+ -+func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } -+func SHA1(p []byte) (sum [20]byte) { panic("cryptobackend: not available") } -+func SHA224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } -+func SHA256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } -+func SHA384(p []byte) (sum [48]byte) { panic("cryptobackend: not available") } -+func SHA512(p []byte) (sum [64]byte) { panic("cryptobackend: not available") } -+func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } -+func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } -+ -+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { panic("cryptobackend: not available") } -+ -+func NewAESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } -+ -+type PublicKeyECDSA struct{ _ int } -+type PrivateKeyECDSA struct{ _ int } -+ -+func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error) { -+ panic("cryptobackend: not available") -+} -+func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) { -+ panic("cryptobackend: not available") -+} -+func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsRSAKeyPrimes(primes int) bool { panic("cryptobackend: not available") } -+func SupportsRSASaltLength(sign bool, salt int) bool { panic("cryptobackend: not available") } -+ -+type PublicKeyRSA struct{ _ int } -+type PrivateKeyRSA struct{ _ int } -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error) { -+ panic("cryptobackend: not available") -+} -+func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) { -+ panic("cryptobackend: not available") -+} -+func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ panic("cryptobackend: not available") -+} -+func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ panic("cryptobackend: not available") -+} -+ -+type PublicKeyECDH struct{} -+type PrivateKeyECDH struct{} -+ -+func ECDH(*PrivateKeyECDH, *PublicKeyECDH) ([]byte, error) { panic("cryptobackend: not available") } -+func GenerateKeyECDH(string) (*PrivateKeyECDH, []byte, error) { panic("cryptobackend: not available") } -+func NewPrivateKeyECDH(string, []byte) (*PrivateKeyECDH, error) { -+ panic("cryptobackend: not available") -+} -+func NewPublicKeyECDH(string, []byte) (*PublicKeyECDH, error) { panic("cryptobackend: not available") } -+func (*PublicKeyECDH) Bytes() []byte { panic("cryptobackend: not available") } -+func (*PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { panic("cryptobackend: not available") } -+ -+func SupportsHKDF() bool { panic("cryptobackend: not available") } -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsPBKDF2() bool { panic("cryptobackend: not available") } -+ -+func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsTLS1PRF() bool { panic("cryptobackend: not available") } -+ -+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsDESCipher() bool { panic("cryptobackend: not available") } -+ -+func SupportsTripleDESCipher() bool { panic("cryptobackend: not available") } -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } -+ -+func SupportsRC4() bool { panic("cryptobackend: not available") } -+ -+type RC4Cipher struct{} -+ -+func (c *RC4Cipher) Reset() { panic("cryptobackend: not available") } -+func (c *RC4Cipher) XORKeyStream(dst, src []byte) { panic("cryptobackend: not available") } -+ -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { panic("cryptobackend: not available") } -+ -+func SupportsEd25519() bool { panic("cryptobackend: not available") } -+ -+type PublicKeyEd25519 struct{} -+ -+func (k PublicKeyEd25519) Bytes() ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+type PrivateKeyEd25519 struct{} -+ -+func (k PrivateKeyEd25519) Bytes() ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func GenerateKeyEd25519() (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsDSA(l, n int) bool { -+ panic("cryptobackend: not available") -+} -+ -+func GenerateParametersDSA(l, n int) (p, q, g BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+type PublicKeyDSA struct{ _ int } -+type PrivateKeyDSA struct{ _ int } -+ -+func GenerateKeyDSA(p, q, g BigInt) (x, y BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyDSA(p, q, g, x, y BigInt) (*PrivateKeyDSA, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPublicKeyDSA(p, q, g, y BigInt) (*PublicKeyDSA, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (BigInt, BigInt, error)) (r, s BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt, encodeSignature func(r, s BigInt) ([]byte, error)) bool { -+ panic("cryptobackend: not available") -+} -diff --git a/src/crypto/internal/backend/stub.s b/src/crypto/internal/backend/stub.s -new file mode 100644 -index 00000000000000..5e4b436554d44d ---- /dev/null -+++ b/src/crypto/internal/backend/stub.s -@@ -0,0 +1,10 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// runtime_arg0 is declared in common.go without a body. -+// It's provided by package runtime, -+// but the go command doesn't know that. -+// Having this assembly file keeps the go command -+// from complaining about the missing body -+// (because the implementation might be here). -diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e017efb1562379..ab5539f978a266 100644 ---- a/src/go/build/deps_test.go -+++ b/src/go/build/deps_test.go -@@ -493,6 +493,8 @@ var depsRules = ` - < crypto/internal/fips140/rsa - < FIPS; - -+ syscall < crypto/internal/backend/fips140; -+ - FIPS, internal/godebug < crypto/fips140; - - crypto, hash !< FIPS; -@@ -506,7 +508,8 @@ var depsRules = ` - FIPS, internal/godebug, hash, embed, encoding/binary, - crypto/internal/boring/sig, - crypto/internal/boring/syso, -- crypto/internal/boring/bcache -+ crypto/internal/boring/bcache, -+ crypto/internal/backend/fips140 - < crypto/internal/fips140only - < crypto - < crypto/subtle -@@ -522,6 +525,7 @@ var depsRules = ` - < github.com/microsoft/go-crypto-winnative/internal/bcrypt - < github.com/microsoft/go-crypto-winnative/cng - < crypto/internal/boring -+ < crypto/internal/backend - < crypto/boring - < crypto/aes, - crypto/des, -@@ -546,6 +550,7 @@ var depsRules = ` - < github.com/microsoft/go-crypto-darwin/bbig - < github.com/microsoft/go-crypto-winnative/cng/bbig - < crypto/internal/boring/bbig -+ < crypto/internal/backend/bbig - < crypto/rand - < crypto/ed25519 # depends on crypto/rand.Reader - < encoding/asn1 -diff --git a/src/runtime/runtime_boring.go b/src/runtime/runtime_boring.go -index 5a98b20253181c..9042f2c2795e19 100644 ---- a/src/runtime/runtime_boring.go -+++ b/src/runtime/runtime_boring.go -@@ -17,3 +17,8 @@ func boring_runtime_arg0() string { - - //go:linkname fipstls_runtime_arg0 crypto/internal/boring/fipstls.runtime_arg0 - func fipstls_runtime_arg0() string { return boring_runtime_arg0() } -+ -+//go:linkname crypto_backend_runtime_arg0 crypto/internal/backend.runtime_arg0 -+func crypto_backend_runtime_arg0() string { -+ return boring_runtime_arg0() -+} diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch new file mode 100644 index 00000000000..5f7843d851e --- /dev/null +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -0,0 +1,2166 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: qmuntal +Date: Wed, 15 Jan 2025 16:32:26 +0100 +Subject: [PATCH] Implement crypto/internal/backend + +--- + .gitignore | 2 + + src/crypto/internal/backend/backend_test.go | 30 ++ + src/crypto/internal/backend/bbig/big.go | 17 + + .../internal/backend/bbig/big_boring.go | 12 + + src/crypto/internal/backend/bbig/big_cng.go | 12 + + .../internal/backend/bbig/big_darwin.go | 12 + + .../internal/backend/bbig/big_openssl.go | 12 + + src/crypto/internal/backend/boring_linux.go | 279 ++++++++++++++ + src/crypto/internal/backend/cng_windows.go | 336 ++++++++++++++++ + src/crypto/internal/backend/common.go | 58 +++ + src/crypto/internal/backend/darwin_darwin.go | 359 +++++++++++++++++ + src/crypto/internal/backend/fips140/boring.go | 11 + + src/crypto/internal/backend/fips140/cng.go | 33 ++ + src/crypto/internal/backend/fips140/darwin.go | 11 + + .../internal/backend/fips140/fips140.go | 55 +++ + .../internal/backend/fips140/isrequirefips.go | 9 + + .../internal/backend/fips140/norequirefips.go | 9 + + .../backend/fips140/nosystemcrypto.go | 11 + + .../internal/backend/fips140/openssl.go | 41 ++ + src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ + src/crypto/internal/backend/stub.s | 10 + + src/go/build/deps_test.go | 7 +- + src/runtime/runtime_boring.go | 5 + + 24 files changed, 1932 insertions(+), 1 deletion(-) + create mode 100644 src/crypto/internal/backend/backend_test.go + create mode 100644 src/crypto/internal/backend/bbig/big.go + create mode 100644 src/crypto/internal/backend/bbig/big_boring.go + create mode 100644 src/crypto/internal/backend/bbig/big_cng.go + create mode 100644 src/crypto/internal/backend/bbig/big_darwin.go + create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go + create mode 100644 src/crypto/internal/backend/boring_linux.go + create mode 100644 src/crypto/internal/backend/cng_windows.go + create mode 100644 src/crypto/internal/backend/common.go + create mode 100644 src/crypto/internal/backend/darwin_darwin.go + create mode 100644 src/crypto/internal/backend/fips140/boring.go + create mode 100644 src/crypto/internal/backend/fips140/cng.go + create mode 100644 src/crypto/internal/backend/fips140/darwin.go + create mode 100644 src/crypto/internal/backend/fips140/fips140.go + create mode 100644 src/crypto/internal/backend/fips140/isrequirefips.go + create mode 100644 src/crypto/internal/backend/fips140/norequirefips.go + create mode 100644 src/crypto/internal/backend/fips140/nosystemcrypto.go + create mode 100644 src/crypto/internal/backend/fips140/openssl.go + create mode 100644 src/crypto/internal/backend/nobackend.go + create mode 100644 src/crypto/internal/backend/openssl_linux.go + create mode 100644 src/crypto/internal/backend/stub.s + +diff --git a/.gitignore b/.gitignore +index c6512e64a4ef39..b3b01db73b009d 100644 +--- a/.gitignore ++++ b/.gitignore +@@ -46,6 +46,8 @@ _testmain.go + /test/run.out + /test/times.out + ++!/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o ++ + # This file includes artifacts of Go build that should not be checked in. + # For files created by specific development environment (e.g. editor), + # use alternative ways to exclude files from git. +diff --git a/src/crypto/internal/backend/backend_test.go b/src/crypto/internal/backend/backend_test.go +new file mode 100644 +index 00000000000000..c2c06d3bff8c74 +--- /dev/null ++++ b/src/crypto/internal/backend/backend_test.go +@@ -0,0 +1,30 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package backend ++ ++import ( ++ "testing" ++) ++ ++// Test that Unreachable panics. ++func TestUnreachable(t *testing.T) { ++ defer func() { ++ if Enabled { ++ if err := recover(); err == nil { ++ t.Fatal("expected Unreachable to panic") ++ } ++ } else { ++ if err := recover(); err != nil { ++ t.Fatalf("expected Unreachable to be a no-op") ++ } ++ } ++ }() ++ Unreachable() ++} ++ ++// Test that UnreachableExceptTests does not panic (this is a test). ++func TestUnreachableExceptTests(t *testing.T) { ++ UnreachableExceptTests() ++} +diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go +new file mode 100644 +index 00000000000000..ab3f30825dcfa1 +--- /dev/null ++++ b/src/crypto/internal/backend/bbig/big.go +@@ -0,0 +1,17 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !goexperiment.systemcrypto || (goexperiment.darwincrypto && !cgo) ++ ++package bbig ++ ++import "math/big" ++ ++func Enc(b *big.Int) []uint { ++ return nil ++} ++ ++func Dec(b []uint) *big.Int { ++ return nil ++} +diff --git a/src/crypto/internal/backend/bbig/big_boring.go b/src/crypto/internal/backend/bbig/big_boring.go +new file mode 100644 +index 00000000000000..0b62cef68546d0 +--- /dev/null ++++ b/src/crypto/internal/backend/bbig/big_boring.go +@@ -0,0 +1,12 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.boringcrypto ++ ++package bbig ++ ++import "crypto/internal/boring/bbig" ++ ++var Enc = bbig.Enc ++var Dec = bbig.Dec +diff --git a/src/crypto/internal/backend/bbig/big_cng.go b/src/crypto/internal/backend/bbig/big_cng.go +new file mode 100644 +index 00000000000000..92623031fd87d0 +--- /dev/null ++++ b/src/crypto/internal/backend/bbig/big_cng.go +@@ -0,0 +1,12 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.cngcrypto ++ ++package bbig ++ ++import "github.com/microsoft/go-crypto-winnative/cng/bbig" ++ ++var Enc = bbig.Enc ++var Dec = bbig.Dec +diff --git a/src/crypto/internal/backend/bbig/big_darwin.go b/src/crypto/internal/backend/bbig/big_darwin.go +new file mode 100644 +index 00000000000000..77f3ca5d262769 +--- /dev/null ++++ b/src/crypto/internal/backend/bbig/big_darwin.go +@@ -0,0 +1,12 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto && cgo ++ ++package bbig ++ ++import "github.com/microsoft/go-crypto-darwin/bbig" ++ ++var Enc = bbig.Enc ++var Dec = bbig.Dec +diff --git a/src/crypto/internal/backend/bbig/big_openssl.go b/src/crypto/internal/backend/bbig/big_openssl.go +new file mode 100644 +index 00000000000000..e6695dd66b1d02 +--- /dev/null ++++ b/src/crypto/internal/backend/bbig/big_openssl.go +@@ -0,0 +1,12 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto ++ ++package bbig ++ ++import "github.com/golang-fips/openssl/v2/bbig" ++ ++var Enc = bbig.Enc ++var Dec = bbig.Dec +diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go +new file mode 100644 +index 00000000000000..f06fcc63b5af11 +--- /dev/null ++++ b/src/crypto/internal/backend/boring_linux.go +@@ -0,0 +1,279 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan ++ ++// Package boring provides access to BoringCrypto implementation functions. ++// Check the variable Enabled to find out whether BoringCrypto is available. ++// If BoringCrypto is not available, the functions in this package all panic. ++package backend ++ ++import ( ++ "crypto" ++ "crypto/cipher" ++ "crypto/internal/boring" ++ "hash" ++) ++ ++const Enabled = true ++ ++type BigInt = boring.BigInt ++ ++const RandReader = boring.RandReader ++ ++func SupportsHash(h crypto.Hash) bool { ++ switch h { ++ case crypto.MD5SHA1, crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512: ++ return true ++ default: ++ return false ++ } ++} ++ ++func SupportsCurve(curve string) bool { return true } ++func SupportsRSAOAEPLabel(label []byte) bool { return true } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } ++ ++func NewMD5() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA1() hash.Hash { return boring.NewSHA1() } ++func NewSHA224() hash.Hash { return boring.NewSHA224() } ++func NewSHA256() hash.Hash { return boring.NewSHA256() } ++func NewSHA384() hash.Hash { return boring.NewSHA384() } ++func NewSHA512() hash.Hash { return boring.NewSHA512() } ++func NewSHA512_224() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512_256() hash.Hash { panic("cryptobackend: not available") } ++ ++func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } ++func SHA1(p []byte) (sum [20]byte) { return boring.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { return boring.SHA224(p) } ++func SHA256(p []byte) (sum [32]byte) { return boring.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return boring.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return boring.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } ++ ++func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return boring.NewHMAC(h, key) } ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) } ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) } ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS13(c) } ++ ++type PublicKeyECDSA = boring.PublicKeyECDSA ++type PrivateKeyECDSA = boring.PrivateKeyECDSA ++ ++func GenerateKeyECDSA(curve string) (X, Y, D boring.BigInt, err error) { ++ return boring.GenerateKeyECDSA(curve) ++} ++ ++func NewPrivateKeyECDSA(curve string, X, Y, D boring.BigInt) (*boring.PrivateKeyECDSA, error) { ++ return boring.NewPrivateKeyECDSA(curve, X, Y, D) ++} ++ ++func NewPublicKeyECDSA(curve string, X, Y boring.BigInt) (*boring.PublicKeyECDSA, error) { ++ return boring.NewPublicKeyECDSA(curve, X, Y) ++} ++ ++func SignMarshalECDSA(priv *boring.PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ return boring.SignMarshalECDSA(priv, hash) ++} ++ ++func VerifyECDSA(pub *boring.PublicKeyECDSA, hash []byte, sig []byte) bool { ++ return boring.VerifyECDSA(pub, hash, sig) ++} ++ ++func SupportsRSAKeyPrimes(primes int) bool { ++ return true ++} ++ ++func SupportsRSASaltLength(sign bool, salt int) bool { ++ return true ++} ++ ++type PublicKeyRSA = boring.PublicKeyRSA ++type PrivateKeyRSA = boring.PrivateKeyRSA ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *boring.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return boring.DecryptRSAOAEP(h, mgfHash, priv, ciphertext, label) ++} ++ ++func DecryptRSAPKCS1(priv *boring.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return boring.DecryptRSAPKCS1(priv, ciphertext) ++} ++ ++func DecryptRSANoPadding(priv *boring.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return boring.DecryptRSANoPadding(priv, ciphertext) ++} ++ ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *boring.PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return boring.EncryptRSAOAEP(h, mgfHash, pub, msg, label) ++} ++ ++func EncryptRSAPKCS1(pub *boring.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return boring.EncryptRSAPKCS1(pub, msg) ++} ++ ++func EncryptRSANoPadding(pub *boring.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return boring.EncryptRSANoPadding(pub, msg) ++} ++ ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv boring.BigInt, err error) { ++ return boring.GenerateKeyRSA(bits) ++} ++ ++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv boring.BigInt) (*boring.PrivateKeyRSA, error) { ++ return boring.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) ++} ++ ++func NewPublicKeyRSA(N, E boring.BigInt) (*boring.PublicKeyRSA, error) { ++ return boring.NewPublicKeyRSA(N, E) ++} ++ ++func SignRSAPKCS1v15(priv *boring.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return boring.SignRSAPKCS1v15(priv, h, hashed) ++} ++ ++func SignRSAPSS(priv *boring.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return boring.SignRSAPSS(priv, h, hashed, saltLen) ++} ++ ++func VerifyRSAPKCS1v15(pub *boring.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ return boring.VerifyRSAPKCS1v15(pub, h, hashed, sig) ++} ++ ++func VerifyRSAPSS(pub *boring.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return boring.VerifyRSAPSS(pub, h, hashed, sig, saltLen) ++} ++ ++type PublicKeyECDH = boring.PublicKeyECDH ++type PrivateKeyECDH = boring.PrivateKeyECDH ++ ++func ECDH(priv *boring.PrivateKeyECDH, pub *boring.PublicKeyECDH) ([]byte, error) { ++ return boring.ECDH(priv, pub) ++} ++ ++func GenerateKeyECDH(curve string) (*boring.PrivateKeyECDH, []byte, error) { ++ return boring.GenerateKeyECDH(curve) ++} ++ ++func NewPrivateKeyECDH(curve string, bytes []byte) (*boring.PrivateKeyECDH, error) { ++ return boring.NewPrivateKeyECDH(curve, bytes) ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*boring.PublicKeyECDH, error) { ++ return boring.NewPublicKeyECDH(curve, bytes) ++} ++ ++func SupportsHKDF() bool { return false } ++ ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsPBKDF2() bool { return false } ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsTLS1PRF() bool { return false } ++ ++func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsDESCipher() bool { return false } ++ ++func SupportsTripleDESCipher() bool { return false } ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsRC4() bool { return false } ++ ++type RC4Cipher struct{} ++ ++func (c *RC4Cipher) Reset() { panic("cryptobackend: not available") } ++func (c *RC4Cipher) XORKeyStream(dst, src []byte) { panic("cryptobackend: not available") } ++ ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsEd25519() bool { return false } ++ ++type PublicKeyEd25519 struct{} ++ ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyEd25519 struct{} ++ ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsDSA(l, n int) bool { ++ return false ++} ++ ++func GenerateParametersDSA(l, n int) (p, q, g boring.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyDSA struct{} ++type PublicKeyDSA struct{} ++ ++func GenerateKeyDSA(p, q, g boring.BigInt) (x, y boring.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y boring.BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyDSA(p, q, g, y boring.BigInt) (*PublicKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (boring.BigInt, boring.BigInt, error)) (r, s boring.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt, encodeSignature func(r, s boring.BigInt) ([]byte, error)) bool { ++ panic("cryptobackend: not available") ++} +diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go +new file mode 100644 +index 00000000000000..31dfc9b19ee63e +--- /dev/null ++++ b/src/crypto/internal/backend/cng_windows.go +@@ -0,0 +1,336 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.cngcrypto && windows ++ ++// Package cng provides access to CNGCrypto implementation functions. ++// Check the variable Enabled to find out whether CNGCrypto is available. ++// If CNGCrypto is not available, the functions in this package all panic. ++package backend ++ ++import ( ++ "crypto" ++ "crypto/cipher" ++ "crypto/internal/backend/fips140" ++ "crypto/internal/boring/sig" ++ "hash" ++ _ "unsafe" ++ ++ "github.com/microsoft/go-crypto-winnative/cng" ++) ++ ++// Enabled controls whether FIPS crypto is enabled. ++const Enabled = true ++ ++type BigInt = cng.BigInt ++ ++func init() { ++ if fips140.Enabled() { ++ enabled, err := cng.FIPS() ++ if err != nil { ++ panic("cngcrypto: unknown FIPS mode: " + err.Error()) ++ } ++ if !enabled { ++ panic("cngcrypto: not in FIPS mode") ++ } ++ } ++ sig.BoringCrypto() ++} ++ ++const RandReader = cng.RandReader ++ ++func SupportsHash(h crypto.Hash) bool { ++ return cng.SupportsHash(h) ++} ++ ++func SupportsCurve(curve string) bool { return true } ++func SupportsRSAOAEPLabel(label []byte) bool { return true } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } ++ ++func NewMD5() hash.Hash { return cng.NewMD5() } ++func NewSHA1() hash.Hash { return cng.NewSHA1() } ++func NewSHA224() hash.Hash { panic("cngcrypto: not available") } ++func NewSHA256() hash.Hash { return cng.NewSHA256() } ++func NewSHA384() hash.Hash { return cng.NewSHA384() } ++func NewSHA512() hash.Hash { return cng.NewSHA512() } ++func NewSHA512_224() hash.Hash { panic("cngcrypto: not available") } ++func NewSHA512_256() hash.Hash { panic("cngcrypto: not available") } ++ ++func MD5(p []byte) (sum [16]byte) { return cng.MD5(p) } ++func SHA1(p []byte) (sum [20]byte) { return cng.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } ++func SHA256(p []byte) (sum [32]byte) { return cng.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return cng.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return cng.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cngcrypto: not available") } ++ ++func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { ++ return cng.NewHMAC(h, key) ++} ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ return cng.NewAESCipher(key) ++} ++ ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { ++ return cng.NewGCMTLS(c) ++} ++ ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { ++ return cng.NewGCMTLS13(c) ++} ++ ++type PublicKeyECDSA = cng.PublicKeyECDSA ++type PrivateKeyECDSA = cng.PrivateKeyECDSA ++ ++func GenerateKeyECDSA(curve string) (X, Y, D cng.BigInt, err error) { ++ return cng.GenerateKeyECDSA(curve) ++} ++ ++func NewPrivateKeyECDSA(curve string, X, Y, D cng.BigInt) (*cng.PrivateKeyECDSA, error) { ++ return cng.NewPrivateKeyECDSA(curve, X, Y, D) ++} ++ ++func NewPublicKeyECDSA(curve string, X, Y cng.BigInt) (*cng.PublicKeyECDSA, error) { ++ return cng.NewPublicKeyECDSA(curve, X, Y) ++} ++ ++//go:linkname encodeSignature crypto/ecdsa.encodeSignature ++func encodeSignature(r, s []byte) ([]byte, error) ++ ++//go:linkname parseSignature crypto/ecdsa.parseSignature ++func parseSignature(sig []byte) (r, s []byte, err error) ++ ++func SignMarshalECDSA(priv *cng.PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ r, s, err := cng.SignECDSA(priv, hash) ++ if err != nil { ++ return nil, err ++ } ++ return encodeSignature(r, s) ++} ++ ++func VerifyECDSA(pub *cng.PublicKeyECDSA, hash []byte, sig []byte) bool { ++ rBytes, sBytes, err := parseSignature(sig) ++ if err != nil { ++ return false ++ } ++ return cng.VerifyECDSA(pub, hash, cng.BigInt(rBytes), cng.BigInt(sBytes)) ++} ++ ++func SignECDSA(priv *cng.PrivateKeyECDSA, hash []byte) (r, s cng.BigInt, err error) { ++ return cng.SignECDSA(priv, hash) ++} ++ ++func VerifyECDSARaw(pub *cng.PublicKeyECDSA, hash []byte, r, s cng.BigInt) bool { ++ return cng.VerifyECDSA(pub, hash, r, s) ++} ++ ++func SupportsRSAKeyPrimes(primes int) bool { ++ // CNG only supports 2-prime RSA keys. ++ return primes == 2 ++} ++ ++func SupportsRSASaltLength(sign bool, salt int) bool { ++ if sign { ++ return true ++ } ++ return salt != 0 // rsa.PSSSaltLengthAuto ++} ++ ++type PublicKeyRSA = cng.PublicKeyRSA ++type PrivateKeyRSA = cng.PrivateKeyRSA ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *cng.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return cng.DecryptRSAOAEP(h, priv, ciphertext, label) ++} ++ ++func DecryptRSAPKCS1(priv *cng.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return cng.DecryptRSAPKCS1(priv, ciphertext) ++} ++ ++func DecryptRSANoPadding(priv *cng.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return cng.DecryptRSANoPadding(priv, ciphertext) ++} ++ ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *cng.PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return cng.EncryptRSAOAEP(h, pub, msg, label) ++} ++ ++func EncryptRSAPKCS1(pub *cng.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return cng.EncryptRSAPKCS1(pub, msg) ++} ++ ++func EncryptRSANoPadding(pub *cng.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return cng.EncryptRSANoPadding(pub, msg) ++} ++ ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv cng.BigInt, err error) { ++ return cng.GenerateKeyRSA(bits) ++} ++ ++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv cng.BigInt) (*cng.PrivateKeyRSA, error) { ++ return cng.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) ++} ++ ++func NewPublicKeyRSA(N, E cng.BigInt) (*cng.PublicKeyRSA, error) { ++ return cng.NewPublicKeyRSA(N, E) ++} ++ ++func SignRSAPKCS1v15(priv *cng.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return cng.SignRSAPKCS1v15(priv, h, hashed) ++} ++ ++func SignRSAPSS(priv *cng.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return cng.SignRSAPSS(priv, h, hashed, saltLen) ++} ++ ++func VerifyRSAPKCS1v15(pub *cng.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ return cng.VerifyRSAPKCS1v15(pub, h, hashed, sig) ++} ++ ++func VerifyRSAPSS(pub *cng.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return cng.VerifyRSAPSS(pub, h, hashed, sig, saltLen) ++} ++ ++type PrivateKeyECDH = cng.PrivateKeyECDH ++type PublicKeyECDH = cng.PublicKeyECDH ++ ++func ECDH(priv *cng.PrivateKeyECDH, pub *cng.PublicKeyECDH) ([]byte, error) { ++ return cng.ECDH(priv, pub) ++} ++ ++func GenerateKeyECDH(curve string) (*cng.PrivateKeyECDH, []byte, error) { ++ return cng.GenerateKeyECDH(curve) ++} ++ ++func NewPrivateKeyECDH(curve string, bytes []byte) (*cng.PrivateKeyECDH, error) { ++ return cng.NewPrivateKeyECDH(curve, bytes) ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*cng.PublicKeyECDH, error) { ++ return cng.NewPublicKeyECDH(curve, bytes) ++} ++ ++func SupportsHKDF() bool { ++ return cng.SupportsHKDF() ++} ++ ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ return cng.ExpandHKDF(h, pseudorandomKey, info, keyLength) ++} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ return cng.ExtractHKDF(h, secret, salt) ++} ++ ++func SupportsPBKDF2() bool { return true } ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { ++ return cng.PBKDF2(password, salt, iter, keyLen, h) ++} ++ ++func SupportsTLS1PRF() bool { ++ return true ++} ++ ++func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++ return cng.TLS1PRF(result, secret, label, seed, h) ++} ++ ++func SupportsDESCipher() bool { ++ return true ++} ++ ++func SupportsTripleDESCipher() bool { ++ return true ++} ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ return cng.NewDESCipher(key) ++} ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ return cng.NewTripleDESCipher(key) ++} ++ ++func SupportsRC4() bool { return true } ++ ++type RC4Cipher = cng.RC4Cipher ++ ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return cng.NewRC4Cipher(key) } ++ ++func SupportsEd25519() bool { return false } ++ ++type PublicKeyEd25519 struct{} ++ ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyEd25519 struct{} ++ ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyDSA = cng.PrivateKeyDSA ++type PublicKeyDSA = cng.PublicKeyDSA ++ ++func SupportsDSA(l, n int) bool { ++ // These are the only N values supported by CNG ++ return n == 160 || n == 256 ++} ++ ++func GenerateParametersDSA(l, n int) (p, q, g cng.BigInt, err error) { ++ params, err := cng.GenerateParametersDSA(l) ++ if err != nil { ++ return nil, nil, nil, err ++ } ++ return params.P, params.Q, params.G, nil ++} ++ ++func GenerateKeyDSA(p, q, g cng.BigInt) (x, y cng.BigInt, err error) { ++ return cng.GenerateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}) ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y cng.BigInt) (*cng.PrivateKeyDSA, error) { ++ return cng.NewPrivateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}, x, y) ++} ++ ++func NewPublicKeyDSA(p, q, g, y cng.BigInt) (*cng.PublicKeyDSA, error) { ++ return cng.NewPublicKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}, y) ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (cng.BigInt, cng.BigInt, error)) (r, s cng.BigInt, err error) { ++ return cng.SignDSA(priv, hash) ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt, encodeSignature func(r, s cng.BigInt) ([]byte, error)) bool { ++ return cng.VerifyDSA(pub, hashed, r, s) ++} +diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go +new file mode 100644 +index 00000000000000..84447174284ffd +--- /dev/null ++++ b/src/crypto/internal/backend/common.go +@@ -0,0 +1,58 @@ ++// Copyright 2022 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package backend ++ ++import ( ++ "crypto/internal/backend/fips140" ++ "crypto/internal/boring/sig" ++ "runtime" ++) ++ ++func init() { ++ if fips140.Enabled() { ++ if !Enabled { ++ if runtime.GOOS != "linux" && runtime.GOOS != "windows" && runtime.GOOS != "darwin" { ++ panic("FIPS mode requested (" + fips140.Message + ") but no crypto backend is supported on " + runtime.GOOS) ++ } ++ panic("FIPS mode requested (" + fips140.Message + ") but no supported crypto backend is enabled") ++ } ++ } ++} ++ ++// Unreachable marks code that should be unreachable ++// when backend is in use. ++func Unreachable() { ++ if Enabled { ++ panic("cryptobackend: invalid code execution") ++ } else { ++ // Code that's unreachable is exactly the code ++ // we want to detect for reporting standard Go crypto. ++ sig.StandardCrypto() ++ } ++} ++ ++// Provided by runtime.crypto_backend_runtime_arg0 to avoid os import. ++func runtime_arg0() string ++ ++func hasSuffix(s, t string) bool { ++ return len(s) > len(t) && s[len(s)-len(t):] == t ++} ++ ++// UnreachableExceptTests marks code that should be unreachable ++// when backend is in use. It panics. ++func UnreachableExceptTests() { ++ // runtime_arg0 is not supported on windows. ++ // We are going through the same code patch on linux, ++ // so if we are unintentionally calling an 'unreachable' function, ++ // we will catch it there. ++ if Enabled && runtime.GOOS != "windows" { ++ name := runtime_arg0() ++ // If ran on Windows we'd need to allow _test.exe and .test.exe as well. ++ if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") { ++ println("cryptobackend: unexpected code execution in", name) ++ panic("cryptobackend: invalid code execution") ++ } ++ } ++} +diff --git a/src/crypto/internal/backend/darwin_darwin.go b/src/crypto/internal/backend/darwin_darwin.go +new file mode 100644 +index 00000000000000..2250852ada8cc8 +--- /dev/null ++++ b/src/crypto/internal/backend/darwin_darwin.go +@@ -0,0 +1,359 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto && darwin && cgo ++ ++// Package darwin provides access to DarwinCrypto implementation functions. ++// Check the variable Enabled to find out whether DarwinCrypto is available. ++// If DarwinCrypto is not available, the functions in this package all panic. ++package backend ++ ++import ( ++ "crypto" ++ "crypto/cipher" ++ "crypto/internal/boring/sig" ++ "crypto/internal/fips140/nistec" ++ "errors" ++ "hash" ++ _ "unsafe" ++ ++ "github.com/microsoft/go-crypto-darwin/xcrypto" ++) ++ ++// Enabled controls whether FIPS crypto is enabled. ++const Enabled = true ++ ++type BigInt = xcrypto.BigInt ++ ++func init() { ++ sig.BoringCrypto() ++} ++ ++const RandReader = xcrypto.RandReader ++ ++func SupportsHash(h crypto.Hash) bool { ++ return xcrypto.SupportsHash(h) ++} ++ ++func SupportsCurve(curve string) bool { ++ switch curve { ++ case "P-256", "P-384", "P-521": ++ return true ++ } ++ return false ++} ++ ++func SupportsRSAOAEPLabel(label []byte) bool { ++ // CommonCrypto doesn't support labels ++ // https://github.com/microsoft/go-crypto-darwin/issues/22 ++ return len(label) == 0 ++} ++ ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { ++ switch hash { ++ case crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512, 0: ++ return true ++ } ++ return false ++} ++ ++func NewMD5() hash.Hash { return xcrypto.NewMD5() } ++func NewSHA1() hash.Hash { return xcrypto.NewSHA1() } ++func NewSHA224() hash.Hash { return xcrypto.NewSHA224() } ++func NewSHA256() hash.Hash { return xcrypto.NewSHA256() } ++func NewSHA384() hash.Hash { return xcrypto.NewSHA384() } ++func NewSHA512() hash.Hash { return xcrypto.NewSHA512() } ++ ++func MD5(p []byte) (sum [16]byte) { return xcrypto.MD5(p) } ++func SHA1(p []byte) (sum [20]byte) { return xcrypto.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { return xcrypto.SHA224(p) } ++func SHA256(p []byte) (sum [32]byte) { return xcrypto.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return xcrypto.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return xcrypto.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } ++ ++func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { ++ return xcrypto.NewHMAC(h, key) ++} ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { ++ return xcrypto.NewAESCipher(key) ++} ++ ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { ++ return xcrypto.NewGCMTLS(c) ++} ++ ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { ++ return xcrypto.NewGCMTLS13(c) ++} ++ ++type PublicKeyECDSA = xcrypto.PublicKeyECDSA ++type PrivateKeyECDSA = xcrypto.PrivateKeyECDSA ++ ++func GenerateKeyECDSA(curve string) (X, Y, D xcrypto.BigInt, err error) { ++ return xcrypto.GenerateKeyECDSA(curve) ++} ++ ++func NewPrivateKeyECDSA(curve string, X, Y, D xcrypto.BigInt) (*xcrypto.PrivateKeyECDSA, error) { ++ return xcrypto.NewPrivateKeyECDSA(curve, X, Y, D) ++} ++ ++func NewPublicKeyECDSA(curve string, X, Y xcrypto.BigInt) (*xcrypto.PublicKeyECDSA, error) { ++ return xcrypto.NewPublicKeyECDSA(curve, X, Y) ++} ++ ++//go:linkname encodeSignature crypto/ecdsa.encodeSignature ++func encodeSignature(r, s []byte) ([]byte, error) ++ ++//go:linkname parseSignature crypto/ecdsa.parseSignature ++func parseSignature(sig []byte) (r, s []byte, err error) ++ ++func SignMarshalECDSA(priv *xcrypto.PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ return xcrypto.SignMarshalECDSA(priv, hash) ++} ++ ++func VerifyECDSA(pub *xcrypto.PublicKeyECDSA, hash []byte, sig []byte) bool { ++ return xcrypto.VerifyECDSA(pub, hash, sig) ++} ++ ++func SupportsRSAKeyPrimes(primes int) bool { ++ return primes == 2 ++} ++ ++func SupportsRSASaltLength(sign bool, salt int) bool { ++ // CommonCrypto doesn't support custom salt length ++ return salt == -1 ++} ++ ++type PublicKeyRSA = xcrypto.PublicKeyRSA ++type PrivateKeyRSA = xcrypto.PrivateKeyRSA ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *xcrypto.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return xcrypto.DecryptRSAOAEP(h, priv, ciphertext, label) ++} ++ ++func DecryptRSAPKCS1(priv *xcrypto.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return xcrypto.DecryptRSAPKCS1(priv, ciphertext) ++} ++ ++func DecryptRSANoPadding(priv *xcrypto.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return xcrypto.DecryptRSANoPadding(priv, ciphertext) ++} ++ ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *xcrypto.PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return xcrypto.EncryptRSAOAEP(h, pub, msg, label) ++} ++ ++func EncryptRSAPKCS1(pub *xcrypto.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return xcrypto.EncryptRSAPKCS1(pub, msg) ++} ++ ++func EncryptRSANoPadding(pub *xcrypto.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return xcrypto.EncryptRSANoPadding(pub, msg) ++} ++ ++//go:linkname decodeKeyRSA crypto/rsa.decodeKey ++func decodeKeyRSA(data []byte) (N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt, err error) ++ ++//go:linkname encodeKeyRSA crypto/rsa.encodeKey ++func encodeKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt) ([]byte, error) ++ ++//go:linkname encodePublicKeyRSA crypto/rsa.encodePublicKey ++func encodePublicKeyRSA(N, E xcrypto.BigInt) ([]byte, error) ++ ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt, err error) { ++ data, err := xcrypto.GenerateKeyRSA(bits) ++ if err != nil { ++ return ++ } ++ return decodeKeyRSA(data) ++} ++ ++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt) (*xcrypto.PrivateKeyRSA, error) { ++ encoded, err := encodeKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) ++ if err != nil { ++ return nil, err ++ } ++ return xcrypto.NewPrivateKeyRSA(encoded) ++} ++ ++func NewPublicKeyRSA(N, E xcrypto.BigInt) (*xcrypto.PublicKeyRSA, error) { ++ encoded, err := encodePublicKeyRSA(N, E) ++ if err != nil { ++ return nil, err ++ } ++ return xcrypto.NewPublicKeyRSA(encoded) ++} ++ ++func SignRSAPKCS1v15(priv *xcrypto.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return xcrypto.SignRSAPKCS1v15(priv, h, hashed) ++} ++ ++func SignRSAPSS(priv *xcrypto.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return xcrypto.SignRSAPSS(priv, h, hashed, saltLen) ++} ++ ++func VerifyRSAPKCS1v15(pub *xcrypto.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ return xcrypto.VerifyRSAPKCS1v15(pub, h, hashed, sig) ++} ++ ++func VerifyRSAPSS(pub *xcrypto.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return xcrypto.VerifyRSAPSS(pub, h, hashed, sig, saltLen) ++} ++ ++type PrivateKeyECDH = xcrypto.PrivateKeyECDH ++type PublicKeyECDH = xcrypto.PublicKeyECDH ++ ++func ECDH(priv *xcrypto.PrivateKeyECDH, pub *xcrypto.PublicKeyECDH) ([]byte, error) { ++ return xcrypto.ECDH(priv, pub) ++} ++ ++func GenerateKeyECDH(curve string) (*xcrypto.PrivateKeyECDH, []byte, error) { ++ return xcrypto.GenerateKeyECDH(curve) ++} ++ ++func NewPrivateKeyECDH(curve string, bytes []byte) (*xcrypto.PrivateKeyECDH, error) { ++ var key []byte ++ switch curve { ++ case "P-256": ++ p, err := nistec.NewP256Point().ScalarBaseMult(bytes) ++ if err != nil { ++ return nil, err ++ } ++ key = p.Bytes() ++ case "P-384": ++ p, err := nistec.NewP384Point().ScalarBaseMult(bytes) ++ if err != nil { ++ return nil, err ++ } ++ key = p.Bytes() ++ case "P-521": ++ p, err := nistec.NewP521Point().ScalarBaseMult(bytes) ++ if err != nil { ++ return nil, err ++ } ++ key = p.Bytes() ++ default: ++ return nil, errors.New("NewPrivateKeyECDH: unsupported curve: " + curve) ++ } ++ return xcrypto.NewPrivateKeyECDH(curve, key, bytes) ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*xcrypto.PublicKeyECDH, error) { ++ return xcrypto.NewPublicKeyECDH(curve, bytes) ++} ++ ++func SupportsHKDF() bool { ++ return true ++} ++ ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ return xcrypto.ExpandHKDF(h, pseudorandomKey, info, keyLength) ++} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ return xcrypto.ExtractHKDF(h, secret, salt) ++} ++ ++func SupportsPBKDF2() bool { ++ return true ++} ++ ++func PBKDF2(pass, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { ++ return xcrypto.PBKDF2(pass, salt, iter, keyLen, h) ++} ++ ++func SupportsTLS1PRF() bool { ++ return false ++} ++ ++func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsDESCipher() bool { ++ return true ++} ++ ++func SupportsTripleDESCipher() bool { ++ return true ++} ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ return xcrypto.NewDESCipher(key) ++} ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ return xcrypto.NewTripleDESCipher(key) ++} ++ ++func SupportsRC4() bool { return true } ++ ++type RC4Cipher = xcrypto.RC4Cipher ++ ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return xcrypto.NewRC4Cipher(key) } ++ ++func SupportsEd25519() bool { ++ return true ++} ++ ++type PublicKeyEd25519 = xcrypto.PublicKeyEd25519 ++type PrivateKeyEd25519 = xcrypto.PrivateKeyEd25519 ++ ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { ++ return xcrypto.GenerateKeyEd25519(), nil ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ return xcrypto.NewPrivateKeyEd25519(priv) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ return xcrypto.NewPublicKeyEd25519(pub) ++} ++ ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ return xcrypto.NewPrivateKeyEd25519FromSeed(seed) ++} ++ ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ return xcrypto.SignEd25519(priv, message) ++} ++ ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ return xcrypto.VerifyEd25519(pub, message, sig) ++} ++ ++func SupportsDSA(l, n int) bool { ++ return false ++} ++ ++func GenerateParametersDSA(l, n int) (p, q, g xcrypto.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyDSA struct{} ++type PublicKeyDSA struct{} ++ ++func GenerateKeyDSA(p, q, g xcrypto.BigInt) (x, y xcrypto.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y xcrypto.BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyDSA(p, q, g, y xcrypto.BigInt) (*PublicKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (xcrypto.BigInt, xcrypto.BigInt, error)) (r, s xcrypto.BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s xcrypto.BigInt, encodeSignature func(r, s xcrypto.BigInt) ([]byte, error)) bool { ++ panic("cryptobackend: not available") ++} +diff --git a/src/crypto/internal/backend/fips140/boring.go b/src/crypto/internal/backend/fips140/boring.go +new file mode 100644 +index 00000000000000..3b583dc0eb0235 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/boring.go +@@ -0,0 +1,11 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.boringcrypto ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} +diff --git a/src/crypto/internal/backend/fips140/cng.go b/src/crypto/internal/backend/fips140/cng.go +new file mode 100644 +index 00000000000000..f769d15f94ab05 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/cng.go +@@ -0,0 +1,33 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.cngcrypto ++ ++package fips140 ++ ++import ( ++ "internal/syscall/windows/sysdll" ++ "syscall" ++ "unsafe" ++) ++ ++// Don't use github.com/microsoft/go-crypto-winnative here. ++// The fips140 package should have minimal dependencies. ++// Also, don't directly query the system FIPS mode from the registry, ++// there are some no-longer documented legacy entries that can enable FIPS mode, ++// and BCryptGetFipsAlgorithmMode supports them all. ++var ( ++ bcrypt = syscall.MustLoadDLL(sysdll.Add("bcrypt.dll")) ++ ++ bcryptGetFipsAlgorithmMode = bcrypt.MustFindProc("BCryptGetFipsAlgorithmMode") ++) ++ ++func systemFIPSMode() bool { ++ var enabled uint32 ++ ret, _, _ := bcryptGetFipsAlgorithmMode.Call(uintptr(unsafe.Pointer(&enabled))) ++ if ret != 0 { ++ return false ++ } ++ return enabled != 0 ++} +diff --git a/src/crypto/internal/backend/fips140/darwin.go b/src/crypto/internal/backend/fips140/darwin.go +new file mode 100644 +index 00000000000000..ef5af5d956163e +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/darwin.go +@@ -0,0 +1,11 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} +diff --git a/src/crypto/internal/backend/fips140/fips140.go b/src/crypto/internal/backend/fips140/fips140.go +new file mode 100644 +index 00000000000000..f54d39970319af +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/fips140.go +@@ -0,0 +1,55 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package fips140 ++ ++import "syscall" ++ ++// Enabled reports whether FIPS 140 mode is enabled by using GOFIPS=1, GOLANG_FIPS=1, ++// the 'requirefips' build tag, or any other platform-specific mechanism. ++func Enabled() bool { ++ return enabled ++} ++ ++var enabled bool ++ ++// Disabled reports whether FIPS 140 mode is disabled by using GOFIPS=0 or GOLANG_FIPS=0. ++func Disabled() bool { ++ return disabled ++} ++ ++var disabled bool ++ ++// Message is a human-readable message about how [Enabled] was set. ++var Message string ++ ++func init() { ++ // TODO: Decide which environment variable to use. ++ // See https://github.com/microsoft/go/issues/397. ++ var value string ++ var ok bool ++ if value, ok = syscall.Getenv("GOFIPS"); ok { ++ Message = "environment variable GOFIPS" ++ } else if value, ok = syscall.Getenv("GOLANG_FIPS"); ok { ++ Message = "environment variable GOLANG_FIPS" ++ } else if systemFIPSMode() { ++ Message = "system FIPS mode" ++ value = "1" ++ } ++ if value == "1" { ++ enabled = true ++ } else if value == "0" { ++ disabled = true ++ } ++ if isRequireFIPS { ++ if disabled { ++ panic("the 'requirefips' build tag is enabled, but it conflicts " + ++ "with the " + Message + "=" + value + ++ " which would disable FIPS mode") ++ } ++ Message = "requirefips tag set" ++ enabled = true ++ return ++ } ++} +\ No newline at end of file +diff --git a/src/crypto/internal/backend/fips140/isrequirefips.go b/src/crypto/internal/backend/fips140/isrequirefips.go +new file mode 100644 +index 00000000000000..b33d08c84e2dae +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/isrequirefips.go +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build requirefips ++ ++package fips140 ++ ++const isRequireFIPS = true +\ No newline at end of file +diff --git a/src/crypto/internal/backend/fips140/norequirefips.go b/src/crypto/internal/backend/fips140/norequirefips.go +new file mode 100644 +index 00000000000000..6f01b9a3524dee +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/norequirefips.go +@@ -0,0 +1,9 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !requirefips ++ ++package fips140 ++ ++const isRequireFIPS = false +\ No newline at end of file +diff --git a/src/crypto/internal/backend/fips140/nosystemcrypto.go b/src/crypto/internal/backend/fips140/nosystemcrypto.go +new file mode 100644 +index 00000000000000..83691d7dd42d51 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/nosystemcrypto.go +@@ -0,0 +1,11 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build !goexperiment.systemcrypto ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} +diff --git a/src/crypto/internal/backend/fips140/openssl.go b/src/crypto/internal/backend/fips140/openssl.go +new file mode 100644 +index 00000000000000..118efa3a492a7d +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/openssl.go +@@ -0,0 +1,41 @@ ++// Copyright 2024 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto ++ ++package fips140 ++ ++import "syscall" ++ ++func systemFIPSMode() bool { ++ var fd int ++ for { ++ var err error ++ fd, err = syscall.Open("/proc/sys/crypto/fips_enabled", syscall.O_RDONLY, 0) ++ if err == nil { ++ break ++ } ++ switch err { ++ case syscall.EINTR: ++ continue ++ case syscall.ENOENT: ++ return false ++ default: ++ // If there is an error reading we could either panic or assume FIPS is not enabled. ++ // Panicking would be too disruptive for apps that don't require FIPS. ++ // If an app wants to be 100% sure that is running in FIPS mode ++ // it should use boring.Enabled() or GOFIPS=1. ++ return false ++ } ++ } ++ defer syscall.Close(fd) ++ var tmp [1]byte ++ n, err := syscall.Read(fd, tmp[:]) ++ if n != 1 || err != nil { ++ // We return false instead of panicing for the same reason as before. ++ return false ++ } ++ // fips_enabled can be either '0' or '1'. ++ return tmp[0] == '1' ++} +diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go +new file mode 100644 +index 00000000000000..eca1ceab2a04b9 +--- /dev/null ++++ b/src/crypto/internal/backend/nobackend.go +@@ -0,0 +1,240 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Do not edit the build constraint by hand. It is generated by "backendgen.go". ++ ++//go:build ignore ++ ++package backend ++ ++import ( ++ "crypto" ++ "crypto/cipher" ++ "hash" ++) ++ ++const Enabled = false ++ ++type BigInt = []uint ++ ++type randReader int ++ ++func (randReader) Read(b []byte) (int, error) { panic("cryptobackend: not available") } ++ ++const RandReader = randReader(0) ++ ++func SupportsHash(h crypto.Hash) bool { panic("cryptobackend: not available") } ++ ++func SupportsCurve(curve string) bool { panic("cryptobackend: not available") } ++func SupportsRSAOAEPLabel(label []byte) bool { panic("cryptobackend: not available") } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { panic("cryptobackend: not available") } ++ ++func NewMD5() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA1() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA224() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA256() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA384() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512_224() hash.Hash { panic("cryptobackend: not available") } ++func NewSHA512_256() hash.Hash { panic("cryptobackend: not available") } ++ ++func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } ++func SHA1(p []byte) (sum [20]byte) { panic("cryptobackend: not available") } ++func SHA224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } ++func SHA384(p []byte) (sum [48]byte) { panic("cryptobackend: not available") } ++func SHA512(p []byte) (sum [64]byte) { panic("cryptobackend: not available") } ++func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } ++func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } ++ ++func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { panic("cryptobackend: not available") } ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } ++ ++type PublicKeyECDSA struct{ _ int } ++type PrivateKeyECDSA struct{ _ int } ++ ++func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error) { ++ panic("cryptobackend: not available") ++} ++func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) { ++ panic("cryptobackend: not available") ++} ++func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsRSAKeyPrimes(primes int) bool { panic("cryptobackend: not available") } ++func SupportsRSASaltLength(sign bool, salt int) bool { panic("cryptobackend: not available") } ++ ++type PublicKeyRSA struct{ _ int } ++type PrivateKeyRSA struct{ _ int } ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error) { ++ panic("cryptobackend: not available") ++} ++func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) { ++ panic("cryptobackend: not available") ++} ++func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++func VerifyRSAPKCS1v15(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ panic("cryptobackend: not available") ++} ++func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ panic("cryptobackend: not available") ++} ++ ++type PublicKeyECDH struct{} ++type PrivateKeyECDH struct{} ++ ++func ECDH(*PrivateKeyECDH, *PublicKeyECDH) ([]byte, error) { panic("cryptobackend: not available") } ++func GenerateKeyECDH(string) (*PrivateKeyECDH, []byte, error) { panic("cryptobackend: not available") } ++func NewPrivateKeyECDH(string, []byte) (*PrivateKeyECDH, error) { ++ panic("cryptobackend: not available") ++} ++func NewPublicKeyECDH(string, []byte) (*PublicKeyECDH, error) { panic("cryptobackend: not available") } ++func (*PublicKeyECDH) Bytes() []byte { panic("cryptobackend: not available") } ++func (*PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) { panic("cryptobackend: not available") } ++ ++func SupportsHKDF() bool { panic("cryptobackend: not available") } ++ ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsPBKDF2() bool { panic("cryptobackend: not available") } ++ ++func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsTLS1PRF() bool { panic("cryptobackend: not available") } ++ ++func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsDESCipher() bool { panic("cryptobackend: not available") } ++ ++func SupportsTripleDESCipher() bool { panic("cryptobackend: not available") } ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { panic("cryptobackend: not available") } ++ ++func SupportsRC4() bool { panic("cryptobackend: not available") } ++ ++type RC4Cipher struct{} ++ ++func (c *RC4Cipher) Reset() { panic("cryptobackend: not available") } ++func (c *RC4Cipher) XORKeyStream(dst, src []byte) { panic("cryptobackend: not available") } ++ ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { panic("cryptobackend: not available") } ++ ++func SupportsEd25519() bool { panic("cryptobackend: not available") } ++ ++type PublicKeyEd25519 struct{} ++ ++func (k PublicKeyEd25519) Bytes() ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++type PrivateKeyEd25519 struct{} ++ ++func (k PrivateKeyEd25519) Bytes() ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ panic("cryptobackend: not available") ++} ++ ++func SupportsDSA(l, n int) bool { ++ panic("cryptobackend: not available") ++} ++ ++func GenerateParametersDSA(l, n int) (p, q, g BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++type PublicKeyDSA struct{ _ int } ++type PrivateKeyDSA struct{ _ int } ++ ++func GenerateKeyDSA(p, q, g BigInt) (x, y BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y BigInt) (*PrivateKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func NewPublicKeyDSA(p, q, g, y BigInt) (*PublicKeyDSA, error) { ++ panic("cryptobackend: not available") ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (BigInt, BigInt, error)) (r, s BigInt, err error) { ++ panic("cryptobackend: not available") ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s BigInt, encodeSignature func(r, s BigInt) ([]byte, error)) bool { ++ panic("cryptobackend: not available") ++} +diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go +new file mode 100644 +index 00000000000000..57293ff2128dd6 +--- /dev/null ++++ b/src/crypto/internal/backend/openssl_linux.go +@@ -0,0 +1,362 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto && linux && cgo ++ ++// Package openssl provides access to OpenSSLCrypto implementation functions. ++// Check the variable Enabled to find out whether OpenSSLCrypto is available. ++// If OpenSSLCrypto is not available, the functions in this package all panic. ++package backend ++ ++import ( ++ "crypto" ++ "crypto/cipher" ++ "crypto/internal/backend/fips140" ++ "crypto/internal/boring/sig" ++ "hash" ++ "syscall" ++ ++ "github.com/golang-fips/openssl/v2" ++) ++ ++// Enabled controls whether FIPS crypto is enabled. ++const Enabled = true ++ ++type BigInt = openssl.BigInt ++ ++// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. ++// FreeBSD library version numbering does not directly align to the version of OpenSSL. ++// Its preferred search order is 11 -> 111. ++// Some distributions use 1.0.0 and others (such as Debian) 1.0.2 to refer to the same OpenSSL 1.0.2 version. ++// Fedora derived distros use different naming for the version 1.0.x. ++var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"} ++ ++const lcryptoPrefix = "libcrypto.so." ++ ++func init() { ++ var lcrypto string ++ if version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE"); version != "" { ++ lcrypto = lcryptoPrefix + version ++ } else { ++ // Try to find the highest available FIPS-enabled version of OpenSSL ++ // using the known library suffixes. ++ var lcryptoFallback string ++ for _, v := range knownVersions { ++ lcryptoCandidate := lcryptoPrefix + v ++ if exists, fips := openssl.CheckVersion(lcryptoCandidate); exists { ++ if fips { ++ lcrypto = lcryptoCandidate ++ break ++ } ++ if lcryptoFallback == "" { ++ lcryptoFallback = lcryptoCandidate ++ } ++ } ++ } ++ if lcrypto == "" && lcryptoFallback != "" { ++ // There is no FIPS-enabled version of OpenSSL, ++ // use the highest available version. ++ lcrypto = lcryptoFallback ++ } ++ } ++ if err := openssl.Init(lcrypto); err != nil { ++ panic("opensslcrypto: can't initialize OpenSSL " + lcrypto + ": " + err.Error()) ++ } ++ if fips140.Enabled() { ++ if !openssl.FIPS() { ++ if err := openssl.SetFIPS(true); err != nil { ++ panic("opensslcrypto: can't enable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) ++ } ++ } ++ } else if fips140.Disabled() { ++ if openssl.FIPS() { ++ if err := openssl.SetFIPS(false); err != nil { ++ panic("opensslcrypto: can't disable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) ++ } ++ } ++ } ++ sig.BoringCrypto() ++} ++ ++const RandReader = openssl.RandReader ++ ++func SupportsHash(h crypto.Hash) bool { ++ return openssl.SupportsHash(h) ++} ++ ++func SupportsCurve(curve string) bool { return true } ++func SupportsRSAOAEPLabel(label []byte) bool { return true } ++func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } ++ ++func NewMD5() hash.Hash { return openssl.NewMD5() } ++func NewSHA1() hash.Hash { return openssl.NewSHA1() } ++func NewSHA224() hash.Hash { return openssl.NewSHA224() } ++func NewSHA256() hash.Hash { return openssl.NewSHA256() } ++func NewSHA384() hash.Hash { return openssl.NewSHA384() } ++func NewSHA512() hash.Hash { return openssl.NewSHA512() } ++func NewSHA512_224() hash.Hash { return openssl.NewSHA512_224() } ++func NewSHA512_256() hash.Hash { return openssl.NewSHA512_256() } ++ ++func MD5(p []byte) (sum [16]byte) { return openssl.MD5(p) } ++func SHA1(p []byte) (sum [20]byte) { return openssl.SHA1(p) } ++func SHA224(p []byte) (sum [28]byte) { return openssl.SHA224(p) } ++func SHA256(p []byte) (sum [32]byte) { return openssl.SHA256(p) } ++func SHA384(p []byte) (sum [48]byte) { return openssl.SHA384(p) } ++func SHA512(p []byte) (sum [64]byte) { return openssl.SHA512(p) } ++func SHA512_224(p []byte) (sum [28]byte) { return openssl.SHA512_224(p) } ++func SHA512_256(p []byte) (sum [32]byte) { return openssl.SHA512_256(p) } ++ ++func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return openssl.NewHMAC(h, key) } ++ ++func NewAESCipher(key []byte) (cipher.Block, error) { return openssl.NewAESCipher(key) } ++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return openssl.NewGCMTLS(c) } ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return openssl.NewGCMTLS13(c) } ++ ++type PublicKeyECDSA = openssl.PublicKeyECDSA ++type PrivateKeyECDSA = openssl.PrivateKeyECDSA ++ ++func GenerateKeyECDSA(curve string) (X, Y, D openssl.BigInt, err error) { ++ return openssl.GenerateKeyECDSA(curve) ++} ++ ++func NewPrivateKeyECDSA(curve string, X, Y, D openssl.BigInt) (*openssl.PrivateKeyECDSA, error) { ++ return openssl.NewPrivateKeyECDSA(curve, X, Y, D) ++} ++ ++func NewPublicKeyECDSA(curve string, X, Y openssl.BigInt) (*openssl.PublicKeyECDSA, error) { ++ return openssl.NewPublicKeyECDSA(curve, X, Y) ++} ++ ++func SignMarshalECDSA(priv *openssl.PrivateKeyECDSA, hash []byte) ([]byte, error) { ++ return openssl.SignMarshalECDSA(priv, hash) ++} ++ ++func VerifyECDSA(pub *openssl.PublicKeyECDSA, hash []byte, sig []byte) bool { ++ return openssl.VerifyECDSA(pub, hash, sig) ++} ++ ++func SupportsRSAKeyPrimes(primes int) bool { ++ // The built-in OpenSSL 3 providers and OpenSSL 1 do support n-prime RSA keys, ++ // but SCOSSL only supports 2-prime RSA keys. ++ // Only 2-prime RSA keys are FIPS compliant, other n having compatibility ++ // and security issues. Even crypto/rsa deprecated rsa.GenerateMultiPrimeKey as of Go 1.21. ++ // Given the above reasons, we only support what SCOSSL supports. ++ return primes == 2 ++} ++ ++func SupportsRSASaltLength(sign bool, salt int) bool { ++ return true ++} ++ ++type PublicKeyRSA = openssl.PublicKeyRSA ++type PrivateKeyRSA = openssl.PrivateKeyRSA ++ ++func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *openssl.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { ++ return openssl.DecryptRSAOAEP(h, mgfHash, priv, ciphertext, label) ++} ++ ++func DecryptRSAPKCS1(priv *openssl.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return openssl.DecryptRSAPKCS1(priv, ciphertext) ++} ++ ++func DecryptRSANoPadding(priv *openssl.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { ++ return openssl.DecryptRSANoPadding(priv, ciphertext) ++} ++ ++func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *openssl.PublicKeyRSA, msg, label []byte) ([]byte, error) { ++ return openssl.EncryptRSAOAEP(h, mgfHash, pub, msg, label) ++} ++ ++func EncryptRSAPKCS1(pub *openssl.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return openssl.EncryptRSAPKCS1(pub, msg) ++} ++ ++func EncryptRSANoPadding(pub *openssl.PublicKeyRSA, msg []byte) ([]byte, error) { ++ return openssl.EncryptRSANoPadding(pub, msg) ++} ++ ++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv openssl.BigInt, err error) { ++ return openssl.GenerateKeyRSA(bits) ++} ++ ++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv openssl.BigInt) (*openssl.PrivateKeyRSA, error) { ++ return openssl.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) ++} ++ ++func NewPublicKeyRSA(N, E openssl.BigInt) (*openssl.PublicKeyRSA, error) { ++ return openssl.NewPublicKeyRSA(N, E) ++} ++ ++func SignRSAPKCS1v15(priv *openssl.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { ++ return openssl.SignRSAPKCS1v15(priv, h, hashed) ++} ++ ++func SignRSAPSS(priv *openssl.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { ++ return openssl.SignRSAPSS(priv, h, hashed, saltLen) ++} ++ ++func VerifyRSAPKCS1v15(pub *openssl.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { ++ return openssl.VerifyRSAPKCS1v15(pub, h, hashed, sig) ++} ++ ++func VerifyRSAPSS(pub *openssl.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { ++ return openssl.VerifyRSAPSS(pub, h, hashed, sig, saltLen) ++} ++ ++type PublicKeyECDH = openssl.PublicKeyECDH ++type PrivateKeyECDH = openssl.PrivateKeyECDH ++ ++func ECDH(priv *openssl.PrivateKeyECDH, pub *openssl.PublicKeyECDH) ([]byte, error) { ++ return openssl.ECDH(priv, pub) ++} ++ ++func GenerateKeyECDH(curve string) (*openssl.PrivateKeyECDH, []byte, error) { ++ return openssl.GenerateKeyECDH(curve) ++} ++ ++func NewPrivateKeyECDH(curve string, bytes []byte) (*openssl.PrivateKeyECDH, error) { ++ return openssl.NewPrivateKeyECDH(curve, bytes) ++} ++ ++func NewPublicKeyECDH(curve string, bytes []byte) (*openssl.PublicKeyECDH, error) { ++ return openssl.NewPublicKeyECDH(curve, bytes) ++} ++ ++func SupportsHKDF() bool { ++ return openssl.SupportsHKDF() ++} ++ ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { ++ return openssl.ExpandHKDFOneShot(h, pseudorandomKey, info, keyLength) ++} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ return openssl.ExtractHKDF(h, secret, salt) ++} ++ ++func SupportsPBKDF2() bool { ++ return openssl.SupportsPBKDF2() ++} ++ ++func PBKDF2(pass, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { ++ return openssl.PBKDF2(pass, salt, iter, keyLen, h) ++} ++ ++func SupportsTLS1PRF() bool { ++ return openssl.SupportsTLS1PRF() ++} ++ ++func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { ++ return openssl.TLS1PRF(result, secret, label, seed, h) ++} ++ ++func SupportsDESCipher() bool { ++ return openssl.SupportsDESCipher() ++} ++ ++func SupportsTripleDESCipher() bool { ++ return openssl.SupportsTripleDESCipher() ++} ++ ++func NewDESCipher(key []byte) (cipher.Block, error) { ++ return openssl.NewDESCipher(key) ++} ++ ++func NewTripleDESCipher(key []byte) (cipher.Block, error) { ++ return openssl.NewTripleDESCipher(key) ++} ++ ++func SupportsRC4() bool { ++ return openssl.SupportsRC4() ++} ++ ++type RC4Cipher = openssl.RC4Cipher ++ ++func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return openssl.NewRC4Cipher(key) } ++ ++func SupportsEd25519() bool { return openssl.SupportsEd25519() } ++ ++type PublicKeyEd25519 = *openssl.PublicKeyEd25519 ++type PrivateKeyEd25519 = *openssl.PrivateKeyEd25519 ++ ++func GenerateKeyEd25519() (PrivateKeyEd25519, error) { ++ return openssl.GenerateKeyEd25519() ++} ++ ++// Deprecated: use NewPrivateKeyEd25519 instead. ++func NewPrivateKeyEd25119(priv []byte) (PrivateKeyEd25519, error) { ++ return openssl.NewPrivateKeyEd25519(priv) ++} ++ ++// Deprecated: use NewPublicKeyEd25519 instead. ++func NewPublicKeyEd25119(pub []byte) (PublicKeyEd25519, error) { ++ return openssl.NewPublicKeyEd25519(pub) ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { ++ return openssl.NewPrivateKeyEd25519(priv) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { ++ return openssl.NewPublicKeyEd25519(pub) ++} ++ ++func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { ++ return openssl.NewPrivateKeyEd25519FromSeed(seed) ++} ++ ++func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { ++ return openssl.SignEd25519(priv, message) ++} ++ ++func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { ++ return openssl.VerifyEd25519(pub, message, sig) ++} ++ ++type PublicKeyDSA = openssl.PublicKeyDSA ++type PrivateKeyDSA = openssl.PrivateKeyDSA ++ ++func SupportsDSA(l, n int) bool { ++ return openssl.SupportsDSA() ++} ++ ++func GenerateParametersDSA(l, n int) (p, q, g openssl.BigInt, err error) { ++ params, err := openssl.GenerateParametersDSA(l, n) ++ return params.P, params.Q, params.G, err ++} ++ ++func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) { ++ return openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}) ++} ++ ++func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { ++ return openssl.NewPrivateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}, x, y) ++} ++ ++func NewPublicKeyDSA(p, q, g, y openssl.BigInt) (*openssl.PublicKeyDSA, error) { ++ return openssl.NewPublicKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}, y) ++} ++ ++func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (openssl.BigInt, openssl.BigInt, error)) (r, s openssl.BigInt, err error) { ++ sig, err := openssl.SignDSA(priv, hash) ++ if err != nil { ++ return nil, nil, err ++ } ++ ++ r, s, err = parseSignature(sig) ++ if err != nil { ++ return nil, nil, err ++ } ++ ++ return openssl.BigInt(r), openssl.BigInt(s), nil ++} ++ ++func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt, encodeSignature func(r, s openssl.BigInt) ([]byte, error)) bool { ++ sig, err := encodeSignature(r, s) ++ if err != nil { ++ return false ++ } ++ ++ return openssl.VerifyDSA(pub, hashed, sig) ++} +diff --git a/src/crypto/internal/backend/stub.s b/src/crypto/internal/backend/stub.s +new file mode 100644 +index 00000000000000..5e4b436554d44d +--- /dev/null ++++ b/src/crypto/internal/backend/stub.s +@@ -0,0 +1,10 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// runtime_arg0 is declared in common.go without a body. ++// It's provided by package runtime, ++// but the go command doesn't know that. ++// Having this assembly file keeps the go command ++// from complaining about the missing body ++// (because the implementation might be here). +diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go +index e017efb1562379..ab5539f978a266 100644 +--- a/src/go/build/deps_test.go ++++ b/src/go/build/deps_test.go +@@ -493,6 +493,8 @@ var depsRules = ` + < crypto/internal/fips140/rsa + < FIPS; + ++ syscall < crypto/internal/backend/fips140; ++ + FIPS, internal/godebug < crypto/fips140; + + crypto, hash !< FIPS; +@@ -506,7 +508,8 @@ var depsRules = ` + FIPS, internal/godebug, hash, embed, encoding/binary, + crypto/internal/boring/sig, + crypto/internal/boring/syso, +- crypto/internal/boring/bcache ++ crypto/internal/boring/bcache, ++ crypto/internal/backend/fips140 + < crypto/internal/fips140only + < crypto + < crypto/subtle +@@ -522,6 +525,7 @@ var depsRules = ` + < github.com/microsoft/go-crypto-winnative/internal/bcrypt + < github.com/microsoft/go-crypto-winnative/cng + < crypto/internal/boring ++ < crypto/internal/backend + < crypto/boring + < crypto/aes, + crypto/des, +@@ -546,6 +550,7 @@ var depsRules = ` + < github.com/microsoft/go-crypto-darwin/bbig + < github.com/microsoft/go-crypto-winnative/cng/bbig + < crypto/internal/boring/bbig ++ < crypto/internal/backend/bbig + < crypto/rand + < crypto/ed25519 # depends on crypto/rand.Reader + < encoding/asn1 +diff --git a/src/runtime/runtime_boring.go b/src/runtime/runtime_boring.go +index 5a98b20253181c..9042f2c2795e19 100644 +--- a/src/runtime/runtime_boring.go ++++ b/src/runtime/runtime_boring.go +@@ -17,3 +17,8 @@ func boring_runtime_arg0() string { + + //go:linkname fipstls_runtime_arg0 crypto/internal/boring/fipstls.runtime_arg0 + func fipstls_runtime_arg0() string { return boring_runtime_arg0() } ++ ++//go:linkname crypto_backend_runtime_arg0 crypto/internal/backend.runtime_arg0 ++func crypto_backend_runtime_arg0() string { ++ return boring_runtime_arg0() ++} diff --git a/patches/0004-Add-BoringSSL-crypto-backend.patch b/patches/0004-Add-BoringSSL-crypto-backend.patch deleted file mode 100644 index 9abecb7aca9..00000000000 --- a/patches/0004-Add-BoringSSL-crypto-backend.patch +++ /dev/null @@ -1,334 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Quim Muntal -Date: Wed, 22 Jun 2022 12:16:05 +0000 -Subject: [PATCH] Add BoringSSL crypto backend - ---- - .../internal/backend/bbig/big_boring.go | 12 + - src/crypto/internal/backend/boring_linux.go | 279 ++++++++++++++++++ - src/crypto/internal/backend/fips140/boring.go | 11 + - 3 files changed, 302 insertions(+) - create mode 100644 src/crypto/internal/backend/bbig/big_boring.go - create mode 100644 src/crypto/internal/backend/boring_linux.go - create mode 100644 src/crypto/internal/backend/fips140/boring.go - -diff --git a/src/crypto/internal/backend/bbig/big_boring.go b/src/crypto/internal/backend/bbig/big_boring.go -new file mode 100644 -index 00000000000000..0b62cef68546d0 ---- /dev/null -+++ b/src/crypto/internal/backend/bbig/big_boring.go -@@ -0,0 +1,12 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.boringcrypto -+ -+package bbig -+ -+import "crypto/internal/boring/bbig" -+ -+var Enc = bbig.Enc -+var Dec = bbig.Dec -diff --git a/src/crypto/internal/backend/boring_linux.go b/src/crypto/internal/backend/boring_linux.go -new file mode 100644 -index 00000000000000..f06fcc63b5af11 ---- /dev/null -+++ b/src/crypto/internal/backend/boring_linux.go -@@ -0,0 +1,279 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan -+ -+// Package boring provides access to BoringCrypto implementation functions. -+// Check the variable Enabled to find out whether BoringCrypto is available. -+// If BoringCrypto is not available, the functions in this package all panic. -+package backend -+ -+import ( -+ "crypto" -+ "crypto/cipher" -+ "crypto/internal/boring" -+ "hash" -+) -+ -+const Enabled = true -+ -+type BigInt = boring.BigInt -+ -+const RandReader = boring.RandReader -+ -+func SupportsHash(h crypto.Hash) bool { -+ switch h { -+ case crypto.MD5SHA1, crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512: -+ return true -+ default: -+ return false -+ } -+} -+ -+func SupportsCurve(curve string) bool { return true } -+func SupportsRSAOAEPLabel(label []byte) bool { return true } -+func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } -+ -+func NewMD5() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA1() hash.Hash { return boring.NewSHA1() } -+func NewSHA224() hash.Hash { return boring.NewSHA224() } -+func NewSHA256() hash.Hash { return boring.NewSHA256() } -+func NewSHA384() hash.Hash { return boring.NewSHA384() } -+func NewSHA512() hash.Hash { return boring.NewSHA512() } -+func NewSHA512_224() hash.Hash { panic("cryptobackend: not available") } -+func NewSHA512_256() hash.Hash { panic("cryptobackend: not available") } -+ -+func MD5(p []byte) (sum [16]byte) { panic("cryptobackend: not available") } -+func SHA1(p []byte) (sum [20]byte) { return boring.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { return boring.SHA224(p) } -+func SHA256(p []byte) (sum [32]byte) { return boring.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return boring.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return boring.SHA512(p) } -+func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } -+func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } -+ -+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return boring.NewHMAC(h, key) } -+ -+func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) } -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) } -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS13(c) } -+ -+type PublicKeyECDSA = boring.PublicKeyECDSA -+type PrivateKeyECDSA = boring.PrivateKeyECDSA -+ -+func GenerateKeyECDSA(curve string) (X, Y, D boring.BigInt, err error) { -+ return boring.GenerateKeyECDSA(curve) -+} -+ -+func NewPrivateKeyECDSA(curve string, X, Y, D boring.BigInt) (*boring.PrivateKeyECDSA, error) { -+ return boring.NewPrivateKeyECDSA(curve, X, Y, D) -+} -+ -+func NewPublicKeyECDSA(curve string, X, Y boring.BigInt) (*boring.PublicKeyECDSA, error) { -+ return boring.NewPublicKeyECDSA(curve, X, Y) -+} -+ -+func SignMarshalECDSA(priv *boring.PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ return boring.SignMarshalECDSA(priv, hash) -+} -+ -+func VerifyECDSA(pub *boring.PublicKeyECDSA, hash []byte, sig []byte) bool { -+ return boring.VerifyECDSA(pub, hash, sig) -+} -+ -+func SupportsRSAKeyPrimes(primes int) bool { -+ return true -+} -+ -+func SupportsRSASaltLength(sign bool, salt int) bool { -+ return true -+} -+ -+type PublicKeyRSA = boring.PublicKeyRSA -+type PrivateKeyRSA = boring.PrivateKeyRSA -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *boring.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ return boring.DecryptRSAOAEP(h, mgfHash, priv, ciphertext, label) -+} -+ -+func DecryptRSAPKCS1(priv *boring.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return boring.DecryptRSAPKCS1(priv, ciphertext) -+} -+ -+func DecryptRSANoPadding(priv *boring.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return boring.DecryptRSANoPadding(priv, ciphertext) -+} -+ -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *boring.PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ return boring.EncryptRSAOAEP(h, mgfHash, pub, msg, label) -+} -+ -+func EncryptRSAPKCS1(pub *boring.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return boring.EncryptRSAPKCS1(pub, msg) -+} -+ -+func EncryptRSANoPadding(pub *boring.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return boring.EncryptRSANoPadding(pub, msg) -+} -+ -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv boring.BigInt, err error) { -+ return boring.GenerateKeyRSA(bits) -+} -+ -+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv boring.BigInt) (*boring.PrivateKeyRSA, error) { -+ return boring.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) -+} -+ -+func NewPublicKeyRSA(N, E boring.BigInt) (*boring.PublicKeyRSA, error) { -+ return boring.NewPublicKeyRSA(N, E) -+} -+ -+func SignRSAPKCS1v15(priv *boring.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return boring.SignRSAPKCS1v15(priv, h, hashed) -+} -+ -+func SignRSAPSS(priv *boring.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ return boring.SignRSAPSS(priv, h, hashed, saltLen) -+} -+ -+func VerifyRSAPKCS1v15(pub *boring.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ return boring.VerifyRSAPKCS1v15(pub, h, hashed, sig) -+} -+ -+func VerifyRSAPSS(pub *boring.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ return boring.VerifyRSAPSS(pub, h, hashed, sig, saltLen) -+} -+ -+type PublicKeyECDH = boring.PublicKeyECDH -+type PrivateKeyECDH = boring.PrivateKeyECDH -+ -+func ECDH(priv *boring.PrivateKeyECDH, pub *boring.PublicKeyECDH) ([]byte, error) { -+ return boring.ECDH(priv, pub) -+} -+ -+func GenerateKeyECDH(curve string) (*boring.PrivateKeyECDH, []byte, error) { -+ return boring.GenerateKeyECDH(curve) -+} -+ -+func NewPrivateKeyECDH(curve string, bytes []byte) (*boring.PrivateKeyECDH, error) { -+ return boring.NewPrivateKeyECDH(curve, bytes) -+} -+ -+func NewPublicKeyECDH(curve string, bytes []byte) (*boring.PublicKeyECDH, error) { -+ return boring.NewPublicKeyECDH(curve, bytes) -+} -+ -+func SupportsHKDF() bool { return false } -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsPBKDF2() bool { return false } -+ -+func PBKDF2(password, salt []byte, iter, keyLen int, fh func() hash.Hash) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsTLS1PRF() bool { return false } -+ -+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsDESCipher() bool { return false } -+ -+func SupportsTripleDESCipher() bool { return false } -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsRC4() bool { return false } -+ -+type RC4Cipher struct{} -+ -+func (c *RC4Cipher) Reset() { panic("cryptobackend: not available") } -+func (c *RC4Cipher) XORKeyStream(dst, src []byte) { panic("cryptobackend: not available") } -+ -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsEd25519() bool { return false } -+ -+type PublicKeyEd25519 struct{} -+ -+func (k PublicKeyEd25519) Bytes() ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+type PrivateKeyEd25519 struct{} -+ -+func (k PrivateKeyEd25519) Bytes() ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func GenerateKeyEd25519() (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsDSA(l, n int) bool { -+ return false -+} -+ -+func GenerateParametersDSA(l, n int) (p, q, g boring.BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+type PrivateKeyDSA struct{} -+type PublicKeyDSA struct{} -+ -+func GenerateKeyDSA(p, q, g boring.BigInt) (x, y boring.BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyDSA(p, q, g, x, y boring.BigInt) (*PrivateKeyDSA, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPublicKeyDSA(p, q, g, y boring.BigInt) (*PublicKeyDSA, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (boring.BigInt, boring.BigInt, error)) (r, s boring.BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s boring.BigInt, encodeSignature func(r, s boring.BigInt) ([]byte, error)) bool { -+ panic("cryptobackend: not available") -+} -diff --git a/src/crypto/internal/backend/fips140/boring.go b/src/crypto/internal/backend/fips140/boring.go -new file mode 100644 -index 00000000000000..3b583dc0eb0235 ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/boring.go -@@ -0,0 +1,11 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.boringcrypto -+ -+package fips140 -+ -+func systemFIPSMode() bool { -+ return false -+} diff --git a/patches/0008-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch similarity index 92% rename from patches/0008-Use-crypto-backends.patch rename to patches/0004-Use-crypto-backends.patch index 1d2f62ffeb0..f01156c5753 100644 --- a/patches/0008-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -5,11 +5,12 @@ Subject: [PATCH] Use crypto backends --- src/cmd/api/boring_test.go | 2 +- - src/cmd/dist/test.go | 5 + + src/cmd/dist/test.go | 8 +- src/cmd/go/go_boring_test.go | 11 +- src/cmd/go/testdata/script/darwin_no_cgo.txt | 2 + .../go/testdata/script/gopath_std_vendor.txt | 9 + src/cmd/link/internal/ld/config.go | 8 + + src/cmd/link/internal/ld/lib.go | 1 + src/crypto/aes/aes.go | 2 +- src/crypto/boring/boring.go | 4 +- src/crypto/cipher/ctr_aes_test.go | 2 +- @@ -45,6 +46,7 @@ Subject: [PATCH] Use crypto backends src/crypto/rc4/rc4.go | 18 ++ src/crypto/rsa/boring.go | 12 +- src/crypto/rsa/boring_test.go | 2 +- + src/crypto/rsa/darwin.go | 71 +++++++ src/crypto/rsa/fips.go | 14 +- src/crypto/rsa/notboring.go | 4 +- src/crypto/rsa/pkcs1v15.go | 6 +- @@ -75,13 +77,17 @@ Subject: [PATCH] Use crypto backends src/hash/example_test.go | 2 + src/hash/marshal_test.go | 9 + src/hash/notboring_test.go | 9 + + src/net/lookup_test.go | 3 + src/net/smtp/smtp_test.go | 72 ++++--- - 72 files changed, 1052 insertions(+), 107 deletions(-) + src/os/exec/exec_test.go | 9 + + src/runtime/pprof/vminfo_darwin_test.go | 6 + + 77 files changed, 1143 insertions(+), 109 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go + create mode 100644 src/crypto/rsa/darwin.go create mode 100644 src/crypto/tls/internal/tls13/doc.go create mode 100644 src/crypto/tls/internal/tls13/tls13.go create mode 100644 src/hash/boring_test.go @@ -101,7 +107,7 @@ index f0e3575637c62a..9eab3b4e66e60b 100644 package main diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 0de6e80fd985a3..3316bb52a61ff1 100644 +index 0c992118f4287b..3316bb52a61ff1 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go @@ -1161,6 +1161,11 @@ func (t *tester) internalLink() bool { @@ -116,6 +122,20 @@ index 0de6e80fd985a3..3316bb52a61ff1 100644 // Internally linking cgo is incomplete on some architectures. // https://golang.org/issue/10373 // https://golang.org/issue/14449 +@@ -1324,12 +1329,11 @@ func (t *tester) registerCgoTests(heading string) { + // a C linker warning on Linux. + // in function `bio_ip_and_port_to_socket_and_addr': + // warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking +- if staticCheck.skip == nil && goos == "linux" && strings.Contains(goexperiment, "boringcrypto") { ++ if staticCheck.skip == nil && goos == "linux" && (strings.Contains(goexperiment, "boringcrypto") || strings.Contains(goexperiment, "opensslcrypto")) { + staticCheck.skip = func(*distTest) (string, bool) { + return "skipping static linking check on Linux when using boringcrypto to avoid C linker warning about getaddrinfo", true + } + } +- + // Static linking tests + if goos != "android" && p != "netbsd/arm" && !t.msan && !t.asan { + // TODO(#56629): Why does this fail on netbsd-arm? diff --git a/src/cmd/go/go_boring_test.go b/src/cmd/go/go_boring_test.go index ed0fbf3d53d75b..8111b143a1295b 100644 --- a/src/cmd/go/go_boring_test.go @@ -201,6 +221,18 @@ index b2d4ad7cb0e7f6..2859879041ff8f 100644 case "darwin/arm64", "windows/arm", "windows/arm64": // On these platforms, everything is PIE *mode = BuildModePIE default: +diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go +index 2d8f964f3594c6..a587e1abde57c9 100644 +--- a/src/cmd/link/internal/ld/lib.go ++++ b/src/cmd/link/internal/ld/lib.go +@@ -1172,6 +1172,7 @@ var hostobj []Hostobj + // These packages can use internal linking mode. + // Others trigger external mode. + var internalpkg = []string{ ++ "vendor/github.com/golang-fips/openssl/v2", + "crypto/internal/boring", + "crypto/internal/boring/syso", + "crypto/x509", diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go index 5bc2d13d673e0a..b803c77be62a66 100644 --- a/src/crypto/aes/aes.go @@ -663,7 +695,7 @@ index 275c60b4de49eb..ff8bddf28c4545 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index cb308b41e9df86..5c841d2f021967 100644 +index cb308b41e9df86..7bfdc76759baeb 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -20,8 +20,8 @@ import ( @@ -1321,7 +1353,7 @@ index 90943a0935befb..09ebdfd733e5d6 100644 return } diff --git a/src/crypto/rsa/boring.go b/src/crypto/rsa/boring.go -index 28d16a89f6a1cf..b276571ddf9fc8 100644 +index b9f9d3154f2589..ba66dd33a1f9f3 100644 --- a/src/crypto/rsa/boring.go +++ b/src/crypto/rsa/boring.go @@ -2,14 +2,15 @@ @@ -1368,8 +1400,85 @@ index 838fcc1244bdbe..d89f732345e8a3 100644 // Note: Can run these tests against the non-BoringCrypto // version of the code by using "CGO_ENABLED=0 go test". +diff --git a/src/crypto/rsa/darwin.go b/src/crypto/rsa/darwin.go +new file mode 100644 +index 00000000000000..1b9c63523ee90e +--- /dev/null ++++ b/src/crypto/rsa/darwin.go +@@ -0,0 +1,71 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.darwincrypto ++ ++package rsa ++ ++import ( ++ "crypto/internal/backend" ++ "crypto/internal/backend/bbig" ++ "errors" ++ "math/big" ++ _ "unsafe" ++ ++ "golang.org/x/crypto/cryptobyte" ++ "golang.org/x/crypto/cryptobyte/asn1" ++) ++ ++//go:linkname decodeKey ++func decodeKey(data []byte) (N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt, err error) { ++ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt, err error) { ++ return nil, nil, nil, nil, nil, nil, nil, nil, e ++ } ++ input := cryptobyte.String(data) ++ var version int ++ n, e, d, p, q, dp, dq, qinv := new(big.Int), new(big.Int), new(big.Int), new(big.Int), ++ new(big.Int), new(big.Int), new(big.Int), new(big.Int) ++ // Parse the ASN.1 sequence ++ if !input.ReadASN1(&input, asn1.SEQUENCE) { ++ return bad(errors.New("invalid ASN.1 structure: not a sequence")) ++ } ++ if !input.ReadASN1Integer(&version) || version != 0 { ++ return bad(errors.New("invalid ASN.1 structure: unsupported version")) ++ } ++ if !input.ReadASN1Integer(n) || !input.ReadASN1Integer(e) || ++ !input.ReadASN1Integer(d) || !input.ReadASN1Integer(p) || ++ !input.ReadASN1Integer(q) || !input.ReadASN1Integer(dp) || ++ !input.ReadASN1Integer(dq) || !input.ReadASN1Integer(qinv) { ++ return bad(errors.New("invalid ASN.1 structure")) ++ } ++ return bbig.Enc(n), bbig.Enc(e), bbig.Enc(d), bbig.Enc(p), bbig.Enc(q), ++ bbig.Enc(dp), bbig.Enc(dq), bbig.Enc(qinv), nil ++} ++ ++//go:linkname encodeKey ++func encodeKey(N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt) ([]byte, error) { ++ builder := cryptobyte.NewBuilder(nil) ++ builder.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ b.AddASN1Int64(0) // Add version as int64 ++ b.AddASN1BigInt(bbig.Dec(N)) // Add modulus ++ b.AddASN1BigInt(bbig.Dec(E)) // Add public exponent ++ b.AddASN1BigInt(bbig.Dec(D)) // Add private exponent ++ b.AddASN1BigInt(bbig.Dec(P)) // Add prime1 ++ b.AddASN1BigInt(bbig.Dec(Q)) // Add prime2 ++ b.AddASN1BigInt(bbig.Dec(Dp)) // Add exponent1 ++ b.AddASN1BigInt(bbig.Dec(Dq)) // Add exponent2 ++ b.AddASN1BigInt(bbig.Dec(Qinv)) // Add coefficient ++ }) ++ return builder.Bytes() ++} ++ ++//go:linkname encodePublicKey ++func encodePublicKey(N, E backend.BigInt) ([]byte, error) { ++ builder := cryptobyte.NewBuilder(nil) ++ builder.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { ++ b.AddASN1BigInt(bbig.Dec(N)) // Add modulus ++ b.AddASN1BigInt(bbig.Dec(E)) // Add public exponent ++ }) ++ return builder.Bytes() ++} diff --git a/src/crypto/rsa/fips.go b/src/crypto/rsa/fips.go -index 8373c125ae3096..319fae6fb282db 100644 +index 8373c125ae3096..990ea980faf33f 100644 --- a/src/crypto/rsa/fips.go +++ b/src/crypto/rsa/fips.go @@ -6,7 +6,7 @@ package rsa @@ -2549,6 +2658,20 @@ index 00000000000000..11dc691600b110 +package hash_test + +const boringEnabled = false +diff --git a/src/net/lookup_test.go b/src/net/lookup_test.go +index 514cbd098ae772..8ec689416dde1d 100644 +--- a/src/net/lookup_test.go ++++ b/src/net/lookup_test.go +@@ -1501,6 +1501,9 @@ func TestLookupPortIPNetworkString(t *testing.T) { + } + + func TestLookupNoSuchHost(t *testing.T) { ++ if runtime.GOOS == "darwin" { ++ t.Skip("skipping on darwin; see https://github.com/microsoft/go/issues/1394") ++ } + mustHaveExternalNetwork(t) + + const testNXDOMAIN = "invalid.invalid." diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go index 389eda9ad54b99..110d60beb0e70c 100644 --- a/src/net/smtp/smtp_test.go @@ -2640,3 +2763,54 @@ index 389eda9ad54b99..110d60beb0e70c 100644 -----END RSA TESTING KEY-----`)) func testingKey(s string) string { return strings.ReplaceAll(s, "TESTING KEY", "PRIVATE KEY") } +diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go +index 8c623871932f7d..2fa55073f5c19c 100644 +--- a/src/os/exec/exec_test.go ++++ b/src/os/exec/exec_test.go +@@ -14,6 +14,7 @@ import ( + "errors" + "flag" + "fmt" ++ "internal/goexperiment" + "internal/poll" + "internal/testenv" + "io" +@@ -689,6 +690,14 @@ func TestExtraFiles(t *testing.T) { + t.Skipf("skipping test on %q", runtime.GOOS) + } + ++ if goexperiment.OpenSSLCrypto { ++ // OpenSSL default behavior is to maintain open FDs to any ++ // random devices that get used by the random number library. ++ // Since those FDs are not marked FD_CLOEXEC or O_CLOEXEC, ++ // they also get inherited by children. ++ t.Skip("skipping test because test was run with OpenSSLCrypto") ++ } ++ + // Force network usage, to verify the epoll (or whatever) fd + // doesn't leak to the child, + ln, err := net.Listen("tcp", "127.0.0.1:0") +diff --git a/src/runtime/pprof/vminfo_darwin_test.go b/src/runtime/pprof/vminfo_darwin_test.go +index 6d375c5d53368a..39154b000ddc67 100644 +--- a/src/runtime/pprof/vminfo_darwin_test.go ++++ b/src/runtime/pprof/vminfo_darwin_test.go +@@ -11,6 +11,7 @@ import ( + "bytes" + "fmt" + "internal/abi" ++ "internal/goexperiment" + "internal/testenv" + "os" + "os/exec" +@@ -21,6 +22,11 @@ import ( + ) + + func TestVMInfo(t *testing.T) { ++ if goexperiment.DarwinCrypto { ++ // Fails on macOS when using system crypto. ++ // https://github.com/microsoft/go/issues/1466 ++ t.Skip("skipping on Darwin") ++ } + var begin, end, offset uint64 + var filename string + first := true diff --git a/patches/0005-Add-OpenSSL-crypto-backend.patch b/patches/0005-Add-OpenSSL-crypto-backend.patch deleted file mode 100644 index 7b44965e884..00000000000 --- a/patches/0005-Add-OpenSSL-crypto-backend.patch +++ /dev/null @@ -1,507 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: qmuntal -Date: Thu, 30 Jun 2022 10:06:19 +0200 -Subject: [PATCH] Add OpenSSL crypto backend - ---- - src/cmd/dist/test.go | 3 +- - src/cmd/link/internal/ld/lib.go | 1 + - .../internal/backend/bbig/big_openssl.go | 12 + - .../internal/backend/fips140/openssl.go | 41 ++ - src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ - src/os/exec/exec_test.go | 9 + - 6 files changed, 426 insertions(+), 2 deletions(-) - create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go - create mode 100644 src/crypto/internal/backend/fips140/openssl.go - create mode 100644 src/crypto/internal/backend/openssl_linux.go - -diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 0c992118f4287b..0de6e80fd985a3 100644 ---- a/src/cmd/dist/test.go -+++ b/src/cmd/dist/test.go -@@ -1324,12 +1324,11 @@ func (t *tester) registerCgoTests(heading string) { - // a C linker warning on Linux. - // in function `bio_ip_and_port_to_socket_and_addr': - // warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking -- if staticCheck.skip == nil && goos == "linux" && strings.Contains(goexperiment, "boringcrypto") { -+ if staticCheck.skip == nil && goos == "linux" && (strings.Contains(goexperiment, "boringcrypto") || strings.Contains(goexperiment, "opensslcrypto")) { - staticCheck.skip = func(*distTest) (string, bool) { - return "skipping static linking check on Linux when using boringcrypto to avoid C linker warning about getaddrinfo", true - } - } -- - // Static linking tests - if goos != "android" && p != "netbsd/arm" && !t.msan && !t.asan { - // TODO(#56629): Why does this fail on netbsd-arm? -diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index 2d8f964f3594c6..a587e1abde57c9 100644 ---- a/src/cmd/link/internal/ld/lib.go -+++ b/src/cmd/link/internal/ld/lib.go -@@ -1172,6 +1172,7 @@ var hostobj []Hostobj - // These packages can use internal linking mode. - // Others trigger external mode. - var internalpkg = []string{ -+ "vendor/github.com/golang-fips/openssl/v2", - "crypto/internal/boring", - "crypto/internal/boring/syso", - "crypto/x509", -diff --git a/src/crypto/internal/backend/bbig/big_openssl.go b/src/crypto/internal/backend/bbig/big_openssl.go -new file mode 100644 -index 00000000000000..e6695dd66b1d02 ---- /dev/null -+++ b/src/crypto/internal/backend/bbig/big_openssl.go -@@ -0,0 +1,12 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.opensslcrypto -+ -+package bbig -+ -+import "github.com/golang-fips/openssl/v2/bbig" -+ -+var Enc = bbig.Enc -+var Dec = bbig.Dec -diff --git a/src/crypto/internal/backend/fips140/openssl.go b/src/crypto/internal/backend/fips140/openssl.go -new file mode 100644 -index 00000000000000..118efa3a492a7d ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/openssl.go -@@ -0,0 +1,41 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.opensslcrypto -+ -+package fips140 -+ -+import "syscall" -+ -+func systemFIPSMode() bool { -+ var fd int -+ for { -+ var err error -+ fd, err = syscall.Open("/proc/sys/crypto/fips_enabled", syscall.O_RDONLY, 0) -+ if err == nil { -+ break -+ } -+ switch err { -+ case syscall.EINTR: -+ continue -+ case syscall.ENOENT: -+ return false -+ default: -+ // If there is an error reading we could either panic or assume FIPS is not enabled. -+ // Panicking would be too disruptive for apps that don't require FIPS. -+ // If an app wants to be 100% sure that is running in FIPS mode -+ // it should use boring.Enabled() or GOFIPS=1. -+ return false -+ } -+ } -+ defer syscall.Close(fd) -+ var tmp [1]byte -+ n, err := syscall.Read(fd, tmp[:]) -+ if n != 1 || err != nil { -+ // We return false instead of panicing for the same reason as before. -+ return false -+ } -+ // fips_enabled can be either '0' or '1'. -+ return tmp[0] == '1' -+} -diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go -new file mode 100644 -index 00000000000000..57293ff2128dd6 ---- /dev/null -+++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,362 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.opensslcrypto && linux && cgo -+ -+// Package openssl provides access to OpenSSLCrypto implementation functions. -+// Check the variable Enabled to find out whether OpenSSLCrypto is available. -+// If OpenSSLCrypto is not available, the functions in this package all panic. -+package backend -+ -+import ( -+ "crypto" -+ "crypto/cipher" -+ "crypto/internal/backend/fips140" -+ "crypto/internal/boring/sig" -+ "hash" -+ "syscall" -+ -+ "github.com/golang-fips/openssl/v2" -+) -+ -+// Enabled controls whether FIPS crypto is enabled. -+const Enabled = true -+ -+type BigInt = openssl.BigInt -+ -+// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. -+// FreeBSD library version numbering does not directly align to the version of OpenSSL. -+// Its preferred search order is 11 -> 111. -+// Some distributions use 1.0.0 and others (such as Debian) 1.0.2 to refer to the same OpenSSL 1.0.2 version. -+// Fedora derived distros use different naming for the version 1.0.x. -+var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"} -+ -+const lcryptoPrefix = "libcrypto.so." -+ -+func init() { -+ var lcrypto string -+ if version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE"); version != "" { -+ lcrypto = lcryptoPrefix + version -+ } else { -+ // Try to find the highest available FIPS-enabled version of OpenSSL -+ // using the known library suffixes. -+ var lcryptoFallback string -+ for _, v := range knownVersions { -+ lcryptoCandidate := lcryptoPrefix + v -+ if exists, fips := openssl.CheckVersion(lcryptoCandidate); exists { -+ if fips { -+ lcrypto = lcryptoCandidate -+ break -+ } -+ if lcryptoFallback == "" { -+ lcryptoFallback = lcryptoCandidate -+ } -+ } -+ } -+ if lcrypto == "" && lcryptoFallback != "" { -+ // There is no FIPS-enabled version of OpenSSL, -+ // use the highest available version. -+ lcrypto = lcryptoFallback -+ } -+ } -+ if err := openssl.Init(lcrypto); err != nil { -+ panic("opensslcrypto: can't initialize OpenSSL " + lcrypto + ": " + err.Error()) -+ } -+ if fips140.Enabled() { -+ if !openssl.FIPS() { -+ if err := openssl.SetFIPS(true); err != nil { -+ panic("opensslcrypto: can't enable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) -+ } -+ } -+ } else if fips140.Disabled() { -+ if openssl.FIPS() { -+ if err := openssl.SetFIPS(false); err != nil { -+ panic("opensslcrypto: can't disable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) -+ } -+ } -+ } -+ sig.BoringCrypto() -+} -+ -+const RandReader = openssl.RandReader -+ -+func SupportsHash(h crypto.Hash) bool { -+ return openssl.SupportsHash(h) -+} -+ -+func SupportsCurve(curve string) bool { return true } -+func SupportsRSAOAEPLabel(label []byte) bool { return true } -+func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } -+ -+func NewMD5() hash.Hash { return openssl.NewMD5() } -+func NewSHA1() hash.Hash { return openssl.NewSHA1() } -+func NewSHA224() hash.Hash { return openssl.NewSHA224() } -+func NewSHA256() hash.Hash { return openssl.NewSHA256() } -+func NewSHA384() hash.Hash { return openssl.NewSHA384() } -+func NewSHA512() hash.Hash { return openssl.NewSHA512() } -+func NewSHA512_224() hash.Hash { return openssl.NewSHA512_224() } -+func NewSHA512_256() hash.Hash { return openssl.NewSHA512_256() } -+ -+func MD5(p []byte) (sum [16]byte) { return openssl.MD5(p) } -+func SHA1(p []byte) (sum [20]byte) { return openssl.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { return openssl.SHA224(p) } -+func SHA256(p []byte) (sum [32]byte) { return openssl.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return openssl.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return openssl.SHA512(p) } -+func SHA512_224(p []byte) (sum [28]byte) { return openssl.SHA512_224(p) } -+func SHA512_256(p []byte) (sum [32]byte) { return openssl.SHA512_256(p) } -+ -+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { return openssl.NewHMAC(h, key) } -+ -+func NewAESCipher(key []byte) (cipher.Block, error) { return openssl.NewAESCipher(key) } -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return openssl.NewGCMTLS(c) } -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return openssl.NewGCMTLS13(c) } -+ -+type PublicKeyECDSA = openssl.PublicKeyECDSA -+type PrivateKeyECDSA = openssl.PrivateKeyECDSA -+ -+func GenerateKeyECDSA(curve string) (X, Y, D openssl.BigInt, err error) { -+ return openssl.GenerateKeyECDSA(curve) -+} -+ -+func NewPrivateKeyECDSA(curve string, X, Y, D openssl.BigInt) (*openssl.PrivateKeyECDSA, error) { -+ return openssl.NewPrivateKeyECDSA(curve, X, Y, D) -+} -+ -+func NewPublicKeyECDSA(curve string, X, Y openssl.BigInt) (*openssl.PublicKeyECDSA, error) { -+ return openssl.NewPublicKeyECDSA(curve, X, Y) -+} -+ -+func SignMarshalECDSA(priv *openssl.PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ return openssl.SignMarshalECDSA(priv, hash) -+} -+ -+func VerifyECDSA(pub *openssl.PublicKeyECDSA, hash []byte, sig []byte) bool { -+ return openssl.VerifyECDSA(pub, hash, sig) -+} -+ -+func SupportsRSAKeyPrimes(primes int) bool { -+ // The built-in OpenSSL 3 providers and OpenSSL 1 do support n-prime RSA keys, -+ // but SCOSSL only supports 2-prime RSA keys. -+ // Only 2-prime RSA keys are FIPS compliant, other n having compatibility -+ // and security issues. Even crypto/rsa deprecated rsa.GenerateMultiPrimeKey as of Go 1.21. -+ // Given the above reasons, we only support what SCOSSL supports. -+ return primes == 2 -+} -+ -+func SupportsRSASaltLength(sign bool, salt int) bool { -+ return true -+} -+ -+type PublicKeyRSA = openssl.PublicKeyRSA -+type PrivateKeyRSA = openssl.PrivateKeyRSA -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *openssl.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ return openssl.DecryptRSAOAEP(h, mgfHash, priv, ciphertext, label) -+} -+ -+func DecryptRSAPKCS1(priv *openssl.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return openssl.DecryptRSAPKCS1(priv, ciphertext) -+} -+ -+func DecryptRSANoPadding(priv *openssl.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return openssl.DecryptRSANoPadding(priv, ciphertext) -+} -+ -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *openssl.PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ return openssl.EncryptRSAOAEP(h, mgfHash, pub, msg, label) -+} -+ -+func EncryptRSAPKCS1(pub *openssl.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return openssl.EncryptRSAPKCS1(pub, msg) -+} -+ -+func EncryptRSANoPadding(pub *openssl.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return openssl.EncryptRSANoPadding(pub, msg) -+} -+ -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv openssl.BigInt, err error) { -+ return openssl.GenerateKeyRSA(bits) -+} -+ -+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv openssl.BigInt) (*openssl.PrivateKeyRSA, error) { -+ return openssl.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) -+} -+ -+func NewPublicKeyRSA(N, E openssl.BigInt) (*openssl.PublicKeyRSA, error) { -+ return openssl.NewPublicKeyRSA(N, E) -+} -+ -+func SignRSAPKCS1v15(priv *openssl.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return openssl.SignRSAPKCS1v15(priv, h, hashed) -+} -+ -+func SignRSAPSS(priv *openssl.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ return openssl.SignRSAPSS(priv, h, hashed, saltLen) -+} -+ -+func VerifyRSAPKCS1v15(pub *openssl.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ return openssl.VerifyRSAPKCS1v15(pub, h, hashed, sig) -+} -+ -+func VerifyRSAPSS(pub *openssl.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ return openssl.VerifyRSAPSS(pub, h, hashed, sig, saltLen) -+} -+ -+type PublicKeyECDH = openssl.PublicKeyECDH -+type PrivateKeyECDH = openssl.PrivateKeyECDH -+ -+func ECDH(priv *openssl.PrivateKeyECDH, pub *openssl.PublicKeyECDH) ([]byte, error) { -+ return openssl.ECDH(priv, pub) -+} -+ -+func GenerateKeyECDH(curve string) (*openssl.PrivateKeyECDH, []byte, error) { -+ return openssl.GenerateKeyECDH(curve) -+} -+ -+func NewPrivateKeyECDH(curve string, bytes []byte) (*openssl.PrivateKeyECDH, error) { -+ return openssl.NewPrivateKeyECDH(curve, bytes) -+} -+ -+func NewPublicKeyECDH(curve string, bytes []byte) (*openssl.PublicKeyECDH, error) { -+ return openssl.NewPublicKeyECDH(curve, bytes) -+} -+ -+func SupportsHKDF() bool { -+ return openssl.SupportsHKDF() -+} -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ return openssl.ExpandHKDFOneShot(h, pseudorandomKey, info, keyLength) -+} -+ -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ return openssl.ExtractHKDF(h, secret, salt) -+} -+ -+func SupportsPBKDF2() bool { -+ return openssl.SupportsPBKDF2() -+} -+ -+func PBKDF2(pass, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { -+ return openssl.PBKDF2(pass, salt, iter, keyLen, h) -+} -+ -+func SupportsTLS1PRF() bool { -+ return openssl.SupportsTLS1PRF() -+} -+ -+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { -+ return openssl.TLS1PRF(result, secret, label, seed, h) -+} -+ -+func SupportsDESCipher() bool { -+ return openssl.SupportsDESCipher() -+} -+ -+func SupportsTripleDESCipher() bool { -+ return openssl.SupportsTripleDESCipher() -+} -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ return openssl.NewDESCipher(key) -+} -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ return openssl.NewTripleDESCipher(key) -+} -+ -+func SupportsRC4() bool { -+ return openssl.SupportsRC4() -+} -+ -+type RC4Cipher = openssl.RC4Cipher -+ -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return openssl.NewRC4Cipher(key) } -+ -+func SupportsEd25519() bool { return openssl.SupportsEd25519() } -+ -+type PublicKeyEd25519 = *openssl.PublicKeyEd25519 -+type PrivateKeyEd25519 = *openssl.PrivateKeyEd25519 -+ -+func GenerateKeyEd25519() (PrivateKeyEd25519, error) { -+ return openssl.GenerateKeyEd25519() -+} -+ -+// Deprecated: use NewPrivateKeyEd25519 instead. -+func NewPrivateKeyEd25119(priv []byte) (PrivateKeyEd25519, error) { -+ return openssl.NewPrivateKeyEd25519(priv) -+} -+ -+// Deprecated: use NewPublicKeyEd25519 instead. -+func NewPublicKeyEd25119(pub []byte) (PublicKeyEd25519, error) { -+ return openssl.NewPublicKeyEd25519(pub) -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ return openssl.NewPrivateKeyEd25519(priv) -+} -+ -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ return openssl.NewPublicKeyEd25519(pub) -+} -+ -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ return openssl.NewPrivateKeyEd25519FromSeed(seed) -+} -+ -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ return openssl.SignEd25519(priv, message) -+} -+ -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ return openssl.VerifyEd25519(pub, message, sig) -+} -+ -+type PublicKeyDSA = openssl.PublicKeyDSA -+type PrivateKeyDSA = openssl.PrivateKeyDSA -+ -+func SupportsDSA(l, n int) bool { -+ return openssl.SupportsDSA() -+} -+ -+func GenerateParametersDSA(l, n int) (p, q, g openssl.BigInt, err error) { -+ params, err := openssl.GenerateParametersDSA(l, n) -+ return params.P, params.Q, params.G, err -+} -+ -+func GenerateKeyDSA(p, q, g openssl.BigInt) (x, y openssl.BigInt, err error) { -+ return openssl.GenerateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}) -+} -+ -+func NewPrivateKeyDSA(p, q, g, x, y openssl.BigInt) (*openssl.PrivateKeyDSA, error) { -+ return openssl.NewPrivateKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}, x, y) -+} -+ -+func NewPublicKeyDSA(p, q, g, y openssl.BigInt) (*openssl.PublicKeyDSA, error) { -+ return openssl.NewPublicKeyDSA(openssl.DSAParameters{P: p, Q: q, G: g}, y) -+} -+ -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (openssl.BigInt, openssl.BigInt, error)) (r, s openssl.BigInt, err error) { -+ sig, err := openssl.SignDSA(priv, hash) -+ if err != nil { -+ return nil, nil, err -+ } -+ -+ r, s, err = parseSignature(sig) -+ if err != nil { -+ return nil, nil, err -+ } -+ -+ return openssl.BigInt(r), openssl.BigInt(s), nil -+} -+ -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s openssl.BigInt, encodeSignature func(r, s openssl.BigInt) ([]byte, error)) bool { -+ sig, err := encodeSignature(r, s) -+ if err != nil { -+ return false -+ } -+ -+ return openssl.VerifyDSA(pub, hashed, sig) -+} -diff --git a/src/os/exec/exec_test.go b/src/os/exec/exec_test.go -index 8c623871932f7d..2fa55073f5c19c 100644 ---- a/src/os/exec/exec_test.go -+++ b/src/os/exec/exec_test.go -@@ -14,6 +14,7 @@ import ( - "errors" - "flag" - "fmt" -+ "internal/goexperiment" - "internal/poll" - "internal/testenv" - "io" -@@ -689,6 +690,14 @@ func TestExtraFiles(t *testing.T) { - t.Skipf("skipping test on %q", runtime.GOOS) - } - -+ if goexperiment.OpenSSLCrypto { -+ // OpenSSL default behavior is to maintain open FDs to any -+ // random devices that get used by the random number library. -+ // Since those FDs are not marked FD_CLOEXEC or O_CLOEXEC, -+ // they also get inherited by children. -+ t.Skip("skipping test because test was run with OpenSSLCrypto") -+ } -+ - // Force network usage, to verify the epoll (or whatever) fd - // doesn't leak to the child, - ln, err := net.Listen("tcp", "127.0.0.1:0") diff --git a/patches/0009-Add-backend-code-gen.patch b/patches/0005-Add-backend-code-gen.patch similarity index 100% rename from patches/0009-Add-backend-code-gen.patch rename to patches/0005-Add-backend-code-gen.patch diff --git a/patches/0006-Add-CNG-crypto-backend.patch b/patches/0006-Add-CNG-crypto-backend.patch deleted file mode 100644 index aaae7bf10f9..00000000000 --- a/patches/0006-Add-CNG-crypto-backend.patch +++ /dev/null @@ -1,413 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: qmuntal -Date: Tue, 19 Jul 2022 15:58:02 +0200 -Subject: [PATCH] Add CNG crypto backend - ---- - src/crypto/internal/backend/bbig/big_cng.go | 12 + - src/crypto/internal/backend/cng_windows.go | 336 ++++++++++++++++++++ - src/crypto/internal/backend/fips140/cng.go | 33 ++ - 3 files changed, 381 insertions(+) - create mode 100644 src/crypto/internal/backend/bbig/big_cng.go - create mode 100644 src/crypto/internal/backend/cng_windows.go - create mode 100644 src/crypto/internal/backend/fips140/cng.go - -diff --git a/src/crypto/internal/backend/bbig/big_cng.go b/src/crypto/internal/backend/bbig/big_cng.go -new file mode 100644 -index 00000000000000..92623031fd87d0 ---- /dev/null -+++ b/src/crypto/internal/backend/bbig/big_cng.go -@@ -0,0 +1,12 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.cngcrypto -+ -+package bbig -+ -+import "github.com/microsoft/go-crypto-winnative/cng/bbig" -+ -+var Enc = bbig.Enc -+var Dec = bbig.Dec -diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go -new file mode 100644 -index 00000000000000..31dfc9b19ee63e ---- /dev/null -+++ b/src/crypto/internal/backend/cng_windows.go -@@ -0,0 +1,336 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.cngcrypto && windows -+ -+// Package cng provides access to CNGCrypto implementation functions. -+// Check the variable Enabled to find out whether CNGCrypto is available. -+// If CNGCrypto is not available, the functions in this package all panic. -+package backend -+ -+import ( -+ "crypto" -+ "crypto/cipher" -+ "crypto/internal/backend/fips140" -+ "crypto/internal/boring/sig" -+ "hash" -+ _ "unsafe" -+ -+ "github.com/microsoft/go-crypto-winnative/cng" -+) -+ -+// Enabled controls whether FIPS crypto is enabled. -+const Enabled = true -+ -+type BigInt = cng.BigInt -+ -+func init() { -+ if fips140.Enabled() { -+ enabled, err := cng.FIPS() -+ if err != nil { -+ panic("cngcrypto: unknown FIPS mode: " + err.Error()) -+ } -+ if !enabled { -+ panic("cngcrypto: not in FIPS mode") -+ } -+ } -+ sig.BoringCrypto() -+} -+ -+const RandReader = cng.RandReader -+ -+func SupportsHash(h crypto.Hash) bool { -+ return cng.SupportsHash(h) -+} -+ -+func SupportsCurve(curve string) bool { return true } -+func SupportsRSAOAEPLabel(label []byte) bool { return true } -+func SupportsPKCS1v15Hash(hash crypto.Hash) bool { return true } -+ -+func NewMD5() hash.Hash { return cng.NewMD5() } -+func NewSHA1() hash.Hash { return cng.NewSHA1() } -+func NewSHA224() hash.Hash { panic("cngcrypto: not available") } -+func NewSHA256() hash.Hash { return cng.NewSHA256() } -+func NewSHA384() hash.Hash { return cng.NewSHA384() } -+func NewSHA512() hash.Hash { return cng.NewSHA512() } -+func NewSHA512_224() hash.Hash { panic("cngcrypto: not available") } -+func NewSHA512_256() hash.Hash { panic("cngcrypto: not available") } -+ -+func MD5(p []byte) (sum [16]byte) { return cng.MD5(p) } -+func SHA1(p []byte) (sum [20]byte) { return cng.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } -+func SHA256(p []byte) (sum [32]byte) { return cng.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return cng.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return cng.SHA512(p) } -+func SHA512_224(p []byte) (sum [28]byte) { panic("cngcrypto: not available") } -+func SHA512_256(p []byte) (sum [32]byte) { panic("cngcrypto: not available") } -+ -+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { -+ return cng.NewHMAC(h, key) -+} -+ -+func NewAESCipher(key []byte) (cipher.Block, error) { -+ return cng.NewAESCipher(key) -+} -+ -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { -+ return cng.NewGCMTLS(c) -+} -+ -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { -+ return cng.NewGCMTLS13(c) -+} -+ -+type PublicKeyECDSA = cng.PublicKeyECDSA -+type PrivateKeyECDSA = cng.PrivateKeyECDSA -+ -+func GenerateKeyECDSA(curve string) (X, Y, D cng.BigInt, err error) { -+ return cng.GenerateKeyECDSA(curve) -+} -+ -+func NewPrivateKeyECDSA(curve string, X, Y, D cng.BigInt) (*cng.PrivateKeyECDSA, error) { -+ return cng.NewPrivateKeyECDSA(curve, X, Y, D) -+} -+ -+func NewPublicKeyECDSA(curve string, X, Y cng.BigInt) (*cng.PublicKeyECDSA, error) { -+ return cng.NewPublicKeyECDSA(curve, X, Y) -+} -+ -+//go:linkname encodeSignature crypto/ecdsa.encodeSignature -+func encodeSignature(r, s []byte) ([]byte, error) -+ -+//go:linkname parseSignature crypto/ecdsa.parseSignature -+func parseSignature(sig []byte) (r, s []byte, err error) -+ -+func SignMarshalECDSA(priv *cng.PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ r, s, err := cng.SignECDSA(priv, hash) -+ if err != nil { -+ return nil, err -+ } -+ return encodeSignature(r, s) -+} -+ -+func VerifyECDSA(pub *cng.PublicKeyECDSA, hash []byte, sig []byte) bool { -+ rBytes, sBytes, err := parseSignature(sig) -+ if err != nil { -+ return false -+ } -+ return cng.VerifyECDSA(pub, hash, cng.BigInt(rBytes), cng.BigInt(sBytes)) -+} -+ -+func SignECDSA(priv *cng.PrivateKeyECDSA, hash []byte) (r, s cng.BigInt, err error) { -+ return cng.SignECDSA(priv, hash) -+} -+ -+func VerifyECDSARaw(pub *cng.PublicKeyECDSA, hash []byte, r, s cng.BigInt) bool { -+ return cng.VerifyECDSA(pub, hash, r, s) -+} -+ -+func SupportsRSAKeyPrimes(primes int) bool { -+ // CNG only supports 2-prime RSA keys. -+ return primes == 2 -+} -+ -+func SupportsRSASaltLength(sign bool, salt int) bool { -+ if sign { -+ return true -+ } -+ return salt != 0 // rsa.PSSSaltLengthAuto -+} -+ -+type PublicKeyRSA = cng.PublicKeyRSA -+type PrivateKeyRSA = cng.PrivateKeyRSA -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *cng.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ return cng.DecryptRSAOAEP(h, priv, ciphertext, label) -+} -+ -+func DecryptRSAPKCS1(priv *cng.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return cng.DecryptRSAPKCS1(priv, ciphertext) -+} -+ -+func DecryptRSANoPadding(priv *cng.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return cng.DecryptRSANoPadding(priv, ciphertext) -+} -+ -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *cng.PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ return cng.EncryptRSAOAEP(h, pub, msg, label) -+} -+ -+func EncryptRSAPKCS1(pub *cng.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return cng.EncryptRSAPKCS1(pub, msg) -+} -+ -+func EncryptRSANoPadding(pub *cng.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return cng.EncryptRSANoPadding(pub, msg) -+} -+ -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv cng.BigInt, err error) { -+ return cng.GenerateKeyRSA(bits) -+} -+ -+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv cng.BigInt) (*cng.PrivateKeyRSA, error) { -+ return cng.NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) -+} -+ -+func NewPublicKeyRSA(N, E cng.BigInt) (*cng.PublicKeyRSA, error) { -+ return cng.NewPublicKeyRSA(N, E) -+} -+ -+func SignRSAPKCS1v15(priv *cng.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return cng.SignRSAPKCS1v15(priv, h, hashed) -+} -+ -+func SignRSAPSS(priv *cng.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ return cng.SignRSAPSS(priv, h, hashed, saltLen) -+} -+ -+func VerifyRSAPKCS1v15(pub *cng.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ return cng.VerifyRSAPKCS1v15(pub, h, hashed, sig) -+} -+ -+func VerifyRSAPSS(pub *cng.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ return cng.VerifyRSAPSS(pub, h, hashed, sig, saltLen) -+} -+ -+type PrivateKeyECDH = cng.PrivateKeyECDH -+type PublicKeyECDH = cng.PublicKeyECDH -+ -+func ECDH(priv *cng.PrivateKeyECDH, pub *cng.PublicKeyECDH) ([]byte, error) { -+ return cng.ECDH(priv, pub) -+} -+ -+func GenerateKeyECDH(curve string) (*cng.PrivateKeyECDH, []byte, error) { -+ return cng.GenerateKeyECDH(curve) -+} -+ -+func NewPrivateKeyECDH(curve string, bytes []byte) (*cng.PrivateKeyECDH, error) { -+ return cng.NewPrivateKeyECDH(curve, bytes) -+} -+ -+func NewPublicKeyECDH(curve string, bytes []byte) (*cng.PublicKeyECDH, error) { -+ return cng.NewPublicKeyECDH(curve, bytes) -+} -+ -+func SupportsHKDF() bool { -+ return cng.SupportsHKDF() -+} -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ return cng.ExpandHKDF(h, pseudorandomKey, info, keyLength) -+} -+ -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ return cng.ExtractHKDF(h, secret, salt) -+} -+ -+func SupportsPBKDF2() bool { return true } -+ -+func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { -+ return cng.PBKDF2(password, salt, iter, keyLen, h) -+} -+ -+func SupportsTLS1PRF() bool { -+ return true -+} -+ -+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { -+ return cng.TLS1PRF(result, secret, label, seed, h) -+} -+ -+func SupportsDESCipher() bool { -+ return true -+} -+ -+func SupportsTripleDESCipher() bool { -+ return true -+} -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ return cng.NewDESCipher(key) -+} -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ return cng.NewTripleDESCipher(key) -+} -+ -+func SupportsRC4() bool { return true } -+ -+type RC4Cipher = cng.RC4Cipher -+ -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return cng.NewRC4Cipher(key) } -+ -+func SupportsEd25519() bool { return false } -+ -+type PublicKeyEd25519 struct{} -+ -+func (k PublicKeyEd25519) Bytes() ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+type PrivateKeyEd25519 struct{} -+ -+func (k PrivateKeyEd25519) Bytes() ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func GenerateKeyEd25519() (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ panic("cryptobackend: not available") -+} -+ -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ panic("cryptobackend: not available") -+} -+ -+type PrivateKeyDSA = cng.PrivateKeyDSA -+type PublicKeyDSA = cng.PublicKeyDSA -+ -+func SupportsDSA(l, n int) bool { -+ // These are the only N values supported by CNG -+ return n == 160 || n == 256 -+} -+ -+func GenerateParametersDSA(l, n int) (p, q, g cng.BigInt, err error) { -+ params, err := cng.GenerateParametersDSA(l) -+ if err != nil { -+ return nil, nil, nil, err -+ } -+ return params.P, params.Q, params.G, nil -+} -+ -+func GenerateKeyDSA(p, q, g cng.BigInt) (x, y cng.BigInt, err error) { -+ return cng.GenerateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}) -+} -+ -+func NewPrivateKeyDSA(p, q, g, x, y cng.BigInt) (*cng.PrivateKeyDSA, error) { -+ return cng.NewPrivateKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}, x, y) -+} -+ -+func NewPublicKeyDSA(p, q, g, y cng.BigInt) (*cng.PublicKeyDSA, error) { -+ return cng.NewPublicKeyDSA(cng.DSAParameters{P: p, Q: q, G: g}, y) -+} -+ -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (cng.BigInt, cng.BigInt, error)) (r, s cng.BigInt, err error) { -+ return cng.SignDSA(priv, hash) -+} -+ -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s cng.BigInt, encodeSignature func(r, s cng.BigInt) ([]byte, error)) bool { -+ return cng.VerifyDSA(pub, hashed, r, s) -+} -diff --git a/src/crypto/internal/backend/fips140/cng.go b/src/crypto/internal/backend/fips140/cng.go -new file mode 100644 -index 00000000000000..f769d15f94ab05 ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/cng.go -@@ -0,0 +1,33 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.cngcrypto -+ -+package fips140 -+ -+import ( -+ "internal/syscall/windows/sysdll" -+ "syscall" -+ "unsafe" -+) -+ -+// Don't use github.com/microsoft/go-crypto-winnative here. -+// The fips140 package should have minimal dependencies. -+// Also, don't directly query the system FIPS mode from the registry, -+// there are some no-longer documented legacy entries that can enable FIPS mode, -+// and BCryptGetFipsAlgorithmMode supports them all. -+var ( -+ bcrypt = syscall.MustLoadDLL(sysdll.Add("bcrypt.dll")) -+ -+ bcryptGetFipsAlgorithmMode = bcrypt.MustFindProc("BCryptGetFipsAlgorithmMode") -+) -+ -+func systemFIPSMode() bool { -+ var enabled uint32 -+ ret, _, _ := bcryptGetFipsAlgorithmMode.Call(uintptr(unsafe.Pointer(&enabled))) -+ if ret != 0 { -+ return false -+ } -+ return enabled != 0 -+} diff --git a/patches/0010-Update-default-go.env.patch b/patches/0006-Update-default-go.env.patch similarity index 100% rename from patches/0010-Update-default-go.env.patch rename to patches/0006-Update-default-go.env.patch diff --git a/patches/0007-Add-Darwin-crypto-backend.patch b/patches/0007-Add-Darwin-crypto-backend.patch deleted file mode 100644 index 6cd2cd3a969..00000000000 --- a/patches/0007-Add-Darwin-crypto-backend.patch +++ /dev/null @@ -1,547 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: George Adams -Date: Tue, 17 Dec 2024 13:17:39 +0000 -Subject: [PATCH] Add Darwin crypto backend - ---- - .gitignore | 2 + - .../internal/backend/bbig/big_darwin.go | 12 + - src/crypto/internal/backend/darwin_darwin.go | 359 ++++++++++++++++++ - src/crypto/internal/backend/fips140/darwin.go | 11 + - src/crypto/rsa/darwin.go | 71 ++++ - src/net/lookup_test.go | 3 + - src/runtime/pprof/vminfo_darwin_test.go | 6 + - 7 files changed, 464 insertions(+) - create mode 100644 src/crypto/internal/backend/bbig/big_darwin.go - create mode 100644 src/crypto/internal/backend/darwin_darwin.go - create mode 100644 src/crypto/internal/backend/fips140/darwin.go - create mode 100644 src/crypto/rsa/darwin.go - -diff --git a/.gitignore b/.gitignore -index c6512e64a4ef39..b3b01db73b009d 100644 ---- a/.gitignore -+++ b/.gitignore -@@ -46,6 +46,8 @@ _testmain.go - /test/run.out - /test/times.out - -+!/src/vendor/github.com/microsoft/go-crypto-darwin/internal/cryptokit/CryptoKit.o -+ - # This file includes artifacts of Go build that should not be checked in. - # For files created by specific development environment (e.g. editor), - # use alternative ways to exclude files from git. -diff --git a/src/crypto/internal/backend/bbig/big_darwin.go b/src/crypto/internal/backend/bbig/big_darwin.go -new file mode 100644 -index 00000000000000..77f3ca5d262769 ---- /dev/null -+++ b/src/crypto/internal/backend/bbig/big_darwin.go -@@ -0,0 +1,12 @@ -+// Copyright 2022 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.darwincrypto && cgo -+ -+package bbig -+ -+import "github.com/microsoft/go-crypto-darwin/bbig" -+ -+var Enc = bbig.Enc -+var Dec = bbig.Dec -diff --git a/src/crypto/internal/backend/darwin_darwin.go b/src/crypto/internal/backend/darwin_darwin.go -new file mode 100644 -index 00000000000000..2250852ada8cc8 ---- /dev/null -+++ b/src/crypto/internal/backend/darwin_darwin.go -@@ -0,0 +1,359 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.darwincrypto && darwin && cgo -+ -+// Package darwin provides access to DarwinCrypto implementation functions. -+// Check the variable Enabled to find out whether DarwinCrypto is available. -+// If DarwinCrypto is not available, the functions in this package all panic. -+package backend -+ -+import ( -+ "crypto" -+ "crypto/cipher" -+ "crypto/internal/boring/sig" -+ "crypto/internal/fips140/nistec" -+ "errors" -+ "hash" -+ _ "unsafe" -+ -+ "github.com/microsoft/go-crypto-darwin/xcrypto" -+) -+ -+// Enabled controls whether FIPS crypto is enabled. -+const Enabled = true -+ -+type BigInt = xcrypto.BigInt -+ -+func init() { -+ sig.BoringCrypto() -+} -+ -+const RandReader = xcrypto.RandReader -+ -+func SupportsHash(h crypto.Hash) bool { -+ return xcrypto.SupportsHash(h) -+} -+ -+func SupportsCurve(curve string) bool { -+ switch curve { -+ case "P-256", "P-384", "P-521": -+ return true -+ } -+ return false -+} -+ -+func SupportsRSAOAEPLabel(label []byte) bool { -+ // CommonCrypto doesn't support labels -+ // https://github.com/microsoft/go-crypto-darwin/issues/22 -+ return len(label) == 0 -+} -+ -+func SupportsPKCS1v15Hash(hash crypto.Hash) bool { -+ switch hash { -+ case crypto.SHA1, crypto.SHA224, crypto.SHA256, crypto.SHA384, crypto.SHA512, 0: -+ return true -+ } -+ return false -+} -+ -+func NewMD5() hash.Hash { return xcrypto.NewMD5() } -+func NewSHA1() hash.Hash { return xcrypto.NewSHA1() } -+func NewSHA224() hash.Hash { return xcrypto.NewSHA224() } -+func NewSHA256() hash.Hash { return xcrypto.NewSHA256() } -+func NewSHA384() hash.Hash { return xcrypto.NewSHA384() } -+func NewSHA512() hash.Hash { return xcrypto.NewSHA512() } -+ -+func MD5(p []byte) (sum [16]byte) { return xcrypto.MD5(p) } -+func SHA1(p []byte) (sum [20]byte) { return xcrypto.SHA1(p) } -+func SHA224(p []byte) (sum [28]byte) { return xcrypto.SHA224(p) } -+func SHA256(p []byte) (sum [32]byte) { return xcrypto.SHA256(p) } -+func SHA384(p []byte) (sum [48]byte) { return xcrypto.SHA384(p) } -+func SHA512(p []byte) (sum [64]byte) { return xcrypto.SHA512(p) } -+func SHA512_224(p []byte) (sum [28]byte) { panic("cryptobackend: not available") } -+func SHA512_256(p []byte) (sum [32]byte) { panic("cryptobackend: not available") } -+ -+func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { -+ return xcrypto.NewHMAC(h, key) -+} -+ -+func NewAESCipher(key []byte) (cipher.Block, error) { -+ return xcrypto.NewAESCipher(key) -+} -+ -+func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { -+ return xcrypto.NewGCMTLS(c) -+} -+ -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { -+ return xcrypto.NewGCMTLS13(c) -+} -+ -+type PublicKeyECDSA = xcrypto.PublicKeyECDSA -+type PrivateKeyECDSA = xcrypto.PrivateKeyECDSA -+ -+func GenerateKeyECDSA(curve string) (X, Y, D xcrypto.BigInt, err error) { -+ return xcrypto.GenerateKeyECDSA(curve) -+} -+ -+func NewPrivateKeyECDSA(curve string, X, Y, D xcrypto.BigInt) (*xcrypto.PrivateKeyECDSA, error) { -+ return xcrypto.NewPrivateKeyECDSA(curve, X, Y, D) -+} -+ -+func NewPublicKeyECDSA(curve string, X, Y xcrypto.BigInt) (*xcrypto.PublicKeyECDSA, error) { -+ return xcrypto.NewPublicKeyECDSA(curve, X, Y) -+} -+ -+//go:linkname encodeSignature crypto/ecdsa.encodeSignature -+func encodeSignature(r, s []byte) ([]byte, error) -+ -+//go:linkname parseSignature crypto/ecdsa.parseSignature -+func parseSignature(sig []byte) (r, s []byte, err error) -+ -+func SignMarshalECDSA(priv *xcrypto.PrivateKeyECDSA, hash []byte) ([]byte, error) { -+ return xcrypto.SignMarshalECDSA(priv, hash) -+} -+ -+func VerifyECDSA(pub *xcrypto.PublicKeyECDSA, hash []byte, sig []byte) bool { -+ return xcrypto.VerifyECDSA(pub, hash, sig) -+} -+ -+func SupportsRSAKeyPrimes(primes int) bool { -+ return primes == 2 -+} -+ -+func SupportsRSASaltLength(sign bool, salt int) bool { -+ // CommonCrypto doesn't support custom salt length -+ return salt == -1 -+} -+ -+type PublicKeyRSA = xcrypto.PublicKeyRSA -+type PrivateKeyRSA = xcrypto.PrivateKeyRSA -+ -+func DecryptRSAOAEP(h, mgfHash hash.Hash, priv *xcrypto.PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) { -+ return xcrypto.DecryptRSAOAEP(h, priv, ciphertext, label) -+} -+ -+func DecryptRSAPKCS1(priv *xcrypto.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return xcrypto.DecryptRSAPKCS1(priv, ciphertext) -+} -+ -+func DecryptRSANoPadding(priv *xcrypto.PrivateKeyRSA, ciphertext []byte) ([]byte, error) { -+ return xcrypto.DecryptRSANoPadding(priv, ciphertext) -+} -+ -+func EncryptRSAOAEP(h, mgfHash hash.Hash, pub *xcrypto.PublicKeyRSA, msg, label []byte) ([]byte, error) { -+ return xcrypto.EncryptRSAOAEP(h, pub, msg, label) -+} -+ -+func EncryptRSAPKCS1(pub *xcrypto.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return xcrypto.EncryptRSAPKCS1(pub, msg) -+} -+ -+func EncryptRSANoPadding(pub *xcrypto.PublicKeyRSA, msg []byte) ([]byte, error) { -+ return xcrypto.EncryptRSANoPadding(pub, msg) -+} -+ -+//go:linkname decodeKeyRSA crypto/rsa.decodeKey -+func decodeKeyRSA(data []byte) (N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt, err error) -+ -+//go:linkname encodeKeyRSA crypto/rsa.encodeKey -+func encodeKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt) ([]byte, error) -+ -+//go:linkname encodePublicKeyRSA crypto/rsa.encodePublicKey -+func encodePublicKeyRSA(N, E xcrypto.BigInt) ([]byte, error) -+ -+func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt, err error) { -+ data, err := xcrypto.GenerateKeyRSA(bits) -+ if err != nil { -+ return -+ } -+ return decodeKeyRSA(data) -+} -+ -+func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv xcrypto.BigInt) (*xcrypto.PrivateKeyRSA, error) { -+ encoded, err := encodeKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv) -+ if err != nil { -+ return nil, err -+ } -+ return xcrypto.NewPrivateKeyRSA(encoded) -+} -+ -+func NewPublicKeyRSA(N, E xcrypto.BigInt) (*xcrypto.PublicKeyRSA, error) { -+ encoded, err := encodePublicKeyRSA(N, E) -+ if err != nil { -+ return nil, err -+ } -+ return xcrypto.NewPublicKeyRSA(encoded) -+} -+ -+func SignRSAPKCS1v15(priv *xcrypto.PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) { -+ return xcrypto.SignRSAPKCS1v15(priv, h, hashed) -+} -+ -+func SignRSAPSS(priv *xcrypto.PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) { -+ return xcrypto.SignRSAPSS(priv, h, hashed, saltLen) -+} -+ -+func VerifyRSAPKCS1v15(pub *xcrypto.PublicKeyRSA, h crypto.Hash, hashed, sig []byte) error { -+ return xcrypto.VerifyRSAPKCS1v15(pub, h, hashed, sig) -+} -+ -+func VerifyRSAPSS(pub *xcrypto.PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { -+ return xcrypto.VerifyRSAPSS(pub, h, hashed, sig, saltLen) -+} -+ -+type PrivateKeyECDH = xcrypto.PrivateKeyECDH -+type PublicKeyECDH = xcrypto.PublicKeyECDH -+ -+func ECDH(priv *xcrypto.PrivateKeyECDH, pub *xcrypto.PublicKeyECDH) ([]byte, error) { -+ return xcrypto.ECDH(priv, pub) -+} -+ -+func GenerateKeyECDH(curve string) (*xcrypto.PrivateKeyECDH, []byte, error) { -+ return xcrypto.GenerateKeyECDH(curve) -+} -+ -+func NewPrivateKeyECDH(curve string, bytes []byte) (*xcrypto.PrivateKeyECDH, error) { -+ var key []byte -+ switch curve { -+ case "P-256": -+ p, err := nistec.NewP256Point().ScalarBaseMult(bytes) -+ if err != nil { -+ return nil, err -+ } -+ key = p.Bytes() -+ case "P-384": -+ p, err := nistec.NewP384Point().ScalarBaseMult(bytes) -+ if err != nil { -+ return nil, err -+ } -+ key = p.Bytes() -+ case "P-521": -+ p, err := nistec.NewP521Point().ScalarBaseMult(bytes) -+ if err != nil { -+ return nil, err -+ } -+ key = p.Bytes() -+ default: -+ return nil, errors.New("NewPrivateKeyECDH: unsupported curve: " + curve) -+ } -+ return xcrypto.NewPrivateKeyECDH(curve, key, bytes) -+} -+ -+func NewPublicKeyECDH(curve string, bytes []byte) (*xcrypto.PublicKeyECDH, error) { -+ return xcrypto.NewPublicKeyECDH(curve, bytes) -+} -+ -+func SupportsHKDF() bool { -+ return true -+} -+ -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte, keyLength int) ([]byte, error) { -+ return xcrypto.ExpandHKDF(h, pseudorandomKey, info, keyLength) -+} -+ -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { -+ return xcrypto.ExtractHKDF(h, secret, salt) -+} -+ -+func SupportsPBKDF2() bool { -+ return true -+} -+ -+func PBKDF2(pass, salt []byte, iter, keyLen int, h func() hash.Hash) ([]byte, error) { -+ return xcrypto.PBKDF2(pass, salt, iter, keyLen, h) -+} -+ -+func SupportsTLS1PRF() bool { -+ return false -+} -+ -+func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error { -+ panic("cryptobackend: not available") -+} -+ -+func SupportsDESCipher() bool { -+ return true -+} -+ -+func SupportsTripleDESCipher() bool { -+ return true -+} -+ -+func NewDESCipher(key []byte) (cipher.Block, error) { -+ return xcrypto.NewDESCipher(key) -+} -+ -+func NewTripleDESCipher(key []byte) (cipher.Block, error) { -+ return xcrypto.NewTripleDESCipher(key) -+} -+ -+func SupportsRC4() bool { return true } -+ -+type RC4Cipher = xcrypto.RC4Cipher -+ -+func NewRC4Cipher(key []byte) (*RC4Cipher, error) { return xcrypto.NewRC4Cipher(key) } -+ -+func SupportsEd25519() bool { -+ return true -+} -+ -+type PublicKeyEd25519 = xcrypto.PublicKeyEd25519 -+type PrivateKeyEd25519 = xcrypto.PrivateKeyEd25519 -+ -+func GenerateKeyEd25519() (PrivateKeyEd25519, error) { -+ return xcrypto.GenerateKeyEd25519(), nil -+} -+ -+func NewPrivateKeyEd25519(priv []byte) (PrivateKeyEd25519, error) { -+ return xcrypto.NewPrivateKeyEd25519(priv) -+} -+ -+func NewPublicKeyEd25519(pub []byte) (PublicKeyEd25519, error) { -+ return xcrypto.NewPublicKeyEd25519(pub) -+} -+ -+func NewPrivateKeyEd25519FromSeed(seed []byte) (PrivateKeyEd25519, error) { -+ return xcrypto.NewPrivateKeyEd25519FromSeed(seed) -+} -+ -+func SignEd25519(priv PrivateKeyEd25519, message []byte) ([]byte, error) { -+ return xcrypto.SignEd25519(priv, message) -+} -+ -+func VerifyEd25519(pub PublicKeyEd25519, message, sig []byte) error { -+ return xcrypto.VerifyEd25519(pub, message, sig) -+} -+ -+func SupportsDSA(l, n int) bool { -+ return false -+} -+ -+func GenerateParametersDSA(l, n int) (p, q, g xcrypto.BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+type PrivateKeyDSA struct{} -+type PublicKeyDSA struct{} -+ -+func GenerateKeyDSA(p, q, g xcrypto.BigInt) (x, y xcrypto.BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPrivateKeyDSA(p, q, g, x, y xcrypto.BigInt) (*PrivateKeyDSA, error) { -+ panic("cryptobackend: not available") -+} -+ -+func NewPublicKeyDSA(p, q, g, y xcrypto.BigInt) (*PublicKeyDSA, error) { -+ panic("cryptobackend: not available") -+} -+ -+func SignDSA(priv *PrivateKeyDSA, hash []byte, parseSignature func([]byte) (xcrypto.BigInt, xcrypto.BigInt, error)) (r, s xcrypto.BigInt, err error) { -+ panic("cryptobackend: not available") -+} -+ -+func VerifyDSA(pub *PublicKeyDSA, hashed []byte, r, s xcrypto.BigInt, encodeSignature func(r, s xcrypto.BigInt) ([]byte, error)) bool { -+ panic("cryptobackend: not available") -+} -diff --git a/src/crypto/internal/backend/fips140/darwin.go b/src/crypto/internal/backend/fips140/darwin.go -new file mode 100644 -index 00000000000000..ef5af5d956163e ---- /dev/null -+++ b/src/crypto/internal/backend/fips140/darwin.go -@@ -0,0 +1,11 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.darwincrypto -+ -+package fips140 -+ -+func systemFIPSMode() bool { -+ return false -+} -diff --git a/src/crypto/rsa/darwin.go b/src/crypto/rsa/darwin.go -new file mode 100644 -index 00000000000000..1b9c63523ee90e ---- /dev/null -+++ b/src/crypto/rsa/darwin.go -@@ -0,0 +1,71 @@ -+// Copyright 2017 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+//go:build goexperiment.darwincrypto -+ -+package rsa -+ -+import ( -+ "crypto/internal/backend" -+ "crypto/internal/backend/bbig" -+ "errors" -+ "math/big" -+ _ "unsafe" -+ -+ "golang.org/x/crypto/cryptobyte" -+ "golang.org/x/crypto/cryptobyte/asn1" -+) -+ -+//go:linkname decodeKey -+func decodeKey(data []byte) (N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt, err error) { -+ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt, err error) { -+ return nil, nil, nil, nil, nil, nil, nil, nil, e -+ } -+ input := cryptobyte.String(data) -+ var version int -+ n, e, d, p, q, dp, dq, qinv := new(big.Int), new(big.Int), new(big.Int), new(big.Int), -+ new(big.Int), new(big.Int), new(big.Int), new(big.Int) -+ // Parse the ASN.1 sequence -+ if !input.ReadASN1(&input, asn1.SEQUENCE) { -+ return bad(errors.New("invalid ASN.1 structure: not a sequence")) -+ } -+ if !input.ReadASN1Integer(&version) || version != 0 { -+ return bad(errors.New("invalid ASN.1 structure: unsupported version")) -+ } -+ if !input.ReadASN1Integer(n) || !input.ReadASN1Integer(e) || -+ !input.ReadASN1Integer(d) || !input.ReadASN1Integer(p) || -+ !input.ReadASN1Integer(q) || !input.ReadASN1Integer(dp) || -+ !input.ReadASN1Integer(dq) || !input.ReadASN1Integer(qinv) { -+ return bad(errors.New("invalid ASN.1 structure")) -+ } -+ return bbig.Enc(n), bbig.Enc(e), bbig.Enc(d), bbig.Enc(p), bbig.Enc(q), -+ bbig.Enc(dp), bbig.Enc(dq), bbig.Enc(qinv), nil -+} -+ -+//go:linkname encodeKey -+func encodeKey(N, E, D, P, Q, Dp, Dq, Qinv backend.BigInt) ([]byte, error) { -+ builder := cryptobyte.NewBuilder(nil) -+ builder.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { -+ b.AddASN1Int64(0) // Add version as int64 -+ b.AddASN1BigInt(bbig.Dec(N)) // Add modulus -+ b.AddASN1BigInt(bbig.Dec(E)) // Add public exponent -+ b.AddASN1BigInt(bbig.Dec(D)) // Add private exponent -+ b.AddASN1BigInt(bbig.Dec(P)) // Add prime1 -+ b.AddASN1BigInt(bbig.Dec(Q)) // Add prime2 -+ b.AddASN1BigInt(bbig.Dec(Dp)) // Add exponent1 -+ b.AddASN1BigInt(bbig.Dec(Dq)) // Add exponent2 -+ b.AddASN1BigInt(bbig.Dec(Qinv)) // Add coefficient -+ }) -+ return builder.Bytes() -+} -+ -+//go:linkname encodePublicKey -+func encodePublicKey(N, E backend.BigInt) ([]byte, error) { -+ builder := cryptobyte.NewBuilder(nil) -+ builder.AddASN1(asn1.SEQUENCE, func(b *cryptobyte.Builder) { -+ b.AddASN1BigInt(bbig.Dec(N)) // Add modulus -+ b.AddASN1BigInt(bbig.Dec(E)) // Add public exponent -+ }) -+ return builder.Bytes() -+} -diff --git a/src/net/lookup_test.go b/src/net/lookup_test.go -index 514cbd098ae772..8ec689416dde1d 100644 ---- a/src/net/lookup_test.go -+++ b/src/net/lookup_test.go -@@ -1501,6 +1501,9 @@ func TestLookupPortIPNetworkString(t *testing.T) { - } - - func TestLookupNoSuchHost(t *testing.T) { -+ if runtime.GOOS == "darwin" { -+ t.Skip("skipping on darwin; see https://github.com/microsoft/go/issues/1394") -+ } - mustHaveExternalNetwork(t) - - const testNXDOMAIN = "invalid.invalid." -diff --git a/src/runtime/pprof/vminfo_darwin_test.go b/src/runtime/pprof/vminfo_darwin_test.go -index 6d375c5d53368a..39154b000ddc67 100644 ---- a/src/runtime/pprof/vminfo_darwin_test.go -+++ b/src/runtime/pprof/vminfo_darwin_test.go -@@ -11,6 +11,7 @@ import ( - "bytes" - "fmt" - "internal/abi" -+ "internal/goexperiment" - "internal/testenv" - "os" - "os/exec" -@@ -21,6 +22,11 @@ import ( - ) - - func TestVMInfo(t *testing.T) { -+ if goexperiment.DarwinCrypto { -+ // Fails on macOS when using system crypto. -+ // https://github.com/microsoft/go/issues/1466 -+ t.Skip("skipping on Darwin") -+ } - var begin, end, offset uint64 - var filename string - first := true diff --git a/patches/0011-Skip-failing-tests-on-Windows.patch b/patches/0007-Skip-failing-tests-on-Windows.patch similarity index 100% rename from patches/0011-Skip-failing-tests-on-Windows.patch rename to patches/0007-Skip-failing-tests-on-Windows.patch diff --git a/patches/0012-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0008-unset-GOFIPS-when-running-the-Go-toolchain.patch similarity index 100% rename from patches/0012-unset-GOFIPS-when-running-the-Go-toolchain.patch rename to patches/0008-unset-GOFIPS-when-running-the-Go-toolchain.patch diff --git a/patches/0013-add-support-for-logging-used-Windows-APIs.patch b/patches/0009-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0013-add-support-for-logging-used-Windows-APIs.patch rename to patches/0009-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0014-remove-long-path-support-hack.patch b/patches/0010-remove-long-path-support-hack.patch similarity index 100% rename from patches/0014-remove-long-path-support-hack.patch rename to patches/0010-remove-long-path-support-hack.patch diff --git a/patches/0015-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0011-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0015-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0011-Omit-internal-go.mod-files-used-for-codegen.patch diff --git a/patches/0016-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0012-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch similarity index 100% rename from patches/0016-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch rename to patches/0012-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch From d5d6f7734275f0a7ae53af36a5f6e50b43e99e05 Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 15 Jan 2025 16:01:29 +0000 Subject: [PATCH 193/887] darwin: document darwincrypto goexperiment in fips README.md --- eng/doc/fips/README.md | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 6c2ddef7fd9..9aa1a4db368 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -27,7 +27,7 @@ In addition to that, the boringcrypto flag also provides a mechanism to restrict The Microsoft Go fork modifies the Go runtime to implement several crypto primitives using cgo to call into a platform-provided cryptographic library rather than use the standard Go crypto implementations. This allows Go programs to use a platform-provided FIPS 140-2 certified crypto library. -On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. Similar to BoringSSL, certain OpenSSL and CNG versions are FIPS 140-2 certified. +On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140-2 certified. It is important to note that an application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_. It is the responsibility of the application development team to use FIPS-compliant crypto primitives and workflows. The modified crypto runtime will fall back to Go standard library crypto if it cannot provide a FIPS-compliant implementation, e.g. when hashing a message using `crypto/md5` hashes or when using an AES-GCM cipher with a non-standard nonce size. @@ -87,6 +87,7 @@ The `GOEXPERIMENT` environment variable is used at build time to select a crypto - Prior to Go 1.21, this alias is not available and the backend must be selected manually - `opensslcrypto` selects OpenSSL, for Linux - `cngcrypto` selects CNG, for Windows +- `darwincrypto` selects CommonCrypto & CryptoKit for macOS - `boringcrypto` selects the upstream BoringCrypto backend, which is **not supported nor compliant** - If no option is selected, Go standard library cryptography is used. @@ -98,7 +99,7 @@ The options are exclusive and must not be enabled at the same time as one anothe | --- | --- | --- | | Linux | `opensslcrypto` | OpenSSL | | Windows | `cngcrypto` | CNG | -| macOS (not supported: [microsoft/go#1013](https://github.com/microsoft/go/issues/1013)) | N/A, build error | N/A | +| macOS | `darwincrypto` | CommonCrypto & CryptoKit | The crypto backend selection must match the target platform. In a cross-build scenario, such as using Linux to build an app that will run on Windows, `GOOS=windows GOEXPERIMENT=systemcrypto` will correctly select `cngcrypto`. Prior to Go 1.21, the selection must be made manually: `GOOS=windows GOEXPERIMENT=cngcrypto`. @@ -147,7 +148,7 @@ Another approach that generally works for any build system is to modify the buil > [!NOTE] > Prior to Go 1.21, `systemcrypto` doesn't exist and `opensslcrypto` or `cngcrypto` must be used depending on the target platform. -#### Linux shell (bash) - Set `GOEXPERIMENT` environment variable +#### Linux/macOS shell (bash) - Set `GOEXPERIMENT` environment variable - Set the environment variable for all future commands: ```sh @@ -156,7 +157,7 @@ Another approach that generally works for any build system is to modify the buil go build ./myapp2 ``` - Or set the environment variable for only one command: - ``` + ```sh GOEXPERIMENT=systemcrypto go build ./myapp ``` @@ -180,7 +181,7 @@ Another approach that generally works for any build system is to modify the buil - Instead of assigning `GOEXPERIMENT` directly, you can assign `GOFLAGS` to pass `-tags` to `go build`. This is useful if you already use `GOFLAGS` for other purposes, or if it would be difficult to modify `GOEXPERIMENT` for some other reason. - This is generally not necessary, and using the simpler `GOEXPERIMENT` environment variable is recommended. -- Linux shell: +- Linux/macOS shell: ``` export GOFLAGS='-tags=goexperiment.systemcrypto' go build ./myapp @@ -196,7 +197,7 @@ Another approach that generally works for any build system is to modify the buil ## Usage: Runtime -A program built with `systemcrypto` always uses the system-provided cryptography library for supported crypto APIs. This is the case for `opensslcrypto` (always using OpenSSL) and `cngcrypto` (always using CNG). If the platform's crypto library can't be found or loaded, the Go program panics during initialization. +A program built with `systemcrypto` always uses the system-provided cryptography library for supported crypto APIs. This is the case for `opensslcrypto` (always using OpenSSL), `cngcrypto` (always using CNG) and `darwincrypto` (always using CommonCrypto/CryptoKit). If the platform's crypto library can't be found or loaded, the Go program panics during initialization. The following sections describe how to enable FIPS mode and the effect of the `GOFIPS` environment variable on each supported platform. @@ -229,6 +230,10 @@ If the Go runtime detects `GOFIPS=1` and FIPS policy is not enabled, the program For testing purposes, Windows FIPS policy can be enabled via the registry key `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy`, dword value `Enabled` set to `1`. +### macOS FIPS mode (CommonCrypto/CryptoKit) + +CommonCrypo/CrytoKit is FIPS compliant by default. This means that regardless of which mode you set `GOFIPS` to, the cryptographic functions will always be FIPS-enabled. + ## Usage: Extra configuration options ### Build option to require FIPS mode @@ -438,6 +443,7 @@ This list of major changes is intended for quick reference and for access to his [go-crypto-openssl]: https://github.com/microsoft/go-crypto-openssl [golang-fips/openssl]: https://github.com/golang-fips/openssl [go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative +[go-crypto-darwin]: https://github.com/microsoft/go-crypto-darwin [dlopen]: https://man7.org/linux/man-pages/man3/dlopen.3.html [microsoft-go-download]: https://github.com/microsoft/go#binary-distribution [microsoft-go-images]: https://github.com/microsoft/go-images From ce8e5ffe759f2bd8b22cc4db04e278a90d669bdc Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 15 Jan 2025 20:53:10 +0000 Subject: [PATCH 194/887] Update submodule to latest master (368a9ec9): encoding/json: cleanup tests --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 44a6f817ea0..368a9ec9983 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 44a6f817ea0fbeb3ba4aa398794c4e80dba13b1e +Subproject commit 368a9ec99834652ca3f7d8fe24862a7581e12358 From b16474a6c9560c8d78b284bfa1d3cd99add04eca Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 15 Jan 2025 13:01:02 -0800 Subject: [PATCH 195/887] Update CrossPlatformCryptography.md: fix FIPS readme link (#1491) --- eng/doc/CrossPlatformCryptography.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index 5e5196ecc0a..d544ef55da6 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -1,7 +1,7 @@ # Cross-Platform Cryptography in Microsoft Go -Cryptographic operations in Microsoft Go are delegated to the operating system (OS) libraries in some conditions described. -The high level conditions and the benefits of delegating cryptographic operations are described in the [Microsoft Go FIPS README](./Readme.md). +Cryptographic operations in Microsoft Go are delegated to the operating system (OS) libraries in some conditions. +The high level conditions and the benefits of delegating cryptographic operations are described in the [Microsoft Go FIPS README](./fips/README.md). At a fine-grained level, Go apps will fall back to the native Go implementation of an algorithm if the OS libraries don't support it. This article identifies the features that are supported on each platform. From 03caff28d576a086d4d5716a2168962716b6add3 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 16 Jan 2025 09:47:00 +0000 Subject: [PATCH 196/887] backends: update all vendor backends to latest --- patches/0002-Vendor-crypto-backends.patch | 168 ++++++++++++++++------ 1 file changed, 124 insertions(+), 44 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 548d456466d..37cdfc006f3 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -6,7 +6,7 @@ Subject: [PATCH] Vendor crypto backends To reproduce changes in 'src/vendor', run 'go mod vendor' in 'src'. Use a 'go' that was recently built by the current branch to ensure stable results. --- - src/crypto/internal/backend/deps_ignore.go | 19 + + src/crypto/internal/backend/deps_ignore.go | 22 + src/go.mod | 6 + src/go.sum | 6 + src/go/build/deps_test.go | 17 +- @@ -35,7 +35,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../github.com/golang-fips/openssl/v2/init.go | 64 ++ .../golang-fips/openssl/v2/init_unix.go | 31 + .../golang-fips/openssl/v2/init_windows.go | 36 + - .../golang-fips/openssl/v2/openssl.go | 469 ++++++++++++ + .../golang-fips/openssl/v2/openssl.go | 506 +++++++++++++ .../golang-fips/openssl/v2/params.go | 210 ++++++ .../golang-fips/openssl/v2/pbkdf2.go | 62 ++ .../golang-fips/openssl/v2/port_dsa.c | 85 +++ @@ -85,7 +85,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-winnative/cng/dsa.go | 465 ++++++++++++ .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 +++++++ .../go-crypto-winnative/cng/ecdsa.go | 169 +++++ - .../microsoft/go-crypto-winnative/cng/hash.go | 312 ++++++++ + .../microsoft/go-crypto-winnative/cng/hash.go | 325 ++++++++ .../microsoft/go-crypto-winnative/cng/hkdf.go | 124 +++ .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++++ @@ -93,7 +93,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-winnative/cng/rand.go | 28 + .../microsoft/go-crypto-winnative/cng/rc4.go | 65 ++ .../microsoft/go-crypto-winnative/cng/rsa.go | 396 ++++++++++ - .../microsoft/go-crypto-winnative/cng/sha3.go | 284 +++++++ + .../microsoft/go-crypto-winnative/cng/sha3.go | 311 ++++++++ .../go-crypto-winnative/cng/tls1prf.go | 88 +++ .../internal/bcrypt/bcrypt_windows.go | 368 +++++++++ .../internal/bcrypt/ntstatus_windows.go | 45 ++ @@ -101,7 +101,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 16 + - 95 files changed, 13707 insertions(+), 3 deletions(-) + 95 files changed, 13787 insertions(+), 3 deletions(-) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -195,10 +195,10 @@ Use a 'go' that was recently built by the current branch to ensure stable result diff --git a/src/crypto/internal/backend/deps_ignore.go b/src/crypto/internal/backend/deps_ignore.go new file mode 100644 -index 00000000000000..ba6d196a54f69d +index 00000000000000..ae4055d2d71303 --- /dev/null +++ b/src/crypto/internal/backend/deps_ignore.go -@@ -0,0 +1,19 @@ +@@ -0,0 +1,22 @@ +// Copyright 2025 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -211,6 +211,9 @@ index 00000000000000..ba6d196a54f69d + _ "github.com/golang-fips/openssl/v2" + _ "github.com/golang-fips/openssl/v2/bbig" + ++ _ "github.com/microsoft/go-crypto-darwin/bbig" ++ _ "github.com/microsoft/go-crypto-darwin/xcrypto" ++ + _ "github.com/microsoft/go-crypto-winnative/cng" + _ "github.com/microsoft/go-crypto-winnative/cng/bbig" +) @@ -219,7 +222,7 @@ index 00000000000000..ba6d196a54f69d +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..45152e6f54937b 100644 +index 7a1318dcac32ba..18a071a7428728 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -228,21 +231,21 @@ index 7a1318dcac32ba..45152e6f54937b 100644 ) + +require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 -+ github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6 ++ github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c ++ github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 +) diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..5683f4da5e4f04 100644 +index 9e661352f16e0b..a2513aafc35631 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 h1:OhuURhDVbg+f/BvlG+qT5sQVkutwhI0Kmsy7koQ4l9A= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146 h1:xg58D1m8jeq0lkMf7TmcLZXCAK/PRlT0aG02PYlA6C0= -+github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6 h1:FFp7Q2AwYX+IQhhQt3ljQDdWtG5ZbRu0u3ohWQdFow8= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c h1:cPW7Q78w6ubgnQTxOFz5YuFmrXzt+p2UA+gSk/KAuDM= ++github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 h1:97wOagHu7OExwU929NjuPIlUEUaFIQtffQMaVj0mR5E= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= @@ -5116,10 +5119,10 @@ index 00000000000000..3778e21227abb9 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go new file mode 100644 -index 00000000000000..145b082f1b771c +index 00000000000000..ec39bf1533cae0 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,469 @@ +@@ -0,0 +1,506 @@ +//go:build !cmd_go_bootstrap + +// Package openssl provides access to OpenSSL cryptographic functions. @@ -5256,6 +5259,37 @@ index 00000000000000..145b082f1b771c + } +} + ++// FIPSCapable returns true if the provider used by default matches the `fips=yes` query. ++// It is useful for checking whether OpenSSL is capable of running in FIPS mode regardless ++// of whether FIPS mode is explicitly enabled. For example, Azure Linux 3 doesn't set the ++// `fips=yes` query in the default properties, but sets the default provider to be SCOSSL, ++// which is FIPS-capable. ++// ++// Considerations: ++// - Multiple calls to FIPSCapable can return different values if [SetFIPS] is called in between. ++// - Can return true even if [FIPS] returns false, because [FIPS] also checks whether ++// the default properties contain `fips=yes`. ++// - When using OpenSSL 3, will always return true if [FIPS] returns true. ++// - When using OpenSSL 1, Will always return the same value as [FIPS]. ++// - OpenSSL 3 doesn't provide a way to know if a provider is FIPS-capable. This function uses ++// some heuristics that should be treated as an implementation detail that may change in the future. ++func FIPSCapable() bool { ++ if FIPS() { ++ return true ++ } ++ if vMajor == 3 { ++ // Load the provider with and without the `fips=yes` query. ++ // If the providers are the same, then the default provider is FIPS-capable. ++ provFIPS := sha256Provider(propFIPS) ++ if provFIPS == nil { ++ return false ++ } ++ provDefault := sha256Provider(nil) ++ return provFIPS == provDefault ++ } ++ return false ++} ++ +// isProviderAvailable checks if the provider with the given name is available. +// This function is used in export_test.go, but must be defined here as test files can't access C functions. +func isProviderAvailable(name string) bool { @@ -5315,16 +5349,22 @@ index 00000000000000..145b082f1b771c + } +} + -+// proveSHA256 checks if the SHA-256 algorithm is available ++// sha256Provider returns the provider for the SHA-256 algorithm +// using the given properties. -+func proveSHA256(props *C.char) bool { ++func sha256Provider(props *C.char) C.GO_OSSL_PROVIDER_PTR { + md := C.go_openssl_EVP_MD_fetch(nil, algorithmSHA256, props) + if md == nil { + C.go_openssl_ERR_clear_error() -+ return false ++ return nil + } -+ C.go_openssl_EVP_MD_free(md) -+ return true ++ defer C.go_openssl_EVP_MD_free(md) ++ return C.go_openssl_EVP_MD_get0_provider(md) ++} ++ ++// proveSHA256 checks if the SHA-256 algorithm is available ++// using the given properties. ++func proveSHA256(props *C.char) bool { ++ return sha256Provider(props) != nil +} + +// noescape hides a pointer from escape analysis. noescape is @@ -12434,10 +12474,10 @@ index 00000000000000..586e9ae2ebb0c9 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go new file mode 100644 -index 00000000000000..a674496f18a3af +index 00000000000000..b97e638e4a98ed --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -0,0 +1,312 @@ +@@ -0,0 +1,325 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -12449,6 +12489,7 @@ index 00000000000000..a674496f18a3af +import ( + "bytes" + "crypto" ++ "errors" + "hash" + "runtime" + "unsafe" @@ -12690,6 +12731,18 @@ index 00000000000000..a674496f18a3af + return int(h.alg.blockSize) +} + ++func (hx *hashX) MarshalBinary() ([]byte, error) { ++ return nil, errors.New("cng: hash state is not marshallable") ++} ++ ++func (hx *hashX) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errors.New("cng: hash state is not marshallable") ++} ++ ++func (hx *hashX) UnmarshalBinary(data []byte) error { ++ return errors.New("cng: hash state is not marshallable") ++} ++ +// hashData writes p to ctx. It panics on error. +func hashData(ctx bcrypt.HASH_HANDLE, p []byte) { + var n int @@ -13732,10 +13785,10 @@ index 00000000000000..0269f9cf86539e +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go new file mode 100644 -index 00000000000000..d7aa193e00e653 +index 00000000000000..15c1345475a3b1 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/sha3.go -@@ -0,0 +1,284 @@ +@@ -0,0 +1,311 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -13745,6 +13798,7 @@ index 00000000000000..d7aa193e00e653 +package cng + +import ( ++ "errors" + "hash" + "runtime" + "unsafe" @@ -13796,17 +13850,19 @@ index 00000000000000..d7aa193e00e653 + return out +} + -+// SupportsSHAKE128 returns true if the SHAKE128 extendable output function is -+// supported. -+func SupportsSHAKE128() bool { -+ _, err := loadHash(bcrypt.CSHAKE128_ALGORITHM, bcrypt.ALG_NONE_FLAG) -+ return err == nil -+} -+ -+// SupportsSHAKE256 returns true if the SHAKE256 extendable output function is -+// supported. -+func SupportsSHAKE256() bool { -+ _, err := loadHash(bcrypt.CSHAKE256_ALGORITHM, bcrypt.ALG_NONE_FLAG) ++// SupportsSHAKE returns true if the SHAKE and CSHAKE extendable output functions ++// with the given securityBits are supported. ++func SupportsSHAKE(securityBits int) bool { ++ var id string ++ switch securityBits { ++ case 128: ++ id = bcrypt.CSHAKE128_ALGORITHM ++ case 256: ++ id = bcrypt.CSHAKE256_ALGORITHM ++ default: ++ return false ++ } ++ _, err := loadHash(id, bcrypt.ALG_NONE_FLAG) + return err == nil +} + @@ -13900,6 +13956,18 @@ index 00000000000000..d7aa193e00e653 + return int(h.alg.blockSize) +} + ++func (ds *DigestSHA3) MarshalBinary() ([]byte, error) { ++ return nil, errors.New("cng: hash state is not marshallable") ++} ++ ++func (ds *DigestSHA3) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errors.New("cng: hash state is not marshallable") ++} ++ ++func (ds *DigestSHA3) UnmarshalBinary(data []byte) error { ++ return errors.New("cng: hash state is not marshallable") ++} ++ +// NewSHA3_256 returns a new SHA256 hash. +func NewSHA3_256() *DigestSHA3 { + return newDigestSHA3(bcrypt.SHA3_256_ALGORITHM) @@ -14020,6 +14088,18 @@ index 00000000000000..d7aa193e00e653 +func (s *SHAKE) BlockSize() int { + return int(s.blockSize) +} ++ ++func (s *SHAKE) MarshalBinary() ([]byte, error) { ++ return nil, errors.New("cng: hash state is not marshallable") ++} ++ ++func (s *SHAKE) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errors.New("cng: hash state is not marshallable") ++} ++ ++func (s *SHAKE) UnmarshalBinary(data []byte) error { ++ return errors.New("cng: hash state is not marshallable") ++} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go new file mode 100644 index 00000000000000..5a3fb01606ef95 @@ -15057,20 +15137,20 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 1c8de570cc2f1f..aac6c2a60b6b80 100644 +index 1c8de570cc2f1f..2013c56709b909 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,19 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20250107115006-eb155dada337 ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109125424-5d0e67f47146 ++# github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c +## explicit; go 1.22 +github.com/microsoft/go-crypto-darwin/bbig +github.com/microsoft/go-crypto-darwin/internal/cryptokit +github.com/microsoft/go-crypto-darwin/xcrypto -+# github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From ee2643c035efc4bf5912325a59e3a4267b06c6b9 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 16 Jan 2025 10:18:53 +0000 Subject: [PATCH 197/887] implement binary marshaller --- patches/0002-Vendor-crypto-backends.patch | 34 ++++-- patches/0004-Use-crypto-backends.patch | 137 ++++------------------ 2 files changed, 47 insertions(+), 124 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 37cdfc006f3..4fbc2631299 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -67,7 +67,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../go-crypto-darwin/xcrypto/ecdsa.go | 181 +++++ .../go-crypto-darwin/xcrypto/ed25519.go | 100 +++ .../microsoft/go-crypto-darwin/xcrypto/evp.go | 338 +++++++++ - .../go-crypto-darwin/xcrypto/hash.go | 391 ++++++++++ + .../go-crypto-darwin/xcrypto/hash.go | 403 ++++++++++ .../go-crypto-darwin/xcrypto/hkdf.go | 66 ++ .../go-crypto-darwin/xcrypto/hmac.go | 113 +++ .../go-crypto-darwin/xcrypto/pbkdf2.go | 65 ++ @@ -101,7 +101,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 16 + - 95 files changed, 13787 insertions(+), 3 deletions(-) + 95 files changed, 13799 insertions(+), 3 deletions(-) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -222,7 +222,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..18a071a7428728 100644 +index 7a1318dcac32ba..a59c5f120e7dfb 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -232,18 +232,18 @@ index 7a1318dcac32ba..18a071a7428728 100644 + +require ( + github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6 -+ github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c ++ github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67 + github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 +) diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..a2513aafc35631 100644 +index 9e661352f16e0b..b4273d691cbe36 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ +github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6 h1:FFp7Q2AwYX+IQhhQt3ljQDdWtG5ZbRu0u3ohWQdFow8= +github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c h1:cPW7Q78w6ubgnQTxOFz5YuFmrXzt+p2UA+gSk/KAuDM= -+github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= ++github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67 h1:SI0IFiHducwfamZR7pv6jb92oc5o/z5tn66wynS6ADE= ++github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= +github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 h1:97wOagHu7OExwU929NjuPIlUEUaFIQtffQMaVj0mR5E= +github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= @@ -9716,10 +9716,10 @@ index 00000000000000..fcdce4c49b6723 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go new file mode 100644 -index 00000000000000..2618e53134e915 +index 00000000000000..94442fde5def16 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-darwin/xcrypto/hash.go -@@ -0,0 +1,391 @@ +@@ -0,0 +1,403 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9936,6 +9936,18 @@ index 00000000000000..2618e53134e915 + return append(b, digest...) +} + ++func (h *evpHash) MarshalBinary() ([]byte, error) { ++ return nil, errors.New("xcrypto: hash state is not marshallable") ++} ++ ++func (h *evpHash) AppendBinary(b []byte) ([]byte, error) { ++ return nil, errors.New("xcrypto: hash state is not marshallable") ++} ++ ++func (h *evpHash) UnmarshalBinary(data []byte) error { ++ return errors.New("xcrypto: hash state is not marshallable") ++} ++ +// Clone returns a new evpHash object that is a deep clone of itself. +// The duplicate object contains all state and data contained in the +// original object at the point of duplication. @@ -15137,7 +15149,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 1c8de570cc2f1f..2013c56709b909 100644 +index 1c8de570cc2f1f..a249bbfa93dac3 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,19 @@ @@ -15145,7 +15157,7 @@ index 1c8de570cc2f1f..2013c56709b909 100644 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-darwin v0.0.2-0.20250109130249-2dee4e287e7c ++# github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67 +## explicit; go 1.22 +github.com/microsoft/go-crypto-darwin/bbig +github.com/microsoft/go-crypto-darwin/internal/cryptokit diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index f01156c5753..13348735e20 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -38,7 +38,7 @@ Subject: [PATCH] Use crypto backends src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- src/crypto/md5/md5.go | 10 + - src/crypto/md5/md5_test.go | 21 ++ + src/crypto/md5/md5_test.go | 16 ++ src/crypto/pbkdf2/pbkdf2.go | 4 + src/crypto/pbkdf2/pbkdf2_test.go | 2 +- src/crypto/purego_test.go | 2 +- @@ -55,11 +55,11 @@ Subject: [PATCH] Use crypto backends src/crypto/rsa/rsa.go | 4 +- src/crypto/rsa/rsa_test.go | 15 +- src/crypto/sha1/sha1.go | 8 +- - src/crypto/sha1/sha1_test.go | 19 +- + src/crypto/sha1/sha1_test.go | 9 +- src/crypto/sha256/sha256.go | 6 +- - src/crypto/sha256/sha256_test.go | 29 +++ + src/crypto/sha256/sha256_test.go | 16 ++ src/crypto/sha512/sha512.go | 2 +- - src/crypto/sha512/sha512_test.go | 29 +++ + src/crypto/sha512/sha512_test.go | 16 ++ src/crypto/tls/cipher_suites.go | 2 +- src/crypto/tls/fipsonly/fipsonly.go | 2 +- src/crypto/tls/fipsonly/fipsonly_test.go | 2 +- @@ -75,13 +75,13 @@ Subject: [PATCH] Use crypto backends src/go/build/deps_test.go | 5 +- src/hash/boring_test.go | 9 + src/hash/example_test.go | 2 + - src/hash/marshal_test.go | 9 + + src/hash/marshal_test.go | 4 + src/hash/notboring_test.go | 9 + src/net/lookup_test.go | 3 + src/net/smtp/smtp_test.go | 72 ++++--- src/os/exec/exec_test.go | 9 + src/runtime/pprof/vminfo_darwin_test.go | 6 + - 77 files changed, 1143 insertions(+), 109 deletions(-) + 77 files changed, 1097 insertions(+), 109 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -1166,7 +1166,7 @@ index a0384e175f31bd..f7aa6da36f02de 100644 d.Reset() d.Write(data) diff --git a/src/crypto/md5/md5_test.go b/src/crypto/md5/md5_test.go -index 437d9b9d4c0e0d..ee28c55f846e81 100644 +index 437d9b9d4c0e0d..50728df60ea7ec 100644 --- a/src/crypto/md5/md5_test.go +++ b/src/crypto/md5/md5_test.go @@ -6,12 +6,14 @@ package md5 @@ -1184,19 +1184,7 @@ index 437d9b9d4c0e0d..ee28c55f846e81 100644 "testing" "unsafe" ) -@@ -88,6 +90,11 @@ func TestGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - for _, g := range golden { - h := New() - h2 := New() -@@ -96,6 +103,9 @@ func TestGoldenMarshal(t *testing.T) { +@@ -96,6 +98,9 @@ func TestGoldenMarshal(t *testing.T) { state, err := h.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { @@ -1206,7 +1194,7 @@ index 437d9b9d4c0e0d..ee28c55f846e81 100644 t.Errorf("could not marshal: %v", err) continue } -@@ -157,6 +167,9 @@ func TestLarge(t *testing.T) { +@@ -157,6 +162,9 @@ func TestLarge(t *testing.T) { // Tests that blockGeneric (pure Go) and block (in assembly for amd64, 386, arm) match. func TestBlockGeneric(t *testing.T) { @@ -1216,7 +1204,7 @@ index 437d9b9d4c0e0d..ee28c55f846e81 100644 gen, asm := New().(*digest), New().(*digest) buf := make([]byte, BlockSize*20) // arbitrary factor rand.Read(buf) -@@ -204,10 +217,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -204,10 +212,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -1759,7 +1747,7 @@ index d2ffaac0aeb674..23d8ad44d0bd9a 100644 d.Reset() d.Write(data) diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go -index 9d707b7cde5c2d..8da08b3d860a85 100644 +index 9d707b7cde5c2d..8e1f92ea7304a8 100644 --- a/src/crypto/sha1/sha1_test.go +++ b/src/crypto/sha1/sha1_test.go @@ -8,13 +8,14 @@ package sha1 @@ -1778,19 +1766,7 @@ index 9d707b7cde5c2d..8da08b3d860a85 100644 "testing" ) -@@ -97,6 +98,11 @@ func TestGolden(t *testing.T) { - } - - func TestGoldenMarshal(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - h := New() - h2 := New() - for _, g := range golden { -@@ -107,6 +113,9 @@ func TestGoldenMarshal(t *testing.T) { +@@ -107,6 +108,9 @@ func TestGoldenMarshal(t *testing.T) { state, err := h.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { @@ -1800,16 +1776,7 @@ index 9d707b7cde5c2d..8da08b3d860a85 100644 t.Errorf("could not marshal: %v", err) continue } -@@ -210,10 +219,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { - } - - func TestLargeHashes(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := New().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - for i, test := range largeUnmarshalTests { +@@ -214,6 +218,9 @@ func TestLargeHashes(t *testing.T) { h := New() if err := h.(encoding.BinaryUnmarshaler).UnmarshalBinary([]byte(test.state)); err != nil { @@ -1851,7 +1818,7 @@ index 069938a22dbc5a..8d0e06b86f4359 100644 } h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index e1af9640e25547..c4f142c1430285 100644 +index e1af9640e25547..8896c6e85f4ada 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,11 +8,13 @@ package sha256 @@ -1868,19 +1835,7 @@ index e1af9640e25547..c4f142c1430285 100644 "testing" ) -@@ -155,6 +157,11 @@ func testGoldenMarshal(t *testing.T) { - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { -+ if boring.Enabled { -+ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - for _, g := range tt.gold { - h := tt.newHash() - h2 := tt.newHash() -@@ -163,6 +170,9 @@ func testGoldenMarshal(t *testing.T) { +@@ -163,6 +165,9 @@ func testGoldenMarshal(t *testing.T) { state, err := h.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { @@ -1890,18 +1845,8 @@ index e1af9640e25547..c4f142c1430285 100644 t.Errorf("could not marshal: %v", err) continue } -@@ -204,8 +214,19 @@ func TestMarshalTypeMismatch(t *testing.T) { - h1 := New() - h2 := New224() +@@ -206,6 +211,9 @@ func TestMarshalTypeMismatch(t *testing.T) { -+ if boring.Enabled { -+ _, ok1 := h1.(encoding.BinaryMarshaler) -+ _, ok2 := h2.(encoding.BinaryUnmarshaler) -+ if !ok1 || !ok2 { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } -+ state1, err := h1.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { + if strings.Contains(err.Error(), "hash state is not marshallable") { @@ -1910,7 +1855,7 @@ index e1af9640e25547..c4f142c1430285 100644 t.Errorf("could not marshal: %v", err) } -@@ -275,10 +296,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -275,10 +283,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -1943,7 +1888,7 @@ index 1435eac1f5b5dc..17e8501154762a 100644 "hash" ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index 1fe9d132bb186d..97b7da8c2d3d88 100644 +index 1fe9d132bb186d..0692be8461e964 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,12 +8,14 @@ package sha512 @@ -1961,19 +1906,7 @@ index 1fe9d132bb186d..97b7da8c2d3d88 100644 "testing" ) -@@ -744,6 +746,11 @@ func testGoldenMarshal(t *testing.T) { - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - for _, test := range tt.golden { -+ if boring.Enabled { -+ if _, ok := tt.newHash().(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - h := tt.newHash() - h2 := tt.newHash() - -@@ -751,6 +758,9 @@ func testGoldenMarshal(t *testing.T) { +@@ -751,6 +753,9 @@ func testGoldenMarshal(t *testing.T) { state, err := h.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { @@ -1983,18 +1916,8 @@ index 1fe9d132bb186d..97b7da8c2d3d88 100644 t.Errorf("could not marshal: %v", err) return } -@@ -805,8 +815,19 @@ func TestMarshalMismatch(t *testing.T) { - h1 := fn1() - h2 := fn2() - -+ if boring.Enabled { -+ _, ok1 := h1.(encoding.BinaryMarshaler) -+ _, ok2 := h2.(encoding.BinaryUnmarshaler) -+ if !ok1 || !ok2 { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } -+ +@@ -807,6 +812,9 @@ func TestMarshalMismatch(t *testing.T) { + state, err := h1.(encoding.BinaryMarshaler).MarshalBinary() if err != nil { + if strings.Contains(err.Error(), "hash state is not marshallable") { @@ -2003,7 +1926,7 @@ index 1fe9d132bb186d..97b7da8c2d3d88 100644 t.Errorf("i=%d: could not marshal: %v", i, err) continue } -@@ -880,10 +901,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -880,10 +888,18 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -2610,7 +2533,7 @@ index f07b9aaa2c4898..b380537215634d 100644 import ( diff --git a/src/hash/marshal_test.go b/src/hash/marshal_test.go -index 3091f7a67acede..23736034d5c352 100644 +index 3091f7a67acede..d952cf45797ac6 100644 --- a/src/hash/marshal_test.go +++ b/src/hash/marshal_test.go @@ -21,6 +21,7 @@ import ( @@ -2621,19 +2544,7 @@ index 3091f7a67acede..23736034d5c352 100644 "testing" ) -@@ -65,6 +66,11 @@ func TestMarshalHash(t *testing.T) { - } - - h := tt.new() -+ if boringEnabled { -+ if _, ok := h.(encoding.BinaryMarshaler); !ok { -+ t.Skip("BinaryMarshaler not implemented") -+ } -+ } - h.Write(buf[:256]) - sum := h.Sum(nil) - -@@ -80,6 +86,9 @@ func TestMarshalHash(t *testing.T) { +@@ -80,6 +81,9 @@ func TestMarshalHash(t *testing.T) { } enc, err := h2m.MarshalBinary() if err != nil { From dddedbf8e98847d29c2b480592e92449257e46f4 Mon Sep 17 00:00:00 2001 From: George Adams Date: Thu, 16 Jan 2025 16:59:23 +0000 Subject: [PATCH 198/887] Check that each patch file is buildable (#1495) * Check that each patch file is buildable * merge patch 5 and 3 * group outputs --- .github/workflows/patch-build.yml | 38 + .github/workflows/test.yml | 7 +- ...03-Implement-crypto-internal-backend.patch | 707 ++++++++++++++++- patches/0005-Add-backend-code-gen.patch | 744 ------------------ ...patch => 0005-Update-default-go.env.patch} | 0 ... 0006-Skip-failing-tests-on-Windows.patch} | 0 ...OFIPS-when-running-the-Go-toolchain.patch} | 0 ...pport-for-logging-used-Windows-APIs.patch} | 0 ... 0009-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 ...21-when-TLS-fipsonly-mode-is-enable.patch} | 0 11 files changed, 748 insertions(+), 748 deletions(-) create mode 100644 .github/workflows/patch-build.yml delete mode 100644 patches/0005-Add-backend-code-gen.patch rename patches/{0006-Update-default-go.env.patch => 0005-Update-default-go.env.patch} (100%) rename patches/{0007-Skip-failing-tests-on-Windows.patch => 0006-Skip-failing-tests-on-Windows.patch} (100%) rename patches/{0008-unset-GOFIPS-when-running-the-Go-toolchain.patch => 0007-unset-GOFIPS-when-running-the-Go-toolchain.patch} (100%) rename patches/{0009-add-support-for-logging-used-Windows-APIs.patch => 0008-add-support-for-logging-used-Windows-APIs.patch} (100%) rename patches/{0010-remove-long-path-support-hack.patch => 0009-remove-long-path-support-hack.patch} (100%) rename patches/{0011-Omit-internal-go.mod-files-used-for-codegen.patch => 0010-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) rename patches/{0012-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch => 0011-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch} (100%) diff --git a/.github/workflows/patch-build.yml b/.github/workflows/patch-build.yml new file mode 100644 index 00000000000..7d3db5e09e8 --- /dev/null +++ b/.github/workflows/patch-build.yml @@ -0,0 +1,38 @@ +# Copyright (c) Microsoft Corporation. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +# This job tests that each patch file is buildable (in numerical order) + +name: "Patch Build" + +on: + pull_request: + branches: [ microsoft/* ] + +jobs: + build_patches: + name: Patches Build in Order + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + with: + submodules: true + + - name: Set mock git config name/email + run: | + git config --global user.email "joe@blogs.com" + git config --global user.name "Joe Blogs" + + - name: Build patches + run: | + for file in $(ls -v patches/*.patch); do + echo "::group::Building $file" + cd go + git am --whitespace=nowarn ../$file + cd src + bash make.bash + cd ../../ + echo "::endgroup::" + done diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 922fae84320..b72cd125c4f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,12 +17,17 @@ on: pull_request: branches: [ microsoft/* ] +# Cancel existing runs if user makes another push. +concurrency: + group: "${{ github.ref }}" + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: check_patches: name: Patches Apply Cleanly runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - run: pwsh eng/run.ps1 submodule-refresh -shallow diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 5f7843d851e..1d0c32f60f6 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -6,6 +6,8 @@ Subject: [PATCH] Implement crypto/internal/backend --- .gitignore | 2 + src/crypto/internal/backend/backend_test.go | 30 ++ + src/crypto/internal/backend/backendgen.go | 20 + + .../internal/backend/backendgen_test.go | 284 ++++++++++++++ src/crypto/internal/backend/bbig/big.go | 17 + .../internal/backend/bbig/big_boring.go | 12 + src/crypto/internal/backend/bbig/big_cng.go | 12 + @@ -27,9 +29,26 @@ Subject: [PATCH] Implement crypto/internal/backend src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- + .../exp_allowcryptofallback_off.go | 9 + + .../exp_allowcryptofallback_on.go | 9 + + src/internal/goexperiment/flags.go | 8 + + .../backenderr_gen_conflict_boring_cng.go | 17 + + .../backenderr_gen_conflict_boring_darwin.go | 17 + + .../backenderr_gen_conflict_boring_openssl.go | 17 + + .../backenderr_gen_conflict_cng_darwin.go | 17 + + .../backenderr_gen_conflict_cng_openssl.go | 17 + + .../backenderr_gen_conflict_darwin_openssl.go | 17 + + .../backenderr_gen_nofallback_boring.go | 24 ++ + src/runtime/backenderr_gen_nofallback_cng.go | 24 ++ + .../backenderr_gen_nofallback_darwin.go | 24 ++ + .../backenderr_gen_nofallback_openssl.go | 24 ++ + ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 24 files changed, 1932 insertions(+), 1 deletion(-) + 41 files changed, 2493 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go + create mode 100644 src/crypto/internal/backend/backendgen.go + create mode 100644 src/crypto/internal/backend/backendgen_test.go create mode 100644 src/crypto/internal/backend/bbig/big.go create mode 100644 src/crypto/internal/backend/bbig/big_boring.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go @@ -50,6 +69,20 @@ Subject: [PATCH] Implement crypto/internal/backend create mode 100644 src/crypto/internal/backend/nobackend.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/crypto/internal/backend/stub.s + create mode 100644 src/internal/goexperiment/exp_allowcryptofallback_off.go + create mode 100644 src/internal/goexperiment/exp_allowcryptofallback_on.go + create mode 100644 src/runtime/backenderr_gen_conflict_boring_cng.go + create mode 100644 src/runtime/backenderr_gen_conflict_boring_darwin.go + create mode 100644 src/runtime/backenderr_gen_conflict_boring_openssl.go + create mode 100644 src/runtime/backenderr_gen_conflict_cng_darwin.go + create mode 100644 src/runtime/backenderr_gen_conflict_cng_openssl.go + create mode 100644 src/runtime/backenderr_gen_conflict_darwin_openssl.go + create mode 100644 src/runtime/backenderr_gen_nofallback_boring.go + create mode 100644 src/runtime/backenderr_gen_nofallback_cng.go + create mode 100644 src/runtime/backenderr_gen_nofallback_darwin.go + create mode 100644 src/runtime/backenderr_gen_nofallback_openssl.go + create mode 100644 src/runtime/backenderr_gen_requirefips_nosystemcrypto.go + create mode 100644 src/runtime/backenderr_gen_systemcrypto_nobackend.go diff --git a/.gitignore b/.gitignore index c6512e64a4ef39..b3b01db73b009d 100644 @@ -100,6 +133,322 @@ index 00000000000000..c2c06d3bff8c74 +func TestUnreachableExceptTests(t *testing.T) { + UnreachableExceptTests() +} +diff --git a/src/crypto/internal/backend/backendgen.go b/src/crypto/internal/backend/backendgen.go +new file mode 100644 +index 00000000000000..acf0113bbefb6c +--- /dev/null ++++ b/src/crypto/internal/backend/backendgen.go +@@ -0,0 +1,20 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package backend ++ ++// Generate files and Go code based on the set of backends: ++// ++// - The build constraint in nobackend.go. ++// - Go files in the runtime package that detect issues with backend selection ++// and report an error at compile time. ++// ++// Runs in -mod=readonly mode so that it is able to run during each crypto ++// backend patch. This is before the final vendoring refresh patch, so it would ++// normally fail to build due to inconsistent vendoring. ++ ++// Use "go generate -run TestGenerated crypto/internal/backend" ++// to run only this generator. ++ ++//go:generate go test -run TestGenerated -fix +diff --git a/src/crypto/internal/backend/backendgen_test.go b/src/crypto/internal/backend/backendgen_test.go +new file mode 100644 +index 00000000000000..1ba948c8f207e5 +--- /dev/null ++++ b/src/crypto/internal/backend/backendgen_test.go +@@ -0,0 +1,284 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++package backend ++ ++import ( ++ "bytes" ++ "flag" ++ "go/build/constraint" ++ "go/parser" ++ "go/token" ++ "os" ++ "path/filepath" ++ "sort" ++ "strings" ++ "testing" ++) ++ ++var fix = flag.Bool("fix", false, "if true, update the generated files to the wanted value") ++ ++const runtimePackageDir = "../../../runtime" ++ ++// backendErrPrefix is the prefix of the generated backend error files. Any file ++// in the runtime package with this prefix will be considered a backend error ++// file, so it's important that this prefix is unique or this generator may ++// delete unexpected files. ++const backendErrPrefix = "backenderr_gen_" ++ ++const generateInstruction = "run 'go generate crypto/internal/backend' to fix" ++ ++// TestGeneratedBackendErrorFiles tests that the current nobackend constraint ++// is correct. ++// ++// Generate the build constraint in nobackend.go. This build constraint enables ++// nobackend when all of the backends are not enabled. This constraint is fairly ++// long and would not be trivial to maintain manually. ++func TestGeneratedNobackendConstraint(t *testing.T) { ++ backends := parseBackends(t) ++ // none is a constraint that is met when all crypto backend constraints are ++ // unmet. (That is: no backend constraint is met.) ++ var none constraint.Expr ++ for _, b := range backends { ++ notB := &constraint.NotExpr{X: b.constraint} ++ if none == nil { ++ none = notB ++ } else { ++ none = &constraint.AndExpr{ ++ X: none, ++ Y: notB, ++ } ++ } ++ } ++ bytes, err := os.ReadFile("nobackend.go") ++ if err != nil { ++ t.Fatal(err) ++ } ++ lines := strings.Split(string(bytes), "\n") ++ ++ var gotIndex int ++ var gotLine string ++ for i, line := range lines { ++ if strings.HasPrefix(line, "//go:build ") { ++ gotIndex, gotLine = i, line ++ break ++ } ++ } ++ _ = gotIndex ++ ++ var wantLine string ++ if none == nil { ++ // If there are no backends yet, use a trivially true constraint. ++ // We could remove the constraint line, but this would make generation ++ // more complicated. ++ wantLine = "//go:build go1.1" ++ } else { ++ wantLine = "//go:build " + none.String() ++ } ++ if wantLine != gotLine { ++ if *fix { ++ lines[gotIndex] = wantLine ++ want := strings.Join(lines, "\n") ++ if err := os.WriteFile("nobackend.go", []byte(want), 0o666); err != nil { ++ t.Fatal(err) ++ } ++ } else { ++ t.Errorf("nobackend.go build constraint:\ngot %q\nwant %q\n%v", gotLine, wantLine, generateInstruction) ++ } ++ } ++} ++ ++// TestGeneratedBackendErrorFiles tests that the current backend error files are ++// the same as what would generated under the current conditions. ++// ++// The error files are Go files that detect issues with the backend selection ++// and report an error at compile time. ++// ++// The issue detection files are placed in the runtime package rather than the ++// crypto/internal/backend package to make sure these helpful errors will show ++// up. If the files were in the backend package, DuplicateDecl and other errors ++// would show up first, causing these informative errors to be skipped because ++// there are too many total errors already reported. The errors would also show ++// up if we put the files in the crypto package rather than the runtime package. ++// (Crypto is imported before the backend backage, so the errors would show up.) ++// However, then these errors would show up only if the Go program is using ++// crypto. This could cause a confusing situation: if the user has a ++// misconfigured backend and doesn't use crypto in their Go app, they will not ++// get any errors. If they start using crypto later, they would only then get an ++// error, but the cause would be much less apparent. ++func TestGeneratedBackendErrorFiles(t *testing.T) { ++ // Chip away at a list of files that should come from this generator. ++ // Any remaining are unexpected. ++ existingFiles := make(map[string]struct{}) ++ entries, err := os.ReadDir(runtimePackageDir) ++ if err != nil { ++ t.Fatal(err) ++ } ++ for _, e := range entries { ++ if strings.HasPrefix(e.Name(), backendErrPrefix) && strings.HasSuffix(e.Name(), ".go") { ++ existingFiles[filepath.Join(runtimePackageDir, e.Name())] = struct{}{} ++ } ++ } ++ ++ backends := parseBackends(t) ++ for i := 0; i < len(backends); i++ { ++ for j := i + 1; j < len(backends); j++ { ++ f := testConflict(t, backends[i].name, backends[j].name) ++ delete(existingFiles, f) ++ } ++ f := testPreventUnintendedFallback(t, backends[i]) ++ delete(existingFiles, f) ++ } ++ f := testUnsatisfied(t, backends) ++ delete(existingFiles, f) ++ f = testRequireFIPSWithoutBackend(t) ++ delete(existingFiles, f) ++ ++ for f := range existingFiles { ++ if *fix { ++ if err := os.Remove(f); err != nil { ++ t.Fatal(err) ++ } ++ } else { ++ t.Errorf("unexpected file: %q", f) ++ } ++ } ++ if !*fix && len(existingFiles) > 0 { ++ t.Log(generateInstruction) ++ } ++} ++ ++// testConflict checks/generates a file that fails if two backends are enabled ++// at the same time. ++func testConflict(t *testing.T, a, b string) string { ++ return testErrorFile( ++ t, ++ filepath.Join(runtimePackageDir, backendErrPrefix+"conflict_"+a+"_"+b+".go"), ++ "//go:build goexperiment."+a+"crypto && goexperiment."+b+"crypto", ++ "The "+a+" and "+b+" backends are both enabled, but they are mutually exclusive.", ++ "Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'.") ++} ++ ++func testPreventUnintendedFallback(t *testing.T, backend *backend) string { ++ expTag := &constraint.TagExpr{Tag: "goexperiment." + backend.name + "crypto"} ++ optOutTag := &constraint.TagExpr{Tag: "goexperiment.allowcryptofallback"} ++ c := constraint.AndExpr{ ++ X: &constraint.AndExpr{ ++ X: expTag, ++ Y: &constraint.NotExpr{X: backend.constraint}, ++ }, ++ Y: &constraint.NotExpr{X: optOutTag}, ++ } ++ return testErrorFile( ++ t, ++ filepath.Join(runtimePackageDir, backendErrPrefix+"nofallback_"+backend.name+".go"), ++ "//go:build "+c.String(), ++ "The "+expTag.String()+" tag is specified, but other tags required to enable that backend were not met.", ++ "Required build tags:", ++ " "+backend.constraint.String(), ++ "Please check your build environment and build command for a reason one or more of these tags weren't specified.", ++ "", ++ "If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto.", ++ "As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback.", ++ "Removing "+backend.name+"crypto will restore pre-1.21 behavior by intentionally using Go standard library crypto.", ++ "") ++} ++ ++// testUnsatisfied checks/generates a file that fails if systemcrypto is enabled ++// on an OS with no suitable backend. ++func testUnsatisfied(t *testing.T, backends []*backend) string { ++ constraint := "//go:build goexperiment.systemcrypto" ++ for _, b := range backends { ++ constraint += ` && !goexperiment.` + b.name + "crypto" ++ } ++ return testErrorFile( ++ t, ++ filepath.Join(runtimePackageDir, backendErrPrefix+"systemcrypto_nobackend.go"), ++ constraint, ++ "The systemcrypto feature is enabled, but it was unable to enable an appropriate crypto backend for the target GOOS.") ++} ++ ++func testRequireFIPSWithoutBackend(t *testing.T) string { ++ return testErrorFile( ++ t, ++ filepath.Join(runtimePackageDir, backendErrPrefix+"requirefips_nosystemcrypto.go"), ++ "//go:build requirefips && !goexperiment.systemcrypto", ++ "The requirefips tag is enabled, but no crypto backend is enabled.", ++ "A crypto backend is required to enable FIPS mode.") ++} ++ ++// testErrorFile checks/generates a Go file with a given build constraint that ++// fails to compile. The file uses an unused string to convey an error message ++// to the dev on the "go build" command line. ++func testErrorFile(t *testing.T, file, constraint string, message ...string) string { ++ const header = `// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "` + backendErrPrefix + `".` ++ c := header + "\n\n" + constraint + "\n\npackage runtime\n\nfunc init() {\n\t`\n" ++ for _, m := range message { ++ c += "\t" + m + "\n" ++ } ++ c += "\tFor more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips\n" ++ c += "\t`" + "\n}\n" ++ if *fix { ++ if err := os.WriteFile(file, []byte(c), 0o666); err != nil { ++ t.Fatal(err) ++ } ++ } else { ++ existing, err := os.ReadFile(file) ++ if err != nil { ++ t.Fatal(err) ++ } ++ if !bytes.Equal(existing, []byte(c)) { ++ t.Errorf("file %v doesn't match expected value; %v", file, generateInstruction) ++ t.Log("found:", string(existing)) ++ t.Log("would generate:", c) ++ } ++ } ++ return file ++} ++ ++type backend struct { ++ filename string ++ name string ++ constraint constraint.Expr ++} ++ ++func parseBackends(t *testing.T) []*backend { ++ fs := token.NewFileSet() ++ pkgs, err := parser.ParseDir(fs, ".", nil, parser.ParseComments) ++ if err != nil { ++ t.Fatal(err) ++ } ++ var bs []*backend ++ // Any file in this dir that defines "Enabled" is a backend. ++ for k, v := range pkgs["backend"].Files { ++ if en := v.Scope.Lookup("Enabled"); en != nil { ++ // nobackend defines Enabled, but it is specifically not a backend. ++ if k == "nobackend.go" { ++ continue ++ } ++ b := backend{filename: k} ++ b.name, _, _ = strings.Cut(strings.TrimSuffix(k, ".go"), "_") ++ for _, comment := range v.Comments { ++ for _, c := range comment.List { ++ if strings.HasPrefix(c.Text, "//go:build ") { ++ if c, err := constraint.Parse(c.Text); err == nil { ++ b.constraint = c ++ } else { ++ t.Fatal(err) ++ } ++ } ++ } ++ } ++ bs = append(bs, &b) ++ } ++ } ++ sort.Slice(bs, func(i, j int) bool { ++ return bs[i].name < bs[j].name ++ }) ++ return bs ++} diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go new file mode 100644 index 00000000000000..ab3f30825dcfa1 @@ -1484,7 +1833,7 @@ index 00000000000000..118efa3a492a7d +} diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 00000000000000..eca1ceab2a04b9 +index 00000000000000..7c3a95c2c64a2d --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go @@ -0,0 +1,240 @@ @@ -1494,7 +1843,7 @@ index 00000000000000..eca1ceab2a04b9 + +// Do not edit the build constraint by hand. It is generated by "backendgen.go". + -+//go:build ignore ++//go:build !(goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan) && !(goexperiment.cngcrypto && windows) && !(goexperiment.darwincrypto && darwin && cgo) && !(goexperiment.opensslcrypto && linux && cgo) + +package backend + @@ -2151,6 +2500,358 @@ index e017efb1562379..ab5539f978a266 100644 < crypto/rand < crypto/ed25519 # depends on crypto/rand.Reader < encoding/asn1 +diff --git a/src/internal/goexperiment/exp_allowcryptofallback_off.go b/src/internal/goexperiment/exp_allowcryptofallback_off.go +new file mode 100644 +index 00000000000000..dfce36d834c46e +--- /dev/null ++++ b/src/internal/goexperiment/exp_allowcryptofallback_off.go +@@ -0,0 +1,9 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build !goexperiment.allowcryptofallback ++// +build !goexperiment.allowcryptofallback ++ ++package goexperiment ++ ++const AllowCryptoFallback = false ++const AllowCryptoFallbackInt = 0 +diff --git a/src/internal/goexperiment/exp_allowcryptofallback_on.go b/src/internal/goexperiment/exp_allowcryptofallback_on.go +new file mode 100644 +index 00000000000000..8d0c3fde9ab5e8 +--- /dev/null ++++ b/src/internal/goexperiment/exp_allowcryptofallback_on.go +@@ -0,0 +1,9 @@ ++// Code generated by mkconsts.go. DO NOT EDIT. ++ ++//go:build goexperiment.allowcryptofallback ++// +build goexperiment.allowcryptofallback ++ ++package goexperiment ++ ++const AllowCryptoFallback = true ++const AllowCryptoFallbackInt = 1 +diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go +index e6c9b7d5e62dc0..65d339be7dde32 100644 +--- a/src/internal/goexperiment/flags.go ++++ b/src/internal/goexperiment/flags.go +@@ -78,6 +78,14 @@ type Flags struct { + // being used to build the Go program. + SystemCrypto bool + ++ // AllowCryptoFallback allows the use of pure Go crypto if a crypto backend ++ // experiment is enabled but the backend's requirements are not met. This is ++ // used during the Go build itself to allow running the test suite with a ++ // backend experiment enabled. Some parts of the Go build (bootstrapping) ++ // and parts of the test suite run without cgo, so ++ // GOEXPERIMENT=opensslcrypto,allowcryptofallback must be used to succeed. ++ AllowCryptoFallback bool ++ + // Regabi is split into several sub-experiments that can be + // enabled individually. Not all combinations work. + // The "regabi" GOEXPERIMENT is an alias for all "working" +diff --git a/src/runtime/backenderr_gen_conflict_boring_cng.go b/src/runtime/backenderr_gen_conflict_boring_cng.go +new file mode 100644 +index 00000000000000..361db2a962d60f +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_boring_cng.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.boringcrypto && goexperiment.cngcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The boring and cng backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_conflict_boring_darwin.go b/src/runtime/backenderr_gen_conflict_boring_darwin.go +new file mode 100644 +index 00000000000000..6c48a4e50fa72e +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_boring_darwin.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.boringcrypto && goexperiment.darwincrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The boring and darwin backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_conflict_boring_openssl.go b/src/runtime/backenderr_gen_conflict_boring_openssl.go +new file mode 100644 +index 00000000000000..91fac35011b24c +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_boring_openssl.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.boringcrypto && goexperiment.opensslcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The boring and openssl backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_conflict_cng_darwin.go b/src/runtime/backenderr_gen_conflict_cng_darwin.go +new file mode 100644 +index 00000000000000..2e82a5cff034b7 +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_cng_darwin.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.cngcrypto && goexperiment.darwincrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The cng and darwin backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_conflict_cng_openssl.go b/src/runtime/backenderr_gen_conflict_cng_openssl.go +new file mode 100644 +index 00000000000000..bf44084570bbbc +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_cng_openssl.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.cngcrypto && goexperiment.opensslcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The cng and openssl backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_conflict_darwin_openssl.go b/src/runtime/backenderr_gen_conflict_darwin_openssl.go +new file mode 100644 +index 00000000000000..90f4361e28cd94 +--- /dev/null ++++ b/src/runtime/backenderr_gen_conflict_darwin_openssl.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.darwincrypto && goexperiment.opensslcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The darwin and openssl backends are both enabled, but they are mutually exclusive. ++ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_nofallback_boring.go b/src/runtime/backenderr_gen_nofallback_boring.go +new file mode 100644 +index 00000000000000..6db0ed6dc09639 +--- /dev/null ++++ b/src/runtime/backenderr_gen_nofallback_boring.go +@@ -0,0 +1,24 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.boringcrypto && !(goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan) && !goexperiment.allowcryptofallback ++ ++package runtime ++ ++func init() { ++ ` ++ The goexperiment.boringcrypto tag is specified, but other tags required to enable that backend were not met. ++ Required build tags: ++ goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan ++ Please check your build environment and build command for a reason one or more of these tags weren't specified. ++ ++ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. ++ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. ++ Removing boringcrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. ++ ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_nofallback_cng.go b/src/runtime/backenderr_gen_nofallback_cng.go +new file mode 100644 +index 00000000000000..ae7f798ea41225 +--- /dev/null ++++ b/src/runtime/backenderr_gen_nofallback_cng.go +@@ -0,0 +1,24 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.cngcrypto && !(goexperiment.cngcrypto && windows) && !goexperiment.allowcryptofallback ++ ++package runtime ++ ++func init() { ++ ` ++ The goexperiment.cngcrypto tag is specified, but other tags required to enable that backend were not met. ++ Required build tags: ++ goexperiment.cngcrypto && windows ++ Please check your build environment and build command for a reason one or more of these tags weren't specified. ++ ++ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. ++ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. ++ Removing cngcrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. ++ ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_nofallback_darwin.go b/src/runtime/backenderr_gen_nofallback_darwin.go +new file mode 100644 +index 00000000000000..8a32f2cb25bda2 +--- /dev/null ++++ b/src/runtime/backenderr_gen_nofallback_darwin.go +@@ -0,0 +1,24 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.darwincrypto && !(goexperiment.darwincrypto && darwin && cgo) && !goexperiment.allowcryptofallback ++ ++package runtime ++ ++func init() { ++ ` ++ The goexperiment.darwincrypto tag is specified, but other tags required to enable that backend were not met. ++ Required build tags: ++ goexperiment.darwincrypto && darwin && cgo ++ Please check your build environment and build command for a reason one or more of these tags weren't specified. ++ ++ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. ++ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. ++ Removing darwincrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. ++ ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_nofallback_openssl.go b/src/runtime/backenderr_gen_nofallback_openssl.go +new file mode 100644 +index 00000000000000..7e1679dfc37a23 +--- /dev/null ++++ b/src/runtime/backenderr_gen_nofallback_openssl.go +@@ -0,0 +1,24 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.opensslcrypto && !(goexperiment.opensslcrypto && linux && cgo) && !goexperiment.allowcryptofallback ++ ++package runtime ++ ++func init() { ++ ` ++ The goexperiment.opensslcrypto tag is specified, but other tags required to enable that backend were not met. ++ Required build tags: ++ goexperiment.opensslcrypto && linux && cgo ++ Please check your build environment and build command for a reason one or more of these tags weren't specified. ++ ++ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. ++ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. ++ Removing opensslcrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. ++ ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_requirefips_nosystemcrypto.go b/src/runtime/backenderr_gen_requirefips_nosystemcrypto.go +new file mode 100644 +index 00000000000000..1c015dd2b08972 +--- /dev/null ++++ b/src/runtime/backenderr_gen_requirefips_nosystemcrypto.go +@@ -0,0 +1,17 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build requirefips && !goexperiment.systemcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The requirefips tag is enabled, but no crypto backend is enabled. ++ A crypto backend is required to enable FIPS mode. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} +diff --git a/src/runtime/backenderr_gen_systemcrypto_nobackend.go b/src/runtime/backenderr_gen_systemcrypto_nobackend.go +new file mode 100644 +index 00000000000000..95be7ad8d38cae +--- /dev/null ++++ b/src/runtime/backenderr_gen_systemcrypto_nobackend.go +@@ -0,0 +1,16 @@ ++// Copyright 2023 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". ++ ++//go:build goexperiment.systemcrypto && !goexperiment.boringcrypto && !goexperiment.cngcrypto && !goexperiment.darwincrypto && !goexperiment.opensslcrypto ++ ++package runtime ++ ++func init() { ++ ` ++ The systemcrypto feature is enabled, but it was unable to enable an appropriate crypto backend for the target GOOS. ++ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips ++ ` ++} diff --git a/src/runtime/runtime_boring.go b/src/runtime/runtime_boring.go index 5a98b20253181c..9042f2c2795e19 100644 --- a/src/runtime/runtime_boring.go diff --git a/patches/0005-Add-backend-code-gen.patch b/patches/0005-Add-backend-code-gen.patch deleted file mode 100644 index 966a918bcbb..00000000000 --- a/patches/0005-Add-backend-code-gen.patch +++ /dev/null @@ -1,744 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: Davis Goodin -Date: Fri, 23 Jun 2023 11:58:31 -0500 -Subject: [PATCH] Add backend code gen - -Adds code generation that works with the final list of crypto backends -to add extra features and tie up loose ends in an easily maintained way. - -Backend conflict error generator: creates files that generate -informative build errors when the backends aren't configured correctly. - -"nobackend" build constraint generator: gathers the build constraints -for all the backends to create the "nobackend" constraint. - -The generators also run during standard test runs in validation mode to -ensure the generated content is not out of date when backends are -added/removed or when their build constraints change. - -To simplify patch maintenance, the generators are only run once, in this -patch. An alternative would be adding the generators in an earlier patch -and re-running the generators immediately for each backend patch. This -would make the direct connection between changes clearer, but make it -harder to update the generators and to deal with conflicts. - -Use "go/bin/go generate crypto/internal/backend" after recently building -the repository to run the generators. ---- - src/crypto/internal/backend/backendgen.go | 20 ++ - .../internal/backend/backendgen_test.go | 284 ++++++++++++++++++ - src/crypto/internal/backend/nobackend.go | 2 +- - .../exp_allowcryptofallback_off.go | 9 + - .../exp_allowcryptofallback_on.go | 9 + - src/internal/goexperiment/flags.go | 8 + - .../backenderr_gen_conflict_boring_cng.go | 17 ++ - .../backenderr_gen_conflict_boring_darwin.go | 17 ++ - .../backenderr_gen_conflict_boring_openssl.go | 17 ++ - .../backenderr_gen_conflict_cng_darwin.go | 17 ++ - .../backenderr_gen_conflict_cng_openssl.go | 17 ++ - .../backenderr_gen_conflict_darwin_openssl.go | 17 ++ - .../backenderr_gen_nofallback_boring.go | 24 ++ - src/runtime/backenderr_gen_nofallback_cng.go | 24 ++ - .../backenderr_gen_nofallback_darwin.go | 24 ++ - .../backenderr_gen_nofallback_openssl.go | 24 ++ - ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 ++ - .../backenderr_gen_systemcrypto_nobackend.go | 16 + - 18 files changed, 562 insertions(+), 1 deletion(-) - create mode 100644 src/crypto/internal/backend/backendgen.go - create mode 100644 src/crypto/internal/backend/backendgen_test.go - create mode 100644 src/internal/goexperiment/exp_allowcryptofallback_off.go - create mode 100644 src/internal/goexperiment/exp_allowcryptofallback_on.go - create mode 100644 src/runtime/backenderr_gen_conflict_boring_cng.go - create mode 100644 src/runtime/backenderr_gen_conflict_boring_darwin.go - create mode 100644 src/runtime/backenderr_gen_conflict_boring_openssl.go - create mode 100644 src/runtime/backenderr_gen_conflict_cng_darwin.go - create mode 100644 src/runtime/backenderr_gen_conflict_cng_openssl.go - create mode 100644 src/runtime/backenderr_gen_conflict_darwin_openssl.go - create mode 100644 src/runtime/backenderr_gen_nofallback_boring.go - create mode 100644 src/runtime/backenderr_gen_nofallback_cng.go - create mode 100644 src/runtime/backenderr_gen_nofallback_darwin.go - create mode 100644 src/runtime/backenderr_gen_nofallback_openssl.go - create mode 100644 src/runtime/backenderr_gen_requirefips_nosystemcrypto.go - create mode 100644 src/runtime/backenderr_gen_systemcrypto_nobackend.go - -diff --git a/src/crypto/internal/backend/backendgen.go b/src/crypto/internal/backend/backendgen.go -new file mode 100644 -index 00000000000000..acf0113bbefb6c ---- /dev/null -+++ b/src/crypto/internal/backend/backendgen.go -@@ -0,0 +1,20 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package backend -+ -+// Generate files and Go code based on the set of backends: -+// -+// - The build constraint in nobackend.go. -+// - Go files in the runtime package that detect issues with backend selection -+// and report an error at compile time. -+// -+// Runs in -mod=readonly mode so that it is able to run during each crypto -+// backend patch. This is before the final vendoring refresh patch, so it would -+// normally fail to build due to inconsistent vendoring. -+ -+// Use "go generate -run TestGenerated crypto/internal/backend" -+// to run only this generator. -+ -+//go:generate go test -run TestGenerated -fix -diff --git a/src/crypto/internal/backend/backendgen_test.go b/src/crypto/internal/backend/backendgen_test.go -new file mode 100644 -index 00000000000000..1ba948c8f207e5 ---- /dev/null -+++ b/src/crypto/internal/backend/backendgen_test.go -@@ -0,0 +1,284 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+package backend -+ -+import ( -+ "bytes" -+ "flag" -+ "go/build/constraint" -+ "go/parser" -+ "go/token" -+ "os" -+ "path/filepath" -+ "sort" -+ "strings" -+ "testing" -+) -+ -+var fix = flag.Bool("fix", false, "if true, update the generated files to the wanted value") -+ -+const runtimePackageDir = "../../../runtime" -+ -+// backendErrPrefix is the prefix of the generated backend error files. Any file -+// in the runtime package with this prefix will be considered a backend error -+// file, so it's important that this prefix is unique or this generator may -+// delete unexpected files. -+const backendErrPrefix = "backenderr_gen_" -+ -+const generateInstruction = "run 'go generate crypto/internal/backend' to fix" -+ -+// TestGeneratedBackendErrorFiles tests that the current nobackend constraint -+// is correct. -+// -+// Generate the build constraint in nobackend.go. This build constraint enables -+// nobackend when all of the backends are not enabled. This constraint is fairly -+// long and would not be trivial to maintain manually. -+func TestGeneratedNobackendConstraint(t *testing.T) { -+ backends := parseBackends(t) -+ // none is a constraint that is met when all crypto backend constraints are -+ // unmet. (That is: no backend constraint is met.) -+ var none constraint.Expr -+ for _, b := range backends { -+ notB := &constraint.NotExpr{X: b.constraint} -+ if none == nil { -+ none = notB -+ } else { -+ none = &constraint.AndExpr{ -+ X: none, -+ Y: notB, -+ } -+ } -+ } -+ bytes, err := os.ReadFile("nobackend.go") -+ if err != nil { -+ t.Fatal(err) -+ } -+ lines := strings.Split(string(bytes), "\n") -+ -+ var gotIndex int -+ var gotLine string -+ for i, line := range lines { -+ if strings.HasPrefix(line, "//go:build ") { -+ gotIndex, gotLine = i, line -+ break -+ } -+ } -+ _ = gotIndex -+ -+ var wantLine string -+ if none == nil { -+ // If there are no backends yet, use a trivially true constraint. -+ // We could remove the constraint line, but this would make generation -+ // more complicated. -+ wantLine = "//go:build go1.1" -+ } else { -+ wantLine = "//go:build " + none.String() -+ } -+ if wantLine != gotLine { -+ if *fix { -+ lines[gotIndex] = wantLine -+ want := strings.Join(lines, "\n") -+ if err := os.WriteFile("nobackend.go", []byte(want), 0o666); err != nil { -+ t.Fatal(err) -+ } -+ } else { -+ t.Errorf("nobackend.go build constraint:\ngot %q\nwant %q\n%v", gotLine, wantLine, generateInstruction) -+ } -+ } -+} -+ -+// TestGeneratedBackendErrorFiles tests that the current backend error files are -+// the same as what would generated under the current conditions. -+// -+// The error files are Go files that detect issues with the backend selection -+// and report an error at compile time. -+// -+// The issue detection files are placed in the runtime package rather than the -+// crypto/internal/backend package to make sure these helpful errors will show -+// up. If the files were in the backend package, DuplicateDecl and other errors -+// would show up first, causing these informative errors to be skipped because -+// there are too many total errors already reported. The errors would also show -+// up if we put the files in the crypto package rather than the runtime package. -+// (Crypto is imported before the backend backage, so the errors would show up.) -+// However, then these errors would show up only if the Go program is using -+// crypto. This could cause a confusing situation: if the user has a -+// misconfigured backend and doesn't use crypto in their Go app, they will not -+// get any errors. If they start using crypto later, they would only then get an -+// error, but the cause would be much less apparent. -+func TestGeneratedBackendErrorFiles(t *testing.T) { -+ // Chip away at a list of files that should come from this generator. -+ // Any remaining are unexpected. -+ existingFiles := make(map[string]struct{}) -+ entries, err := os.ReadDir(runtimePackageDir) -+ if err != nil { -+ t.Fatal(err) -+ } -+ for _, e := range entries { -+ if strings.HasPrefix(e.Name(), backendErrPrefix) && strings.HasSuffix(e.Name(), ".go") { -+ existingFiles[filepath.Join(runtimePackageDir, e.Name())] = struct{}{} -+ } -+ } -+ -+ backends := parseBackends(t) -+ for i := 0; i < len(backends); i++ { -+ for j := i + 1; j < len(backends); j++ { -+ f := testConflict(t, backends[i].name, backends[j].name) -+ delete(existingFiles, f) -+ } -+ f := testPreventUnintendedFallback(t, backends[i]) -+ delete(existingFiles, f) -+ } -+ f := testUnsatisfied(t, backends) -+ delete(existingFiles, f) -+ f = testRequireFIPSWithoutBackend(t) -+ delete(existingFiles, f) -+ -+ for f := range existingFiles { -+ if *fix { -+ if err := os.Remove(f); err != nil { -+ t.Fatal(err) -+ } -+ } else { -+ t.Errorf("unexpected file: %q", f) -+ } -+ } -+ if !*fix && len(existingFiles) > 0 { -+ t.Log(generateInstruction) -+ } -+} -+ -+// testConflict checks/generates a file that fails if two backends are enabled -+// at the same time. -+func testConflict(t *testing.T, a, b string) string { -+ return testErrorFile( -+ t, -+ filepath.Join(runtimePackageDir, backendErrPrefix+"conflict_"+a+"_"+b+".go"), -+ "//go:build goexperiment."+a+"crypto && goexperiment."+b+"crypto", -+ "The "+a+" and "+b+" backends are both enabled, but they are mutually exclusive.", -+ "Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'.") -+} -+ -+func testPreventUnintendedFallback(t *testing.T, backend *backend) string { -+ expTag := &constraint.TagExpr{Tag: "goexperiment." + backend.name + "crypto"} -+ optOutTag := &constraint.TagExpr{Tag: "goexperiment.allowcryptofallback"} -+ c := constraint.AndExpr{ -+ X: &constraint.AndExpr{ -+ X: expTag, -+ Y: &constraint.NotExpr{X: backend.constraint}, -+ }, -+ Y: &constraint.NotExpr{X: optOutTag}, -+ } -+ return testErrorFile( -+ t, -+ filepath.Join(runtimePackageDir, backendErrPrefix+"nofallback_"+backend.name+".go"), -+ "//go:build "+c.String(), -+ "The "+expTag.String()+" tag is specified, but other tags required to enable that backend were not met.", -+ "Required build tags:", -+ " "+backend.constraint.String(), -+ "Please check your build environment and build command for a reason one or more of these tags weren't specified.", -+ "", -+ "If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto.", -+ "As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback.", -+ "Removing "+backend.name+"crypto will restore pre-1.21 behavior by intentionally using Go standard library crypto.", -+ "") -+} -+ -+// testUnsatisfied checks/generates a file that fails if systemcrypto is enabled -+// on an OS with no suitable backend. -+func testUnsatisfied(t *testing.T, backends []*backend) string { -+ constraint := "//go:build goexperiment.systemcrypto" -+ for _, b := range backends { -+ constraint += ` && !goexperiment.` + b.name + "crypto" -+ } -+ return testErrorFile( -+ t, -+ filepath.Join(runtimePackageDir, backendErrPrefix+"systemcrypto_nobackend.go"), -+ constraint, -+ "The systemcrypto feature is enabled, but it was unable to enable an appropriate crypto backend for the target GOOS.") -+} -+ -+func testRequireFIPSWithoutBackend(t *testing.T) string { -+ return testErrorFile( -+ t, -+ filepath.Join(runtimePackageDir, backendErrPrefix+"requirefips_nosystemcrypto.go"), -+ "//go:build requirefips && !goexperiment.systemcrypto", -+ "The requirefips tag is enabled, but no crypto backend is enabled.", -+ "A crypto backend is required to enable FIPS mode.") -+} -+ -+// testErrorFile checks/generates a Go file with a given build constraint that -+// fails to compile. The file uses an unused string to convey an error message -+// to the dev on the "go build" command line. -+func testErrorFile(t *testing.T, file, constraint string, message ...string) string { -+ const header = `// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "` + backendErrPrefix + `".` -+ c := header + "\n\n" + constraint + "\n\npackage runtime\n\nfunc init() {\n\t`\n" -+ for _, m := range message { -+ c += "\t" + m + "\n" -+ } -+ c += "\tFor more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips\n" -+ c += "\t`" + "\n}\n" -+ if *fix { -+ if err := os.WriteFile(file, []byte(c), 0o666); err != nil { -+ t.Fatal(err) -+ } -+ } else { -+ existing, err := os.ReadFile(file) -+ if err != nil { -+ t.Fatal(err) -+ } -+ if !bytes.Equal(existing, []byte(c)) { -+ t.Errorf("file %v doesn't match expected value; %v", file, generateInstruction) -+ t.Log("found:", string(existing)) -+ t.Log("would generate:", c) -+ } -+ } -+ return file -+} -+ -+type backend struct { -+ filename string -+ name string -+ constraint constraint.Expr -+} -+ -+func parseBackends(t *testing.T) []*backend { -+ fs := token.NewFileSet() -+ pkgs, err := parser.ParseDir(fs, ".", nil, parser.ParseComments) -+ if err != nil { -+ t.Fatal(err) -+ } -+ var bs []*backend -+ // Any file in this dir that defines "Enabled" is a backend. -+ for k, v := range pkgs["backend"].Files { -+ if en := v.Scope.Lookup("Enabled"); en != nil { -+ // nobackend defines Enabled, but it is specifically not a backend. -+ if k == "nobackend.go" { -+ continue -+ } -+ b := backend{filename: k} -+ b.name, _, _ = strings.Cut(strings.TrimSuffix(k, ".go"), "_") -+ for _, comment := range v.Comments { -+ for _, c := range comment.List { -+ if strings.HasPrefix(c.Text, "//go:build ") { -+ if c, err := constraint.Parse(c.Text); err == nil { -+ b.constraint = c -+ } else { -+ t.Fatal(err) -+ } -+ } -+ } -+ } -+ bs = append(bs, &b) -+ } -+ } -+ sort.Slice(bs, func(i, j int) bool { -+ return bs[i].name < bs[j].name -+ }) -+ return bs -+} -diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go -index 5c2f56d000a2a8..6f87fc053bb4b1 100644 ---- a/src/crypto/internal/backend/nobackend.go -+++ b/src/crypto/internal/backend/nobackend.go -@@ -4,7 +4,7 @@ - - // Do not edit the build constraint by hand. It is generated by "backendgen.go". - --//go:build ignore -+//go:build !(goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan) && !(goexperiment.cngcrypto && windows) && !(goexperiment.darwincrypto && darwin && cgo) && !(goexperiment.opensslcrypto && linux && cgo) - - package backend - -diff --git a/src/internal/goexperiment/exp_allowcryptofallback_off.go b/src/internal/goexperiment/exp_allowcryptofallback_off.go -new file mode 100644 -index 00000000000000..dfce36d834c46e ---- /dev/null -+++ b/src/internal/goexperiment/exp_allowcryptofallback_off.go -@@ -0,0 +1,9 @@ -+// Code generated by mkconsts.go. DO NOT EDIT. -+ -+//go:build !goexperiment.allowcryptofallback -+// +build !goexperiment.allowcryptofallback -+ -+package goexperiment -+ -+const AllowCryptoFallback = false -+const AllowCryptoFallbackInt = 0 -diff --git a/src/internal/goexperiment/exp_allowcryptofallback_on.go b/src/internal/goexperiment/exp_allowcryptofallback_on.go -new file mode 100644 -index 00000000000000..8d0c3fde9ab5e8 ---- /dev/null -+++ b/src/internal/goexperiment/exp_allowcryptofallback_on.go -@@ -0,0 +1,9 @@ -+// Code generated by mkconsts.go. DO NOT EDIT. -+ -+//go:build goexperiment.allowcryptofallback -+// +build goexperiment.allowcryptofallback -+ -+package goexperiment -+ -+const AllowCryptoFallback = true -+const AllowCryptoFallbackInt = 1 -diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index e6c9b7d5e62dc0..65d339be7dde32 100644 ---- a/src/internal/goexperiment/flags.go -+++ b/src/internal/goexperiment/flags.go -@@ -78,6 +78,14 @@ type Flags struct { - // being used to build the Go program. - SystemCrypto bool - -+ // AllowCryptoFallback allows the use of pure Go crypto if a crypto backend -+ // experiment is enabled but the backend's requirements are not met. This is -+ // used during the Go build itself to allow running the test suite with a -+ // backend experiment enabled. Some parts of the Go build (bootstrapping) -+ // and parts of the test suite run without cgo, so -+ // GOEXPERIMENT=opensslcrypto,allowcryptofallback must be used to succeed. -+ AllowCryptoFallback bool -+ - // Regabi is split into several sub-experiments that can be - // enabled individually. Not all combinations work. - // The "regabi" GOEXPERIMENT is an alias for all "working" -diff --git a/src/runtime/backenderr_gen_conflict_boring_cng.go b/src/runtime/backenderr_gen_conflict_boring_cng.go -new file mode 100644 -index 00000000000000..361db2a962d60f ---- /dev/null -+++ b/src/runtime/backenderr_gen_conflict_boring_cng.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.boringcrypto && goexperiment.cngcrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The boring and cng backends are both enabled, but they are mutually exclusive. -+ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_conflict_boring_darwin.go b/src/runtime/backenderr_gen_conflict_boring_darwin.go -new file mode 100644 -index 00000000000000..6c48a4e50fa72e ---- /dev/null -+++ b/src/runtime/backenderr_gen_conflict_boring_darwin.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.boringcrypto && goexperiment.darwincrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The boring and darwin backends are both enabled, but they are mutually exclusive. -+ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_conflict_boring_openssl.go b/src/runtime/backenderr_gen_conflict_boring_openssl.go -new file mode 100644 -index 00000000000000..91fac35011b24c ---- /dev/null -+++ b/src/runtime/backenderr_gen_conflict_boring_openssl.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.boringcrypto && goexperiment.opensslcrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The boring and openssl backends are both enabled, but they are mutually exclusive. -+ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_conflict_cng_darwin.go b/src/runtime/backenderr_gen_conflict_cng_darwin.go -new file mode 100644 -index 00000000000000..2e82a5cff034b7 ---- /dev/null -+++ b/src/runtime/backenderr_gen_conflict_cng_darwin.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.cngcrypto && goexperiment.darwincrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The cng and darwin backends are both enabled, but they are mutually exclusive. -+ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_conflict_cng_openssl.go b/src/runtime/backenderr_gen_conflict_cng_openssl.go -new file mode 100644 -index 00000000000000..bf44084570bbbc ---- /dev/null -+++ b/src/runtime/backenderr_gen_conflict_cng_openssl.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.cngcrypto && goexperiment.opensslcrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The cng and openssl backends are both enabled, but they are mutually exclusive. -+ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_conflict_darwin_openssl.go b/src/runtime/backenderr_gen_conflict_darwin_openssl.go -new file mode 100644 -index 00000000000000..90f4361e28cd94 ---- /dev/null -+++ b/src/runtime/backenderr_gen_conflict_darwin_openssl.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.darwincrypto && goexperiment.opensslcrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The darwin and openssl backends are both enabled, but they are mutually exclusive. -+ Please make sure only one crypto backend experiment is enabled by GOEXPERIMENT or '-tags'. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_nofallback_boring.go b/src/runtime/backenderr_gen_nofallback_boring.go -new file mode 100644 -index 00000000000000..6db0ed6dc09639 ---- /dev/null -+++ b/src/runtime/backenderr_gen_nofallback_boring.go -@@ -0,0 +1,24 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.boringcrypto && !(goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan) && !goexperiment.allowcryptofallback -+ -+package runtime -+ -+func init() { -+ ` -+ The goexperiment.boringcrypto tag is specified, but other tags required to enable that backend were not met. -+ Required build tags: -+ goexperiment.boringcrypto && linux && cgo && (amd64 || arm64) && !android && !msan -+ Please check your build environment and build command for a reason one or more of these tags weren't specified. -+ -+ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. -+ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. -+ Removing boringcrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. -+ -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_nofallback_cng.go b/src/runtime/backenderr_gen_nofallback_cng.go -new file mode 100644 -index 00000000000000..ae7f798ea41225 ---- /dev/null -+++ b/src/runtime/backenderr_gen_nofallback_cng.go -@@ -0,0 +1,24 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.cngcrypto && !(goexperiment.cngcrypto && windows) && !goexperiment.allowcryptofallback -+ -+package runtime -+ -+func init() { -+ ` -+ The goexperiment.cngcrypto tag is specified, but other tags required to enable that backend were not met. -+ Required build tags: -+ goexperiment.cngcrypto && windows -+ Please check your build environment and build command for a reason one or more of these tags weren't specified. -+ -+ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. -+ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. -+ Removing cngcrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. -+ -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_nofallback_darwin.go b/src/runtime/backenderr_gen_nofallback_darwin.go -new file mode 100644 -index 00000000000000..8a32f2cb25bda2 ---- /dev/null -+++ b/src/runtime/backenderr_gen_nofallback_darwin.go -@@ -0,0 +1,24 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.darwincrypto && !(goexperiment.darwincrypto && darwin && cgo) && !goexperiment.allowcryptofallback -+ -+package runtime -+ -+func init() { -+ ` -+ The goexperiment.darwincrypto tag is specified, but other tags required to enable that backend were not met. -+ Required build tags: -+ goexperiment.darwincrypto && darwin && cgo -+ Please check your build environment and build command for a reason one or more of these tags weren't specified. -+ -+ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. -+ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. -+ Removing darwincrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. -+ -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_nofallback_openssl.go b/src/runtime/backenderr_gen_nofallback_openssl.go -new file mode 100644 -index 00000000000000..7e1679dfc37a23 ---- /dev/null -+++ b/src/runtime/backenderr_gen_nofallback_openssl.go -@@ -0,0 +1,24 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.opensslcrypto && !(goexperiment.opensslcrypto && linux && cgo) && !goexperiment.allowcryptofallback -+ -+package runtime -+ -+func init() { -+ ` -+ The goexperiment.opensslcrypto tag is specified, but other tags required to enable that backend were not met. -+ Required build tags: -+ goexperiment.opensslcrypto && linux && cgo -+ Please check your build environment and build command for a reason one or more of these tags weren't specified. -+ -+ If you only performed a Go toolset upgrade and didn't expect this error, your code was likely depending on fallback to Go standard library crypto. -+ As of Go 1.21, Go crypto fallback is a build error. This helps prevent accidental fallback. -+ Removing opensslcrypto will restore pre-1.21 behavior by intentionally using Go standard library crypto. -+ -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_requirefips_nosystemcrypto.go b/src/runtime/backenderr_gen_requirefips_nosystemcrypto.go -new file mode 100644 -index 00000000000000..1c015dd2b08972 ---- /dev/null -+++ b/src/runtime/backenderr_gen_requirefips_nosystemcrypto.go -@@ -0,0 +1,17 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build requirefips && !goexperiment.systemcrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The requirefips tag is enabled, but no crypto backend is enabled. -+ A crypto backend is required to enable FIPS mode. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} -diff --git a/src/runtime/backenderr_gen_systemcrypto_nobackend.go b/src/runtime/backenderr_gen_systemcrypto_nobackend.go -new file mode 100644 -index 00000000000000..95be7ad8d38cae ---- /dev/null -+++ b/src/runtime/backenderr_gen_systemcrypto_nobackend.go -@@ -0,0 +1,16 @@ -+// Copyright 2023 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// This file is generated by crypto/internal/backend. DO NOT EDIT. DO NOT manually create files with the prefix "backenderr_gen_". -+ -+//go:build goexperiment.systemcrypto && !goexperiment.boringcrypto && !goexperiment.cngcrypto && !goexperiment.darwincrypto && !goexperiment.opensslcrypto -+ -+package runtime -+ -+func init() { -+ ` -+ The systemcrypto feature is enabled, but it was unable to enable an appropriate crypto backend for the target GOOS. -+ For more information, visit https://github.com/microsoft/go/tree/microsoft/main/eng/doc/fips -+ ` -+} diff --git a/patches/0006-Update-default-go.env.patch b/patches/0005-Update-default-go.env.patch similarity index 100% rename from patches/0006-Update-default-go.env.patch rename to patches/0005-Update-default-go.env.patch diff --git a/patches/0007-Skip-failing-tests-on-Windows.patch b/patches/0006-Skip-failing-tests-on-Windows.patch similarity index 100% rename from patches/0007-Skip-failing-tests-on-Windows.patch rename to patches/0006-Skip-failing-tests-on-Windows.patch diff --git a/patches/0008-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch similarity index 100% rename from patches/0008-unset-GOFIPS-when-running-the-Go-toolchain.patch rename to patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch diff --git a/patches/0009-add-support-for-logging-used-Windows-APIs.patch b/patches/0008-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0009-add-support-for-logging-used-Windows-APIs.patch rename to patches/0008-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0010-remove-long-path-support-hack.patch b/patches/0009-remove-long-path-support-hack.patch similarity index 100% rename from patches/0010-remove-long-path-support-hack.patch rename to patches/0009-remove-long-path-support-hack.patch diff --git a/patches/0011-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0010-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0011-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0010-Omit-internal-go.mod-files-used-for-codegen.patch diff --git a/patches/0012-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0011-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch similarity index 100% rename from patches/0012-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch rename to patches/0011-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch From 9c20af4b14c3e0c96c65e44b1acee2f71e7b4a57 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Thu, 16 Jan 2025 10:37:47 -0800 Subject: [PATCH 199/887] Add version notes for macOS darwincrypto --- eng/doc/fips/README.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 9aa1a4db368..489d5b444e5 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -27,7 +27,7 @@ In addition to that, the boringcrypto flag also provides a mechanism to restrict The Microsoft Go fork modifies the Go runtime to implement several crypto primitives using cgo to call into a platform-provided cryptographic library rather than use the standard Go crypto implementations. This allows Go programs to use a platform-provided FIPS 140-2 certified crypto library. -On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. On macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140-2 certified. +On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. Since 1.24, on macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140-2 certified. It is important to note that an application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_. It is the responsibility of the application development team to use FIPS-compliant crypto primitives and workflows. The modified crypto runtime will fall back to Go standard library crypto if it cannot provide a FIPS-compliant implementation, e.g. when hashing a message using `crypto/md5` hashes or when using an AES-GCM cipher with a non-standard nonce size. @@ -60,7 +60,7 @@ There are typically two goals that lead to this document. Creating a FIPS compli | --- | --- | --- | --- | | Default | Default | Not compliant | Crypto usage is not FIPS compliant. | | `GOEXPERIMENT=systemcrypto` | Default | Compliant | Can be used to create a compliant app. FIPS mode is determined by system-wide configuration. Make sure you are familiar with your platform's system-wide FIPS switch, described in [Usage: Runtime](#usage-runtime). | -| `GOEXPERIMENT=systemcrypto` | `GOFIPS=1` | Compliant | Can be used to create a compliant app. Depending on platform, the app either enables FIPS mode or ensures it is already enabled. The app panics if there is a problem. See [Usage: Runtime](#usage-runtime). | +| `GOEXPERIMENT=systemcrypto` | `GOFIPS=1` | Compliant | Can be used to create a compliant app. Depending on platform, the app enables FIPS mode, ensures it is already enabled, or doesn't do any additional checks. The app panics if there is a problem. See [Usage: Runtime](#usage-runtime). | | `GOEXPERIMENT=systemcrypto` | `GOFIPS=0` | Compliant | Crypto usage is unlikely to be FIPS compliant. The exact behavior of `GOFIPS=0` varies per platform. See [Usage: Runtime](#usage-runtime). | | `GOEXPERIMENT=systemcrypto` | `GO_OPENSSL_VERSION_OVERRIDE=1.1.1k-fips` | Compliant | Can be used to create a compliant app. If the app is built for Linux, `systemcrypto` chooses `opensslcrypto`, and the environment variable causes it to load `libcrypto.so.1.1.1k-fips` instead of using the automatic search behavior. This environment variable has no effect with `cngcrypto`. | | `GOEXPERIMENT=systemcrypto` and `-tags=requirefips` | Default | Compliant | Can be used to create a compliant app. The behavior is the same as `GOFIPS=1`, but no runtime configuration is necessary. See [the `requirefips` section](#build-option-to-require-fips-mode) for more information on when this "locked-in" approach may be useful rather than the flexible approach. | @@ -87,7 +87,7 @@ The `GOEXPERIMENT` environment variable is used at build time to select a crypto - Prior to Go 1.21, this alias is not available and the backend must be selected manually - `opensslcrypto` selects OpenSSL, for Linux - `cngcrypto` selects CNG, for Windows -- `darwincrypto` selects CommonCrypto & CryptoKit for macOS +- Since 1.24, `darwincrypto` selects CommonCrypto & CryptoKit for macOS - `boringcrypto` selects the upstream BoringCrypto backend, which is **not supported nor compliant** - If no option is selected, Go standard library cryptography is used. @@ -99,7 +99,8 @@ The options are exclusive and must not be enabled at the same time as one anothe | --- | --- | --- | | Linux | `opensslcrypto` | OpenSSL | | Windows | `cngcrypto` | CNG | -| macOS | `darwincrypto` | CommonCrypto & CryptoKit | +| macOS (since 1.24) | `darwincrypto` | CommonCrypto & CryptoKit | +| macOS (prior to 1.24) | N/A, build error | N/A | The crypto backend selection must match the target platform. In a cross-build scenario, such as using Linux to build an app that will run on Windows, `GOOS=windows GOEXPERIMENT=systemcrypto` will correctly select `cngcrypto`. Prior to Go 1.21, the selection must be made manually: `GOOS=windows GOEXPERIMENT=cngcrypto`. @@ -234,6 +235,8 @@ For testing purposes, Windows FIPS policy can be enabled via the registry key `H CommonCrypo/CrytoKit is FIPS compliant by default. This means that regardless of which mode you set `GOFIPS` to, the cryptographic functions will always be FIPS-enabled. +Prior to 1.24, CommonCrypto/CryptoKit is not used by Microsoft Go. + ## Usage: Extra configuration options ### Build option to require FIPS mode @@ -402,6 +405,10 @@ A program running in FIPS mode can claim it is using a FIPS-certified cryptograp This list of major changes is intended for quick reference and for access to historical information about versions that are no longer supported. The behavior of all in-support versions are documented in the sections above with notes for version-specific differences where necessary. +### Go 1.24 (Feb 2025) + +- Introduces macOS crypto backend `darwincrypto`. + ### Go [1.22.9-2](https://github.com/microsoft/go/releases/tag/v1.22.9-2) and [1.23.3-2](https://github.com/microsoft/go/releases/tag/v1.23.3-2) (Dec 2024) - Adds compatibility with changes that [Azure Linux] 3 made to the OpenSSL configuration, specifically the change to use [SCOSSL](https://github.com/microsoft/SymCrypt-OpenSSL). The SCOSSL-related Azure Linux packages must also be up to date for compatibility, at least `SymCrypt-103.6.0-1` and `SymCrypt-OpenSSL-1.6.1-1`. From 542e15d250596b1d85777fb10e3f4907f775ff49 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Fri, 17 Jan 2025 09:44:10 +0100 Subject: [PATCH 200/887] don't try to override system FIPS mode and use openssl.FIPSCapable (#1496) --- ...03-Implement-crypto-internal-backend.patch | 20 +++++++++---------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 1d0c32f60f6..eb6890a3fcb 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -26,7 +26,7 @@ Subject: [PATCH] Implement crypto/internal/backend .../backend/fips140/nosystemcrypto.go | 11 + .../internal/backend/fips140/openssl.go | 41 ++ src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ - src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 360 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- .../exp_allowcryptofallback_off.go | 9 + @@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2493 insertions(+), 1 deletion(-) + 41 files changed, 2491 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -2079,10 +2079,10 @@ index 00000000000000..7c3a95c2c64a2d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..57293ff2128dd6 +index 00000000000000..5ddcf98ea682a5 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,362 @@ +@@ -0,0 +1,360 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2149,16 +2149,14 @@ index 00000000000000..57293ff2128dd6 + panic("opensslcrypto: can't initialize OpenSSL " + lcrypto + ": " + err.Error()) + } + if fips140.Enabled() { -+ if !openssl.FIPS() { -+ if err := openssl.SetFIPS(true); err != nil { -+ panic("opensslcrypto: can't enable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) -+ } ++ // Use openssl.FIPSCapable instead of openssl.FIPS because some providers, e.g. SCOSSL, are FIPS compliant ++ // even when FIPS mode is not enabled. ++ if !openssl.FIPSCapable() { ++ panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText()) + } + } else if fips140.Disabled() { + if openssl.FIPS() { -+ if err := openssl.SetFIPS(false); err != nil { -+ panic("opensslcrypto: can't disable FIPS mode for " + openssl.VersionText() + ": " + err.Error()) -+ } ++ panic("opensslcrypto: FIPS mode explicitly disabled (" + fips140.Message + ") but enabled in " + openssl.VersionText()) + } + } + sig.BoringCrypto() From 88aa2863217837cd722190b963c57241d63d4c25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 Jan 2025 12:03:29 +0000 Subject: [PATCH 201/887] build(deps): bump actions/checkout from 4.1.7 to 4.2.2 (#1504) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/patch-build.yml | 2 +- .github/workflows/test.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b0538026046..952a97f8430 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 diff --git a/.github/workflows/patch-build.yml b/.github/workflows/patch-build.yml index 7d3db5e09e8..55f6160d2c3 100644 --- a/.github/workflows/patch-build.yml +++ b/.github/workflows/patch-build.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b72cd125c4f..b25c85d3124 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,6 +28,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: pwsh eng/run.ps1 submodule-refresh -shallow From 654eb65edf1a66357e172363a739086f04c57cdc Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 17 Jan 2025 13:36:57 +0100 Subject: [PATCH 202/887] remove gofips package --- ...03-Implement-crypto-internal-backend.patch | 11 +-- patches/0004-Use-crypto-backends.patch | 27 ++++++- ...pport-for-logging-used-Windows-APIs.patch} | 0 ...GOFIPS-when-running-the-Go-toolchain.patch | 76 ------------------- ... 0008-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 ...21-when-TLS-fipsonly-mode-is-enable.patch} | 0 7 files changed, 32 insertions(+), 82 deletions(-) rename patches/{0008-add-support-for-logging-used-Windows-APIs.patch => 0007-add-support-for-logging-used-Windows-APIs.patch} (100%) delete mode 100644 patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch rename patches/{0009-remove-long-path-support-hack.patch => 0008-remove-long-path-support-hack.patch} (100%) rename patches/{0010-Omit-internal-go.mod-files-used-for-codegen.patch => 0009-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) rename patches/{0011-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch => 0010-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch} (100%) diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index eb6890a3fcb..88d12937e6c 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -15,7 +15,7 @@ Subject: [PATCH] Implement crypto/internal/backend .../internal/backend/bbig/big_openssl.go | 12 + src/crypto/internal/backend/boring_linux.go | 279 ++++++++++++++ src/crypto/internal/backend/cng_windows.go | 336 ++++++++++++++++ - src/crypto/internal/backend/common.go | 58 +++ + src/crypto/internal/backend/common.go | 59 +++ src/crypto/internal/backend/darwin_darwin.go | 359 +++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + src/crypto/internal/backend/fips140/cng.go | 33 ++ @@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2491 insertions(+), 1 deletion(-) + 41 files changed, 2492 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -1173,10 +1173,10 @@ index 00000000000000..31dfc9b19ee63e +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..84447174284ffd +index 00000000000000..9436b00381aaf8 --- /dev/null +++ b/src/crypto/internal/backend/common.go -@@ -0,0 +1,58 @@ +@@ -0,0 +1,59 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -1186,11 +1186,12 @@ index 00000000000000..84447174284ffd +import ( + "crypto/internal/backend/fips140" + "crypto/internal/boring/sig" ++ "internal/goexperiment" + "runtime" +) + +func init() { -+ if fips140.Enabled() { ++ if !goexperiment.AllowCryptoFallback && fips140.Enabled() { + if !Enabled { + if runtime.GOOS != "linux" && runtime.GOOS != "windows" && runtime.GOOS != "darwin" { + panic("FIPS mode requested (" + fips140.Message + ") but no crypto backend is supported on " + runtime.GOOS) diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 13348735e20..7f8cec486a6 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -5,6 +5,7 @@ Subject: [PATCH] Use crypto backends --- src/cmd/api/boring_test.go | 2 +- + src/cmd/dist/build.go | 13 ++ src/cmd/dist/test.go | 8 +- src/cmd/go/go_boring_test.go | 11 +- src/cmd/go/testdata/script/darwin_no_cgo.txt | 2 + @@ -81,7 +82,7 @@ Subject: [PATCH] Use crypto backends src/net/smtp/smtp_test.go | 72 ++++--- src/os/exec/exec_test.go | 9 + src/runtime/pprof/vminfo_darwin_test.go | 6 + - 77 files changed, 1097 insertions(+), 109 deletions(-) + 78 files changed, 1110 insertions(+), 109 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -106,6 +107,30 @@ index f0e3575637c62a..9eab3b4e66e60b 100644 package main +diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go +index 1f467647f56143..4d770d7fc239e2 100644 +--- a/src/cmd/dist/build.go ++++ b/src/cmd/dist/build.go +@@ -1543,6 +1543,19 @@ func cmdbootstrap() { + xprintf("Building Go toolchain2 using go_bootstrap and Go toolchain1.\n") + os.Setenv("CC", compilerEnvLookup("CC", defaultcc, goos, goarch)) + // Now that cmd/go is in charge of the build process, enable GOEXPERIMENT. ++ // ++ // Build the Go toolchain with "GOEXPERIMENT=allowcryptofallback". This ++ // allows toolchains not built with "GOEXPERIMENT=systemcrypto" to be used ++ // when GOFIPS=1 is set. For example, when running "GOFIPS=1 go test ./..." ++ // or "GOFIPS=1 go run .". ++ // Shadow goexperiment so that the global variable is not modified. ++ goexperiment := goexperiment ++ if !strings.Contains(goexperiment, "allowcryptofallback") { ++ if goexperiment != "" { ++ goexperiment += "," ++ } ++ goexperiment += "allowcryptofallback" ++ } + os.Setenv("GOEXPERIMENT", goexperiment) + // No need to enable PGO for toolchain2. + goInstall(toolenv(), goBootstrap, append([]string{"-pgo=off"}, toolchain...)...) diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go index 0c992118f4287b..3316bb52a61ff1 100644 --- a/src/cmd/dist/test.go diff --git a/patches/0008-add-support-for-logging-used-Windows-APIs.patch b/patches/0007-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0008-add-support-for-logging-used-Windows-APIs.patch rename to patches/0007-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch deleted file mode 100644 index c9bb73f065d..00000000000 --- a/patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: qmuntal -Date: Wed, 14 Feb 2024 11:03:01 +0100 -Subject: [PATCH] unset GOFIPS when running the Go toolchain - ---- - src/cmd/go/internal/gofips/gofips.go | 36 ++++++++++++++++++++++++++++ - src/cmd/go/main.go | 5 ++++ - 2 files changed, 41 insertions(+) - create mode 100644 src/cmd/go/internal/gofips/gofips.go - -diff --git a/src/cmd/go/internal/gofips/gofips.go b/src/cmd/go/internal/gofips/gofips.go -new file mode 100644 -index 00000000000000..1f3549cf1b4ab5 ---- /dev/null -+++ b/src/cmd/go/internal/gofips/gofips.go -@@ -0,0 +1,36 @@ -+// Copyright 2024 The Go Authors. All rights reserved. -+// Use of this source code is governed by a BSD-style -+// license that can be found in the LICENSE file. -+ -+// gofips is a package that, when imported, unsets the GOFIPS environment variable -+// and stores it for later use. -+// -+// This is useful to support running commands like `GOFIPS=1 go test ./...` and -+// `GOFIPS=1 go run .` with a Go toolchain not built with a FIPS-enabled crypto backend. -+// In such cases, the user intends to pass the GOFIPS environment variable to the -+// test or run sub-processes, not to the go command itself. -+// -+// This package needs to have a minimal dependency graph so that it is initialized -+// before crypto/internal/backend, else it will have no effect. -+package gofips -+ -+import "syscall" -+ -+var gofips string -+var gofipsSet bool -+ -+const gofipsName = "GOFIPS" -+ -+func init() { -+ if v, found := syscall.Getenv(gofipsName); found { -+ gofips = gofipsName + "=" + v -+ gofipsSet = true -+ syscall.Unsetenv(gofipsName) -+ } -+} -+ -+// GOFIPS returns the GOFIPS environment variable at the time -+// init was called, and whether it was set. -+func GOFIPS() (string, bool) { -+ return gofips, gofipsSet -+} -diff --git a/src/cmd/go/main.go b/src/cmd/go/main.go -index f2e4d890d3d61b..fd1f733f7018a1 100644 ---- a/src/cmd/go/main.go -+++ b/src/cmd/go/main.go -@@ -27,6 +27,7 @@ import ( - "cmd/go/internal/fix" - "cmd/go/internal/fmtcmd" - "cmd/go/internal/generate" -+ "cmd/go/internal/gofips" - "cmd/go/internal/help" - "cmd/go/internal/list" - "cmd/go/internal/modcmd" -@@ -301,6 +302,10 @@ func invoke(cmd *base.Command, args []string) { - // but in practice there might be skew - // This makes sure we all agree. - cfg.OrigEnv = toolchain.FilterEnv(os.Environ()) -+ if v, found := gofips.GOFIPS(); found { -+ // Pass GOFIPS to user binaries. -+ cfg.OrigEnv = append(cfg.OrigEnv, v) -+ } - cfg.CmdEnv = envcmd.MkEnv() - for _, env := range cfg.CmdEnv { - if os.Getenv(env.Name) != env.Value { diff --git a/patches/0009-remove-long-path-support-hack.patch b/patches/0008-remove-long-path-support-hack.patch similarity index 100% rename from patches/0009-remove-long-path-support-hack.patch rename to patches/0008-remove-long-path-support-hack.patch diff --git a/patches/0010-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0009-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0010-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0009-Omit-internal-go.mod-files-used-for-codegen.patch diff --git a/patches/0011-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch b/patches/0010-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch similarity index 100% rename from patches/0011-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch rename to patches/0010-Support-curve-P-521-when-TLS-fipsonly-mode-is-enable.patch From 900cbc16a93eeb0b4b7f95e28aeb4835580b9ee8 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 17 Jan 2025 16:14:24 +0100 Subject: [PATCH 203/887] log --- patches/0003-Implement-crypto-internal-backend.patch | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 88d12937e6c..6a3363f2251 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -26,7 +26,7 @@ Subject: [PATCH] Implement crypto/internal/backend .../backend/fips140/nosystemcrypto.go | 11 + .../internal/backend/fips140/openssl.go | 41 ++ src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ - src/crypto/internal/backend/openssl_linux.go | 360 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- .../exp_allowcryptofallback_off.go | 9 + @@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2492 insertions(+), 1 deletion(-) + 41 files changed, 2494 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -2080,10 +2080,10 @@ index 00000000000000..7c3a95c2c64a2d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..5ddcf98ea682a5 +index 00000000000000..d469f2dddfd41e --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,360 @@ +@@ -0,0 +1,362 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2153,6 +2153,8 @@ index 00000000000000..5ddcf98ea682a5 + // Use openssl.FIPSCapable instead of openssl.FIPS because some providers, e.g. SCOSSL, are FIPS compliant + // even when FIPS mode is not enabled. + if !openssl.FIPSCapable() { ++ // TODO: remove ++ println("executable:" runtime_arg0()) + panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText()) + } + } else if fips140.Disabled() { From 27022d3baabedd842e5ac9860fba61a09875bb56 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 17 Jan 2025 16:26:32 +0100 Subject: [PATCH 204/887] log --- patches/0003-Implement-crypto-internal-backend.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 6a3363f2251..01d8ee701a7 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -2154,7 +2154,7 @@ index 00000000000000..d469f2dddfd41e + // even when FIPS mode is not enabled. + if !openssl.FIPSCapable() { + // TODO: remove -+ println("executable:" runtime_arg0()) ++ println("executable:", runtime_arg0()) + panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText()) + } + } else if fips140.Disabled() { From 9df9e5e0ad4409d8286e4175d3fc3ffb0ef8243d Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 17 Jan 2025 17:00:08 +0100 Subject: [PATCH 205/887] enable FIPS mode on Mariner and AZL3 CI builders --- .../cmd/run-builder/systemfips_fallback.go | 3 +- eng/_util/cmd/run-builder/systemfips_linux.go | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 eng/_util/cmd/run-builder/systemfips_linux.go diff --git a/eng/_util/cmd/run-builder/systemfips_fallback.go b/eng/_util/cmd/run-builder/systemfips_fallback.go index 8f6c89e557b..c876c9dc031 100644 --- a/eng/_util/cmd/run-builder/systemfips_fallback.go +++ b/eng/_util/cmd/run-builder/systemfips_fallback.go @@ -1,8 +1,7 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -//go:build !windows -// +build !windows +//go:build !windows && !linux package main diff --git a/eng/_util/cmd/run-builder/systemfips_linux.go b/eng/_util/cmd/run-builder/systemfips_linux.go new file mode 100644 index 00000000000..b8895f32a05 --- /dev/null +++ b/eng/_util/cmd/run-builder/systemfips_linux.go @@ -0,0 +1,33 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +package main + +import ( + "log" + "os" +) + +// enableSystemWideFIPS enables Mariner and Azure Linux 3 process-wide FIPS mode. +func enableSystemWideFIPS() (restore func(), err error) { + // FIPS mode is enabled if OPENSSL_FORCE_FIPS_MODE is set, regardless of the value. + _, ok := os.LookupEnv("OPENSSL_FORCE_FIPS_MODE") + if ok { + log.Println("FIPS mode already enabled.") + return nil, nil + } + + env("OPENSSL_FORCE_FIPS_MODE", "1") + log.Println("Enabled Mariner and Azure Linux 3 FIPS mode.") + + return func() { + if ok { + err := os.Unsetenv("OPENSSL_FORCE_FIPS_MODE") + if err != nil { + log.Printf("Unable to unset OPENSSL_FORCE_FIPS_MODE: %v\n", err) + return + } + log.Println("Successfully unset OPENSSL_FORCE_FIPS_MODE.") + } + }, nil +} From 22e1211e95f06217ae1d116e832d9784cd6bba97 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 17 Jan 2025 17:02:49 +0100 Subject: [PATCH 206/887] remove logs --- patches/0003-Implement-crypto-internal-backend.patch | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 01d8ee701a7..88d12937e6c 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -26,7 +26,7 @@ Subject: [PATCH] Implement crypto/internal/backend .../backend/fips140/nosystemcrypto.go | 11 + .../internal/backend/fips140/openssl.go | 41 ++ src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ - src/crypto/internal/backend/openssl_linux.go | 362 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 360 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- .../exp_allowcryptofallback_off.go | 9 + @@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2494 insertions(+), 1 deletion(-) + 41 files changed, 2492 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -2080,10 +2080,10 @@ index 00000000000000..7c3a95c2c64a2d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..d469f2dddfd41e +index 00000000000000..5ddcf98ea682a5 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,362 @@ +@@ -0,0 +1,360 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2153,8 +2153,6 @@ index 00000000000000..d469f2dddfd41e + // Use openssl.FIPSCapable instead of openssl.FIPS because some providers, e.g. SCOSSL, are FIPS compliant + // even when FIPS mode is not enabled. + if !openssl.FIPSCapable() { -+ // TODO: remove -+ println("executable:", runtime_arg0()) + panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText()) + } + } else if fips140.Disabled() { From 737cf890f58ac1df364578171c8276054d115af3 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 17 Jan 2025 17:39:48 +0100 Subject: [PATCH 207/887] simplify code --- eng/_util/cmd/run-builder/systemfips_linux.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/eng/_util/cmd/run-builder/systemfips_linux.go b/eng/_util/cmd/run-builder/systemfips_linux.go index b8895f32a05..54fa390ade6 100644 --- a/eng/_util/cmd/run-builder/systemfips_linux.go +++ b/eng/_util/cmd/run-builder/systemfips_linux.go @@ -21,13 +21,11 @@ func enableSystemWideFIPS() (restore func(), err error) { log.Println("Enabled Mariner and Azure Linux 3 FIPS mode.") return func() { - if ok { - err := os.Unsetenv("OPENSSL_FORCE_FIPS_MODE") - if err != nil { - log.Printf("Unable to unset OPENSSL_FORCE_FIPS_MODE: %v\n", err) - return - } - log.Println("Successfully unset OPENSSL_FORCE_FIPS_MODE.") + err := os.Unsetenv("OPENSSL_FORCE_FIPS_MODE") + if err != nil { + log.Printf("Unable to unset OPENSSL_FORCE_FIPS_MODE: %v\n", err) + return } + log.Println("Successfully unset OPENSSL_FORCE_FIPS_MODE.") }, nil } From 386505accd035ddd6b168753f8e8cd9d4ca39254 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 20 Jan 2025 13:49:46 +0100 Subject: [PATCH 208/887] Merge pull request #1503 from microsoft/dev/qmuntal/fips149deb Prefer GODEBUG=fips140 over GOFIPS --- eng/_util/cmd/run-builder/run-builder.go | 11 +++- .../cmd/run-builder/systemfips_fallback.go | 2 +- eng/_util/cmd/run-builder/systemfips_linux.go | 31 --------- ...03-Implement-crypto-internal-backend.patch | 66 +++++++++++++------ patches/0004-Use-crypto-backends.patch | 49 +++++++++++++- 5 files changed, 102 insertions(+), 57 deletions(-) delete mode 100644 eng/_util/cmd/run-builder/systemfips_linux.go diff --git a/eng/_util/cmd/run-builder/run-builder.go b/eng/_util/cmd/run-builder/run-builder.go index 6e5c542bc0d..80f9cf275f0 100644 --- a/eng/_util/cmd/run-builder/run-builder.go +++ b/eng/_util/cmd/run-builder/run-builder.go @@ -147,7 +147,7 @@ func main() { } if *fipsMode { - env("GOFIPS", "1") + envAppend("GODEBUG", "fips140=on") // Enable system-wide FIPS if supported by the host platform. restore, err := enableSystemWideFIPS() if err != nil { @@ -215,6 +215,15 @@ func env(key, value string) { } } +// envAppend appends a value to an env var and logs it. +// Panics if it doesn't succeed. +func envAppend(key, value string) { + if v, ok := os.LookupEnv(key); ok { + value = v + "," + value + } + env(key, value) +} + func run(cmdline ...string) error { c := exec.Command(cmdline[0], cmdline[1:]...) c.Stdout = os.Stdout diff --git a/eng/_util/cmd/run-builder/systemfips_fallback.go b/eng/_util/cmd/run-builder/systemfips_fallback.go index c876c9dc031..1e37c82d67c 100644 --- a/eng/_util/cmd/run-builder/systemfips_fallback.go +++ b/eng/_util/cmd/run-builder/systemfips_fallback.go @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -//go:build !windows && !linux +//go:build !windows package main diff --git a/eng/_util/cmd/run-builder/systemfips_linux.go b/eng/_util/cmd/run-builder/systemfips_linux.go deleted file mode 100644 index 54fa390ade6..00000000000 --- a/eng/_util/cmd/run-builder/systemfips_linux.go +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (c) Microsoft Corporation. -// Licensed under the MIT License. - -package main - -import ( - "log" - "os" -) - -// enableSystemWideFIPS enables Mariner and Azure Linux 3 process-wide FIPS mode. -func enableSystemWideFIPS() (restore func(), err error) { - // FIPS mode is enabled if OPENSSL_FORCE_FIPS_MODE is set, regardless of the value. - _, ok := os.LookupEnv("OPENSSL_FORCE_FIPS_MODE") - if ok { - log.Println("FIPS mode already enabled.") - return nil, nil - } - - env("OPENSSL_FORCE_FIPS_MODE", "1") - log.Println("Enabled Mariner and Azure Linux 3 FIPS mode.") - - return func() { - err := os.Unsetenv("OPENSSL_FORCE_FIPS_MODE") - if err != nil { - log.Printf("Unable to unset OPENSSL_FORCE_FIPS_MODE: %v\n", err) - return - } - log.Println("Successfully unset OPENSSL_FORCE_FIPS_MODE.") - }, nil -} diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 88d12937e6c..65043bbdfaf 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -7,26 +7,26 @@ Subject: [PATCH] Implement crypto/internal/backend .gitignore | 2 + src/crypto/internal/backend/backend_test.go | 30 ++ src/crypto/internal/backend/backendgen.go | 20 + - .../internal/backend/backendgen_test.go | 284 ++++++++++++++ + .../internal/backend/backendgen_test.go | 284 +++++++++++++ src/crypto/internal/backend/bbig/big.go | 17 + .../internal/backend/bbig/big_boring.go | 12 + src/crypto/internal/backend/bbig/big_cng.go | 12 + .../internal/backend/bbig/big_darwin.go | 12 + .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/boring_linux.go | 279 ++++++++++++++ + src/crypto/internal/backend/boring_linux.go | 279 +++++++++++++ src/crypto/internal/backend/cng_windows.go | 336 ++++++++++++++++ src/crypto/internal/backend/common.go | 59 +++ src/crypto/internal/backend/darwin_darwin.go | 359 +++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/internal/backend/fips140/darwin.go | 11 + - .../internal/backend/fips140/fips140.go | 55 +++ + .../internal/backend/fips140/fips140.go | 63 +++ .../internal/backend/fips140/isrequirefips.go | 9 + .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + .../internal/backend/fips140/openssl.go | 41 ++ - src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ - src/crypto/internal/backend/openssl_linux.go | 360 ++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 240 +++++++++++ + src/crypto/internal/backend/openssl_linux.go | 377 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- .../exp_allowcryptofallback_off.go | 9 + @@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2492 insertions(+), 1 deletion(-) + 41 files changed, 2517 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -1676,19 +1676,24 @@ index 00000000000000..ef5af5d956163e +} diff --git a/src/crypto/internal/backend/fips140/fips140.go b/src/crypto/internal/backend/fips140/fips140.go new file mode 100644 -index 00000000000000..f54d39970319af +index 00000000000000..72f7a1644deedd --- /dev/null +++ b/src/crypto/internal/backend/fips140/fips140.go -@@ -0,0 +1,55 @@ +@@ -0,0 +1,63 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package fips140 + -+import "syscall" ++import ( ++ "internal/godebug" ++ "syscall" ++) + -+// Enabled reports whether FIPS 140 mode is enabled by using GOFIPS=1, GOLANG_FIPS=1, ++var fips140GODEBUG = godebug.New("#fips140") ++ ++// Enabled reports whether FIPS 140 mode is enabled by using GODEBUG, GOFIPS, GOLANG_FIPS, +// the 'requirefips' build tag, or any other platform-specific mechanism. +func Enabled() bool { + return enabled @@ -1696,7 +1701,7 @@ index 00000000000000..f54d39970319af + +var enabled bool + -+// Disabled reports whether FIPS 140 mode is disabled by using GOFIPS=0 or GOLANG_FIPS=0. ++// Disabled reports whether FIPS 140 mode is disabled by using GOFIPS or GOLANG_FIPS. +func Disabled() bool { + return disabled +} @@ -1709,9 +1714,12 @@ index 00000000000000..f54d39970319af +func init() { + // TODO: Decide which environment variable to use. + // See https://github.com/microsoft/go/issues/397. -+ var value string + var ok bool -+ if value, ok = syscall.Getenv("GOFIPS"); ok { ++ value := fips140GODEBUG.Value() ++ if value == "on" || value == "only" || value == "debug" { ++ Message = "environment variable GODEBUG=fips140=" + value ++ value = "1" ++ } else if value, ok = syscall.Getenv("GOFIPS"); ok { + Message = "environment variable GOFIPS" + } else if value, ok = syscall.Getenv("GOLANG_FIPS"); ok { + Message = "environment variable GOLANG_FIPS" @@ -1735,7 +1743,6 @@ index 00000000000000..f54d39970319af + return + } +} -\ No newline at end of file diff --git a/src/crypto/internal/backend/fips140/isrequirefips.go b/src/crypto/internal/backend/fips140/isrequirefips.go new file mode 100644 index 00000000000000..b33d08c84e2dae @@ -1787,7 +1794,7 @@ index 00000000000000..83691d7dd42d51 +} diff --git a/src/crypto/internal/backend/fips140/openssl.go b/src/crypto/internal/backend/fips140/openssl.go new file mode 100644 -index 00000000000000..118efa3a492a7d +index 00000000000000..2d126bcfc053de --- /dev/null +++ b/src/crypto/internal/backend/fips140/openssl.go @@ -0,0 +1,41 @@ @@ -1818,7 +1825,7 @@ index 00000000000000..118efa3a492a7d + // If there is an error reading we could either panic or assume FIPS is not enabled. + // Panicking would be too disruptive for apps that don't require FIPS. + // If an app wants to be 100% sure that is running in FIPS mode -+ // it should use boring.Enabled() or GOFIPS=1. ++ // it should use boring.Enabled() or GODEBUG=fips140=1. + return false + } + } @@ -2080,10 +2087,10 @@ index 00000000000000..7c3a95c2c64a2d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..5ddcf98ea682a5 +index 00000000000000..0c4e0c9da6e1ce --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,360 @@ +@@ -0,0 +1,377 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2150,12 +2157,29 @@ index 00000000000000..5ddcf98ea682a5 + panic("opensslcrypto: can't initialize OpenSSL " + lcrypto + ": " + err.Error()) + } + if fips140.Enabled() { -+ // Use openssl.FIPSCapable instead of openssl.FIPS because some providers, e.g. SCOSSL, are FIPS compliant -+ // even when FIPS mode is not enabled. ++ // Some distributions, e.g. Azure Linux 3, don't set the `fips=yes` property when running in FIPS mode, ++ // but they configure OpenSSL to use a FIPS-compliant provider (in the case of Azure Linux 3, the SCOSSL provider). ++ // In this cases, openssl.FIPS would return `false` and openssl.FIPSCapable would return `true`. ++ // We don't care about the `fips=yes` property as long as the provider is FIPS-compliant, so use ++ // openssl.FIPSCapable to determine whether FIPS mode is enabled. + if !openssl.FIPSCapable() { -+ panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText()) ++ // This path can be reached for the following reasons: ++ // - In OpenSSL 1, the active engine doesn't support FIPS mode. ++ // - In OpenSSL 1, the active engine supports FIPS mode, but it is not enabled. ++ // - In OpenSSL 3, the provider used by default doesn't match the `fips=yes` query. ++ // ++ // A best-effort attempt is made to enable FIPS mode. It will only succeed if the following conditions are met: ++ // - In OpenSSL 1, the active engine supports FIPS mode and FIPS mode can be enabled. ++ // - In OpenSSL 3, there is an available provider that supports the `fips=yes` query. ++ // ++ // Note that this best effort is mainly to support test environments. FIPS-compliant production environments ++ // like Mariner 2 and Azure Linux 3 (when executed in kernel FIPS mode) will already be properly configured. ++ if err := openssl.SetFIPS(true); err != nil { ++ panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText() + ": " + err.Error()) ++ } + } + } else if fips140.Disabled() { ++ // TODO: Remove this block when GOFIPS=0 is no longer supported. + if openssl.FIPS() { + panic("opensslcrypto: FIPS mode explicitly disabled (" + fips140.Message + ") but enabled in " + openssl.VersionText()) + } diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 7f8cec486a6..122b6d26b9e 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -6,7 +6,7 @@ Subject: [PATCH] Use crypto backends --- src/cmd/api/boring_test.go | 2 +- src/cmd/dist/build.go | 13 ++ - src/cmd/dist/test.go | 8 +- + src/cmd/dist/test.go | 10 +- src/cmd/go/go_boring_test.go | 11 +- src/cmd/go/testdata/script/darwin_no_cgo.txt | 2 + .../go/testdata/script/gopath_std_vendor.txt | 9 + @@ -38,6 +38,7 @@ Subject: [PATCH] Use crypto backends src/crypto/hmac/hmac_test.go | 2 +- src/crypto/internal/cryptotest/allocations.go | 2 +- .../internal/cryptotest/implementations.go | 2 +- + src/crypto/internal/fips140test/check_test.go | 8 +- src/crypto/md5/md5.go | 10 + src/crypto/md5/md5_test.go | 16 ++ src/crypto/pbkdf2/pbkdf2.go | 4 + @@ -82,7 +83,7 @@ Subject: [PATCH] Use crypto backends src/net/smtp/smtp_test.go | 72 ++++--- src/os/exec/exec_test.go | 9 + src/runtime/pprof/vminfo_darwin_test.go | 6 + - 78 files changed, 1110 insertions(+), 109 deletions(-) + 79 files changed, 1118 insertions(+), 111 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -132,9 +133,18 @@ index 1f467647f56143..4d770d7fc239e2 100644 // No need to enable PGO for toolchain2. goInstall(toolenv(), goBootstrap, append([]string{"-pgo=off"}, toolchain...)...) diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index 0c992118f4287b..3316bb52a61ff1 100644 +index 0c992118f4287b..d224514552fd63 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go +@@ -714,7 +714,7 @@ func (t *tester) registerTests() { + }) + + // Check that all crypto packages compile (and test correctly, in longmode) with fips. +- if t.fipsSupported() { ++ if false { // Disable these tests, they don't work if CNG/OpenSSL FIPS mode is not enabled. We already have dedicated builders for this. + // Test standard crypto packages with fips140=on. + t.registerTest("GODEBUG=fips140=on go test crypto/...", &goTest{ + variant: "gofips140", @@ -1161,6 +1161,11 @@ func (t *tester) internalLink() bool { if goos == "windows" && goarch == "arm64" { return false @@ -1155,6 +1165,39 @@ index 3fa730459050f6..1f28f12a6e7b4f 100644 "crypto/internal/impl" "internal/goos" "internal/testenv" +diff --git a/src/crypto/internal/fips140test/check_test.go b/src/crypto/internal/fips140test/check_test.go +index 6b0cd3f39e1695..aa586ed30454a2 100644 +--- a/src/crypto/internal/fips140test/check_test.go ++++ b/src/crypto/internal/fips140test/check_test.go +@@ -5,6 +5,8 @@ + package fipstest + + import ( ++ boring "crypto/internal/backend" ++ bfips140 "crypto/internal/backend/fips140" + "crypto/internal/fips140" + . "crypto/internal/fips140/check" + "crypto/internal/fips140/check/checktest" +@@ -18,7 +20,7 @@ import ( + "unsafe" + ) + +-const enableFIPSTest = true ++const enableFIPSTest = boring.Enabled + + func TestFIPSCheckVerify(t *testing.T) { + if Verified { +@@ -38,6 +40,10 @@ func TestFIPSCheckVerify(t *testing.T) { + t.Skipf("skipping: %v", err) + } + ++ if !bfips140.Enabled() { ++ t.Skipf("skipping: FIPS is not enabled") ++ } ++ + cmd := testenv.Command(t, os.Args[0], "-test.v", "-test.run=TestFIPSCheck") + cmd.Env = append(cmd.Environ(), "GODEBUG=fips140=on") + out, err := cmd.CombinedOutput() diff --git a/src/crypto/md5/md5.go b/src/crypto/md5/md5.go index a0384e175f31bd..f7aa6da36f02de 100644 --- a/src/crypto/md5/md5.go From ef475a708e0d7e7b2e208fea640936e496e7faa8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Jan 2025 11:02:47 +0000 Subject: [PATCH 209/887] build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 in /eng/_util Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.28.0 to 0.29.0. - [Commits](https://github.com/golang/sys/compare/v0.28.0...v0.29.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 283c59e1cde..106ee16c17e 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -9,7 +9,7 @@ go 1.22.0 require ( github.com/microsoft/go-infra v0.0.6 github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 - golang.org/x/sys v0.28.0 + golang.org/x/sys v0.29.0 gotest.tools/gotestsum v1.12.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 30bcc59b1ce..4e6e7c69b14 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -81,8 +81,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= From 327cbbd0952047b54d3ac59f01d5026f5df5997b Mon Sep 17 00:00:00 2001 From: George Adams Date: Wed, 22 Jan 2025 10:36:55 +0000 Subject: [PATCH 210/887] darwin: add macOS to CrossPlatformCryptography document (#1488) * darwin: add macOS to CrossPlatformCryptography document * align * improvements * feedback * Apply suggestions from code review Co-authored-by: Davis Goodin * Remove RSA warning note from documentation --------- Co-authored-by: Davis Goodin --- eng/doc/CrossPlatformCryptography.md | 383 ++++++++++++++------------- 1 file changed, 200 insertions(+), 183 deletions(-) diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index d544ef55da6..2761a6c9f2a 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -26,12 +26,18 @@ OpenSSL 3 implements all the cryptographic algorithms using [Providers](https:// Microsoft Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later. SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)). +## macOS + +On macOS, Microsoft Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations. +CommonCrypto and CryptoKit are shipped with macOS and don't require any additional installation nor configuration. +Currently macOS 13 and above is supported. + ## Table legend The following legend describes the symbols used in the tables to indicate the level of support for each cryptographic algorithm: | Symbol | Meaning | -|--------|------------------------------------------------------------------------------------------------------------------------------| +| ------ | ---------------------------------------------------------------------------------------------------------------------------- | | ✔️ | Supported, possibly with minor limitations that don't require special configuration when using the latest Go and OS versions | | ⚠️ | Supported with limitations that require special configuration action | | ❌ | Not supported | @@ -42,32 +48,32 @@ When an algorithm is not supported or the limitations are exceeded, Microsoft Go This section includes the following packages: -* [crypto/md5](https://pkg.go.dev/crypto/md5) -* [crypto/sha1](https://pkg.go.dev/crypto/sha1) -* [crypto/sha256](https://pkg.go.dev/crypto/sha256) -* [crypto/sha512](https://pkg.go.dev/crypto/sha512) -* [crypto/sha3](https://pkg.go.dev/golang.org/x/crypto/sha3) -* [crypto/hmac](https://pkg.go.dev/crypto/hmac) - -|Algorithm |Windows |Linux | -|---------------------------|--------------------|---------------------| -| MD5 | ✔️ | ✔️ | -| SHA-1 | ✔️ | ✔️ | -| SHA-2-224 | ❌ | ✔️ | -| SHA-2-256 | ✔️ | ✔️ | -| SHA-2-384 | ✔️ | ✔️ | -| SHA-2-512 | ✔️ | ✔️ | -| SHA-2-512_224 | ❌ | ✔️1, 2 | -| SHA-2-512_256 | ❌ | ✔️1, 2 | -| SHA-3-224 | ❌ | ❌ | -| SHA-3-256 | ❌ | ❌ | -| SHA-3-384 | ❌ | ❌ | -| SHA-3-512 | ❌ | ❌ | -| SHAKE-128 | ❌ | ❌ | -| SHAKE-256 | ❌ | ❌ | -| CSHAKE-128 | ❌ | ❌ | -| CSHAKE-256 | ❌ | ❌ | -| HMAC3 | ✔️ | ✔️ | +- [crypto/md5](https://pkg.go.dev/crypto/md5) +- [crypto/sha1](https://pkg.go.dev/crypto/sha1) +- [crypto/sha256](https://pkg.go.dev/crypto/sha256) +- [crypto/sha512](https://pkg.go.dev/crypto/sha512) +- [crypto/sha3](https://pkg.go.dev/golang.org/x/crypto/sha3) +- [crypto/hmac](https://pkg.go.dev/crypto/hmac) + +| Algorithm | Windows | Linux | macOS | +| ---------------- | ------- | ----------------- | ----- | +| MD5 | ✔️ | ✔️ | ✔️ | +| SHA-1 | ✔️ | ✔️ | ✔️ | +| SHA-2-224 | ❌ | ✔️ | ✔️ | +| SHA-2-256 | ✔️ | ✔️ | ✔️ | +| SHA-2-384 | ✔️ | ✔️ | ✔️ | +| SHA-2-512 | ✔️ | ✔️ | ✔️ | +| SHA-2-512_224 | ❌ | ✔️1, 2 | ❌ | +| SHA-2-512_256 | ❌ | ✔️1, 2 | ❌ | +| SHA-3-224 | ❌ | ❌ | ❌ | +| SHA-3-256 | ❌ | ❌ | ❌ | +| SHA-3-384 | ❌ | ❌ | ❌ | +| SHA-3-512 | ❌ | ❌ | ❌ | +| SHAKE-128 | ❌ | ❌ | ❌ | +| SHAKE-256 | ❌ | ❌ | ❌ | +| CSHAKE-128 | ❌ | ❌ | ❌ | +| CSHAKE-256 | ❌ | ❌ | ❌ | +| HMAC3 | ✔️ | ✔️ | ✔️ | 1Available starting in Microsoft Go 1.24. @@ -79,83 +85,85 @@ This section includes the following packages: This section includes the following packages: -* [crypto/aes](https://pkg.go.dev/crypto/aes) -* [crypto/cipher](https://pkg.go.dev/crypto/cipher) -* [crypto/des](https://pkg.go.dev/crypto/des) -* [crypto/rc4](https://pkg.go.dev/crypto/rc4) - -| Cipher + Mode | Windows | Linux | -|---------------|----------|------------------| -| AES-ECB | ✔️ | ✔️ | -| AES-CBC | ✔️ | ✔️ | -| AES-CTR | ❌ | ✔️ | -| AES-CFB | ❌ | ❌ | -| AES-OFB | ❌ | ❌ | -| AES-GCM | ✔️ | ✔️ | -| DES-CBC | ✔️ | ⚠️1 | -| DES-ECB | ✔️ | ⚠️1 | -| 3DES-ECB | ✔️ | ✔️ | -| 3DES-CBC | ✔️ | ✔️ | -| RC4 | ✔️ | ⚠️1 | +- [crypto/aes](https://pkg.go.dev/crypto/aes) +- [crypto/cipher](https://pkg.go.dev/crypto/cipher) +- [crypto/des](https://pkg.go.dev/crypto/des) +- [crypto/rc4](https://pkg.go.dev/crypto/rc4) + +| Cipher + Mode | Windows | Linux | macOS | +| ------------- | ------- | -------------- | ----- | +| AES-ECB | ✔️ | ✔️ | ✔️ | +| AES-CBC | ✔️ | ✔️ | ✔️ | +| AES-CTR | ❌ | ✔️ | ❌ | +| AES-CFB | ❌ | ❌ | ❌ | +| AES-OFB | ❌ | ❌ | ❌ | +| AES-GCM | ✔️ | ✔️ | ✔️ | +| DES-CBC | ✔️ | ⚠️1 | ✔️ | +| DES-ECB | ✔️ | ⚠️1 | ✔️ | +| 3DES-ECB | ✔️ | ✔️ | ✔️ | +| 3DES-CBC | ✔️ | ✔️ | ✔️ | +| RC4 | ✔️ | ⚠️1 | ✔️ | 1When using OpenSSL 3, requires the legacy provider to be enabled. ### AES-GCM keys, nonces, and tags -* Key Sizes +- Key Sizes AES-GCM works with 128, 192, and 256-bit keys. -* Nonce Sizes +- Nonce Sizes AES-GCM works with 12-byte nonces. -* Tag Sizes - +- Tag Sizes + AES-GCM works with 16-byte tags. ## Asymmetric encryption This section includes the following subsections: -* [RSA](#rsa) -* [ECDSA](#ecdsa) -* [ECDH](#ecdh) -* [Ed25519](#ed25519) -* [DSA](#dsa) +- [RSA](#rsa) +- [ECDSA](#ecdsa) +- [ECDH](#ecdh) +- [Ed25519](#ed25519) +- [DSA](#dsa) ### RSA This section includes the following packages: -* [crypto/rsa](https://pkg.go.dev/crypto/rsa) - -| Padding Mode | Windows | Linux | -|----------------------------------------|----------------------|---------------------| -| OAEP (MD5) | ✔️ | ✔️ | -| OAEP (SHA-1) | ✔️ | ✔️ | -| OAEP (SHA-2)1 | ✔️ | ✔️ | -| OAEP (SHA-3) | ❌ | ❌ | -| PSS (MD5) | ✔️ | ✔️ | -| PSS (SHA-1) | ✔️ | ✔️ | -| PSS (SHA-2)1 | ✔️ | ✔️ | -| PSS (SHA-3) | ❌ | ❌ | -| PKCS1v15 Signature (Unhashed) | ✔️ | ✔️ | -| PKCS1v15 Signature (RIPMED160) | ❌ | ✔️2 | -| PKCS1v15 Signature (MD4) | ❌ | ✔️2 | -| PKCS1v15 Signature (MD5) | ✔️ | ✔️ | -| PKCS1v15 Signature (MD5-SHA1) | ✔️2 | ✔️2 | -| PKCS1v15 Signature (SHA-1) | ✔️ | ✔️ | -| PKCS1v15 Signature (SHA-2)1 | ✔️ | ✔️ | -| PKCS1v15 Signature (SHA-3) | ❌ | ❌ | +- [crypto/rsa](https://pkg.go.dev/crypto/rsa) + +| Padding Mode | Windows | Linux | macOS | +| -------------------------------------- | -------------- | -------------- | -------------- | +| OAEP (MD5) | ✔️ | ✔️ | ✔️3 | +| OAEP (SHA-1) | ✔️ | ✔️ | ✔️3 | +| OAEP (SHA-2)1 | ✔️ | ✔️ | ✔️3 | +| OAEP (SHA-3) | ❌ | ❌ | ❌ | +| PSS (MD5) | ✔️ | ✔️ | ❌ | +| PSS (SHA-1) | ✔️ | ✔️ | ✔️ | +| PSS (SHA-2)1 | ✔️ | ✔️ | ✔️ | +| PSS (SHA-3) | ❌ | ❌ | ❌ | +| PKCS1v15 Signature (Unhashed) | ✔️ | ✔️ | ✔️ | +| PKCS1v15 Signature (RIPMED160) | ❌ | ✔️2 | ❌ | +| PKCS1v15 Signature (MD4) | ❌ | ✔️2 | ❌ | +| PKCS1v15 Signature (MD5) | ✔️ | ✔️ | ❌ | +| PKCS1v15 Signature (MD5-SHA1) | ✔️2 | ✔️2 | ❌ | +| PKCS1v15 Signature (SHA-1) | ✔️ | ✔️ | ✔️ | +| PKCS1v15 Signature (SHA-2)1 | ✔️ | ✔️ | ✔️ | +| PKCS1v15 Signature (SHA-3) | ❌ | ❌ | ❌ | 1Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms). 2Available starting in Microsoft Go 1.24. +3macOS doesn't support passing a custom label to OAEP functions. + #### RSA key sizes -[rsa.GenerateKey](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096. +[`rsa.GenerateKey`](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096. Multi-prime RSA keys are not supported. @@ -165,25 +173,27 @@ Please refer to the documentation of the underlying cryptographic library for th #### PSS salt length -On Windows, when verifying a PSS signature, [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. +On Windows, when verifying a PSS signature, [`rsa.PSSSaltLengthAuto`](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. + +On macOS, custom salt lengths are not supported, it always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants). #### Random number generation -Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). +Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader). ### ECDSA This section includes the following packages: -* [crypto/ecdsa](https://pkg.go.dev/crypto/ecdsa) -* [crypto/elliptic](https://pkg.go.dev/crypto/elliptic) +- [crypto/ecdsa](https://pkg.go.dev/crypto/ecdsa) +- [crypto/elliptic](https://pkg.go.dev/crypto/elliptic) -| Elliptic Curve | Windows | Linux | -|---------------------------|-------------|--------------| -| NIST P-224 (secp224r1) | ✔️ | ✔️ | -| NIST P-256 (secp256r1) | ✔️ | ✔️ | -| NIST P-384 (secp384r1) | ✔️ | ✔️ | -| NIST P-521 (secp521r1) | ✔️ | ✔️ | +| Elliptic Curve | Windows | Linux | macOS | +| ---------------------- | ------- | ----- | ----- | +| NIST P-224 (secp224r1) | ✔️ | ✔️ | ❌ | +| NIST P-256 (secp256r1) | ✔️ | ✔️ | ✔️ | +| NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ | +| NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | #### Random number generation @@ -193,56 +203,56 @@ Operations that require random numbers (rand io.Reader) only support [rand.Reade This section includes the following packages: -* [crypto/ecdh](https://pkg.go.dev/crypto/ecdsa) +- [crypto/ecdh](https://pkg.go.dev/crypto/ecdsa) -| Elliptic Curve | Windows | Linux | -|---------------------------|-------------|--------------| -| NIST P-224 (secp224r1) | ✔️ | ✔️ | -| NIST P-256 (secp256r1) | ✔️ | ✔️ | -| NIST P-384 (secp384r1) | ✔️ | ✔️ | -| NIST P-521 (secp521r1) | ✔️ | ✔️ | -| X25519 (curve25519) | ❌ | ❌ | +| Elliptic Curve | Windows | Linux | macOS | +| ---------------------- | ------- | ----- | ----- | +| NIST P-224 (secp224r1) | ✔️ | ✔️ | ❌ | +| NIST P-256 (secp256r1) | ✔️ | ✔️ | ✔️ | +| NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ | +| NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | +| X25519 (curve25519) | ❌ | ❌ | ❌ | #### Random number generation -Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). +Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader). ### Ed25519 This section includes the following packages: -* [crypto/ed25519](https://pkg.go.dev/crypto/ed25519) +- [crypto/ed25519](https://pkg.go.dev/crypto/ed25519) -| Schemes | Windows | Linux | -|-------------|------------|---------------| -| Ed25519 | ❌ | ✔️ | -| Ed25519ctx | ❌ | ❌ | -| Ed25519ph | ❌ | ❌ | +| Schemes | Windows | Linux | macOS | +| ---------- | ------- | ----- | ----- | +| Ed25519 | ❌ | ✔️ | ✔️ | +| Ed25519ctx | ❌ | ❌ | ❌ | +| Ed25519ph | ❌ | ❌ | ❌ | #### Random number generation -Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). +Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader). ### DSA -| Parameters | Windows | Linux | -|---------------|-------------|--------------| -| L1024N160 | ✔️ | ✔️ | -| L2048N224 | ❌ | ✔️ | -| L2048N256 | ✔️ | ✔️ | -| L3072N256 | ✔️ | ✔️ | +| Parameters | Windows | Linux | macOS | +| ---------- | ------- | ----- | ----- | +| L1024N160 | ✔️ | ✔️ | ❌ | +| L2048N224 | ❌ | ✔️ | ❌ | +| L2048N256 | ✔️ | ✔️ | ❌ | +| L3072N256 | ✔️ | ✔️ | ❌ | ## KDF This section includes the following packages: -* [crypto/hkdf](https://pkg.go.dev/crypto/hkdf) -* [crypto/pbkdf2](https://pkg.go.dev/crypto/pbkdf2) +- [crypto/hkdf](https://pkg.go.dev/crypto/hkdf) +- [crypto/pbkdf2](https://pkg.go.dev/crypto/pbkdf2) -| Functions | Windows | Linux | -|---------------|------------------|-------------------| -| PBKDF2 | ✔️ 1 | ✔️ 1 | -| HKDF | ✔️ 1 | ✔️ 1 | +| Functions | Windows | Linux | macOS | +| --------- | --------------- | --------------- | --------------- | +| PBKDF2 | ✔️ 1 | ✔️ 1 | ✔️ 1 | +| HKDF | ✔️ 1 | ✔️ 1 | ✔️ 1 | 1Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms). @@ -250,93 +260,100 @@ This section includes the following packages: This section includes the following packages: -* [crypto/mlkem](https://pkg.go.dev/crypto/mlkem) +- [crypto/mlkem](https://pkg.go.dev/crypto/mlkem) -| Parameters | Windows | Linux | -|---------------|-------------|--------------| -| 768 | ❌ | ❌ | -| 1024 | ❌ | ❌ | +| Parameters | Windows | Linux | macOS | +| ---------- | ------- | ----- | ----- | +| 768 | ❌ | ❌ | ❌ | +| 1024 | ❌ | ❌ | ❌ | ## TLS This section includes the following subsections: -* [TLS Versions](#tls-versions) -* [Cipher Suites](#cipher-suites) -* [Curves and Groups](#curves-and-groups) -* [Signature Algorithms](#signature-algorithms) +- [TLS Versions](#tls-versions) +- [Cipher Suites](#cipher-suites) +- [Curves and Groups](#curves-and-groups) +- [Signature Algorithms](#signature-algorithms) This section includes the following packages: -* [crypto/tls](https://pkg.go.dev/crypto/tls) +- [crypto/tls](https://pkg.go.dev/crypto/tls) ### TLS Versions -| Version | Windows | Linux | -|----------------|-------------|---------| -| SSL 3.0 | ❌ | ❌ | -| TLS 1.0 | ✔️ | ✔️ | -| TLS 1.2 | ✔️ | ✔️ | -| TLS 1.3 | ✔️ | ✔️ | +The TLS stack is implemented using native Go code but the crypto primatives are provided by the system cryptographic libraries. + +| Version | Windows | Linux | macOS | +| ------- | ------- | ----- | ----- | +| SSL 3.0 | ❌ | ❌ | ❌ | +| TLS 1.0 | ✔️ | ✔️ | ❌ | +| TLS 1.1 | ✔️ | ✔️ | ❌ | +| TLS 1.2 | ✔️ | ✔️ | ✔️ | +| TLS 1.3 | ✔️ | ✔️ | ✔️ | ### Cipher Suites -| Name | Windows | Linux | -|---------------------------------------------------|-------------|-------------------| -| TLS_RSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | -| TLS_RSA_WITH_3DES_EDE_CBC_SHA | ✔️ | ⚠️1 | -| TLS_RSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | -| TLS_RSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | -| TLS_RSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | -| TLS_RSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | -| TLS_RSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | -| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | -| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | -| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | -| TLS_ECDHE_RSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | -| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ✔️ | ⚠️1 | -| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | -| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | -| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | -| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | -| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | -| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | -| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | -| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | -| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | -| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | -| TLS_AES_128_GCM_SHA256 | ✔️ | ✔️ | -| TLS_AES_256_GCM_SHA384 | ✔️ | ✔️ | -| TLS_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | -| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | -| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | -| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | +| Name | Windows | Linux | macOS | +| --------------------------------------------- | ------- | -------------- | ----- | +| TLS_RSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | ✔️ | +| TLS_RSA_WITH_3DES_EDE_CBC_SHA | ✔️ | ⚠️1 | ✔️ | +| TLS_RSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_RSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_RC4_128_SHA | ✔️ | ⚠️1 | ✔️ | +| TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ✔️ | ⚠️1 | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ✔️ | ✔️ | ✔️ | +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | ❌ | +| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | ❌ | +| TLS_AES_128_GCM_SHA256 | ✔️ | ✔️ | ✔️ | +| TLS_AES_256_GCM_SHA384 | ✔️ | ✔️ | ✔️ | +| TLS_CHACHA20_POLY1305_SHA256 | ❌ | ❌ | ❌ | +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | ❌ | +| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | ❌ | +| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ❌ | ❌ | ❌ | 1When using OpenSSL 3, requires the legacy provider to be enabled. ### Curves and Groups -| Name | Windows | Linux | -|-----------------|-------------|--------------| -| CurveP256 | ✔️ | ✔️ | -| CurveP384 | ✔️ | ✔️ | -| CurveP521 | ✔️ | ✔️ | -| X25519 | ❌ | ❌ | -| X25519MLKEM768 | ❌ | ❌ | - -### Signature Algorithms - -| Name | Windows | Linux | -|---------------------------|-------------|--------------| -| PKCS1WithSHA256 | ✔️ | ✔️ | -| PKCS1WithSHA384 | ✔️ | ✔️ | -| PKCS1WithSHA512 | ✔️ | ✔️ | -| PSSWithSHA256 | ✔️ | ✔️ | -| PSSWithSHA384 | ✔️ | ✔️ | -| PSSWithSHA512 | ✔️ | ✔️ | -| ECDSAWithP256AndSHA256 | ✔️ | ✔️ | -| ECDSAWithP384AndSHA384 | ✔️ | ✔️ | -| ECDSAWithP521AndSHA512 | ✔️ | ✔️ | -| Ed25519 | ❌ | ✔️ | -| PKCS1WithSHA1 | ✔️ | ✔️ | -| ECDSAWithSHA1 | ✔️ | ✔️ | +Below are the supported [`tls.CurveIDs`](https://pkg.go.dev/crypto/tls#CurveID). + +| Name | Windows | Linux | macOS | +| -------------- | ------- | ----- | ----- | +| CurveP256 | ✔️ | ✔️ | ✔️ | +| CurveP384 | ✔️ | ✔️ | ✔️ | +| CurveP521 | ✔️ | ✔️ | ✔️ | +| X25519 | ❌ | ❌ | ❌ | +| X25519MLKEM768 | ❌ | ❌ | ❌ | + +### Signature Schemes + +Below are the supported [`tls.SignatureSchemes`](https://pkg.go.dev/crypto/tls#SignatureScheme). + +| Name | Windows | Linux | macOS | +| ---------------------- | ------- | ----- | ----- | +| PKCS1WithSHA1 | ✔️ | ✔️ | ✔️ | +| PKCS1WithSHA256 | ✔️ | ✔️ | ✔️ | +| PKCS1WithSHA384 | ✔️ | ✔️ | ✔️ | +| PKCS1WithSHA512 | ✔️ | ✔️ | ✔️ | +| PSSWithSHA256 | ✔️ | ✔️ | ✔️ | +| PSSWithSHA384 | ✔️ | ✔️ | ✔️ | +| PSSWithSHA512 | ✔️ | ✔️ | ✔️ | +| ECDSAWithSHA1 | ✔️ | ✔️ | ✔️ | +| ECDSAWithP256AndSHA256 | ✔️ | ✔️ | ✔️ | +| ECDSAWithP384AndSHA384 | ✔️ | ✔️ | ✔️ | +| ECDSAWithP521AndSHA512 | ✔️ | ✔️ | ✔️ | +| Ed25519 | ❌ | ✔️ | ✔️ | From 225951c5ab29d76bb7a4b7c78b1ebc13d5e40104 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 Jan 2025 10:49:04 +0000 Subject: [PATCH 211/887] build(deps): bump github/codeql-action from 3.28.1 to 3.28.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.1 to 3.28.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...d68b2d4edb4189fd2a5366ac14e72027bd4b37dd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 952a97f8430..c4eb001d823 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/init@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/autobuild@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1 + uses: github/codeql-action/analyze@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 with: category: /language:go From 7002c13b2047fa95e557621672d24546ef9c872f Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 22 Jan 2025 09:15:20 -0800 Subject: [PATCH 212/887] CrossPlatformCryptography.md: more consistently associate limits to the table (#1507) * CrossPlatformCryptography.md: more consistently associate limits to the table * Remove redundant spaces and out of place space after superscript --- eng/doc/CrossPlatformCryptography.md | 66 ++++++++++++---------------- 1 file changed, 27 insertions(+), 39 deletions(-) diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index 2761a6c9f2a..dbb68033754 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -97,7 +97,7 @@ This section includes the following packages: | AES-CTR | ❌ | ✔️ | ❌ | | AES-CFB | ❌ | ❌ | ❌ | | AES-OFB | ❌ | ❌ | ❌ | -| AES-GCM | ✔️ | ✔️ | ✔️ | +| AES-GCM2 | ✔️ | ✔️ | ✔️ | | DES-CBC | ✔️ | ⚠️1 | ✔️ | | DES-ECB | ✔️ | ⚠️1 | ✔️ | | 3DES-ECB | ✔️ | ✔️ | ✔️ | @@ -106,7 +106,7 @@ This section includes the following packages: 1When using OpenSSL 3, requires the legacy provider to be enabled. -### AES-GCM keys, nonces, and tags +2AES-GCM supports specific keys, nonces, and tags: - Key Sizes @@ -136,15 +136,25 @@ This section includes the following packages: - [crypto/rsa](https://pkg.go.dev/crypto/rsa) +[rsa.GenerateKey](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096. + +Multi-prime RSA keys are not supported. + +The RSA key size is subject to the limitations of the underlying cryptographic library. +For example, on some Windows and SCOSSL configurations, the key size should be multiple of 8. +Please refer to the documentation of the underlying cryptographic library for the specific limitations. + +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + | Padding Mode | Windows | Linux | macOS | | -------------------------------------- | -------------- | -------------- | -------------- | -| OAEP (MD5) | ✔️ | ✔️ | ✔️3 | -| OAEP (SHA-1) | ✔️ | ✔️ | ✔️3 | -| OAEP (SHA-2)1 | ✔️ | ✔️ | ✔️3 | +| OAEP (MD5) | ✔️ | ✔️ | ✔️5 | +| OAEP (SHA-1) | ✔️ | ✔️ | ✔️5 | +| OAEP (SHA-2)1 | ✔️ | ✔️ | ✔️5 | | OAEP (SHA-3) | ❌ | ❌ | ❌ | -| PSS (MD5) | ✔️ | ✔️ | ❌ | -| PSS (SHA-1) | ✔️ | ✔️ | ✔️ | -| PSS (SHA-2)1 | ✔️ | ✔️ | ✔️ | +| PSS (MD5) | ✔️3 | ✔️ | ❌ | +| PSS (SHA-1) | ✔️3 | ✔️ | ✔️4 | +| PSS (SHA-2)1 | ✔️3 | ✔️ | ✔️4 | | PSS (SHA-3) | ❌ | ❌ | ❌ | | PKCS1v15 Signature (Unhashed) | ✔️ | ✔️ | ✔️ | | PKCS1v15 Signature (RIPMED160) | ❌ | ✔️2 | ❌ | @@ -159,27 +169,11 @@ This section includes the following packages: 2Available starting in Microsoft Go 1.24. -3macOS doesn't support passing a custom label to OAEP functions. - -#### RSA key sizes - -[`rsa.GenerateKey`](https://pkg.go.dev/crypto/rsa#GenerateKey) only supports the following key sizes (in bits): 2048, 3072, 4096. - -Multi-prime RSA keys are not supported. - -The RSA key size is subject to the limitations of the underlying cryptographic library. -For example, on some Windows and SCOSSL configurations, the key size should be multiple of 8. -Please refer to the documentation of the underlying cryptographic library for the specific limitations. +3On Windows, when verifying a PSS signature, [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. -#### PSS salt length +4On macOS, custom salt lengths are not supported. PSS always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants). -On Windows, when verifying a PSS signature, [`rsa.PSSSaltLengthAuto`](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. - -On macOS, custom salt lengths are not supported, it always uses the [`rsa.PSSSaltLengthEqualsHash`](https://pkg.go.dev/crypto/rsa#pkg-constants). - -#### Random number generation - -Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader). +5macOS doesn't support passing a custom label to OAEP functions. ### ECDSA @@ -188,6 +182,8 @@ This section includes the following packages: - [crypto/ecdsa](https://pkg.go.dev/crypto/ecdsa) - [crypto/elliptic](https://pkg.go.dev/crypto/elliptic) +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + | Elliptic Curve | Windows | Linux | macOS | | ---------------------- | ------- | ----- | ----- | | NIST P-224 (secp224r1) | ✔️ | ✔️ | ❌ | @@ -195,16 +191,14 @@ This section includes the following packages: | NIST P-384 (secp384r1) | ✔️ | ✔️ | ✔️ | | NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | -#### Random number generation - -Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). - ### ECDH This section includes the following packages: - [crypto/ecdh](https://pkg.go.dev/crypto/ecdsa) +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + | Elliptic Curve | Windows | Linux | macOS | | ---------------------- | ------- | ----- | ----- | | NIST P-224 (secp224r1) | ✔️ | ✔️ | ❌ | @@ -213,26 +207,20 @@ This section includes the following packages: | NIST P-521 (secp521r1) | ✔️ | ✔️ | ✔️ | | X25519 (curve25519) | ❌ | ❌ | ❌ | -#### Random number generation - -Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader). - ### Ed25519 This section includes the following packages: - [crypto/ed25519](https://pkg.go.dev/crypto/ed25519) +Operations that require random numbers (rand io.Reader) only support [rand.Reader](https://pkg.go.dev/crypto/rand#Reader). + | Schemes | Windows | Linux | macOS | | ---------- | ------- | ----- | ----- | | Ed25519 | ❌ | ✔️ | ✔️ | | Ed25519ctx | ❌ | ❌ | ❌ | | Ed25519ph | ❌ | ❌ | ❌ | -#### Random number generation - -Operations that require random numbers (rand io.Reader) only support [`rand.Reader`](https://pkg.go.dev/crypto/rand#Reader). - ### DSA | Parameters | Windows | Linux | macOS | From 6e77d76be47376bd8e59ad0599d1f2564550652b Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 22 Jan 2025 14:58:55 -0800 Subject: [PATCH 213/887] Update CrossPlatformCryptography.md: primitives typo (#1510) --- eng/doc/CrossPlatformCryptography.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index dbb68033754..dbdf1829362 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -270,7 +270,7 @@ This section includes the following packages: ### TLS Versions -The TLS stack is implemented using native Go code but the crypto primatives are provided by the system cryptographic libraries. +The TLS stack is implemented using native Go code but the crypto primitives are provided by the system cryptographic libraries. | Version | Windows | Linux | macOS | | ------- | ------- | ----- | ----- | From 7ac7461b5ecb69e6d1e138ba4f7439cb6074027b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 10:41:09 +0000 Subject: [PATCH 214/887] build(deps): bump github/codeql-action from 3.28.2 to 3.28.4 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.2 to 3.28.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/d68b2d4edb4189fd2a5366ac14e72027bd4b37dd...ee117c905ab18f32fa0f66c2fe40ecc8013f3e04) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c4eb001d823..23520183eae 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 + uses: github/codeql-action/init@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 + uses: github/codeql-action/autobuild@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2 + uses: github/codeql-action/analyze@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 with: category: /language:go From 89dd1db6edfac91f392ba1cb5087a5cb33943322 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Mon, 27 Jan 2025 16:07:53 +0000 Subject: [PATCH 215/887] Update submodule to latest master (608acff8): go/types: avoid importer.Default --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 368a9ec9983..608acff8479 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 368a9ec99834652ca3f7d8fe24862a7581e12358 +Subproject commit 608acff8479640b00c85371d91280b64f5ec9594 From 69a28cd439938c9891f2d6b4d47ceef8d1b76123 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Jan 2025 16:44:01 +0000 Subject: [PATCH 216/887] build(deps): bump github/codeql-action from 3.28.4 to 3.28.5 (#1514) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.4 to 3.28.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ee117c905ab18f32fa0f66c2fe40ecc8013f3e04...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 23520183eae..123c1053e80 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/autobuild@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: category: /language:go From cefe8e6658c4778443d1b7021da974c48103087f Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 28 Jan 2025 10:40:30 +0100 Subject: [PATCH 217/887] Remove `openssl.SetFIPS(true)` call (#1513) * implement enableSystemWideFIPS for linux * remove SetFIPS call * fix patch * execute run-builder as sudo * move sudo to test step * fix condition * use OPENSSL_FORCE_FIPS_MODE * don't run with sudo * Apply suggestions from code review Co-authored-by: Davis Goodin * use extraEnvKeys --------- Co-authored-by: Davis Goodin --- .../cmd/run-builder/systemfips_fallback.go | 2 +- eng/_util/cmd/run-builder/systemfips_linux.go | 32 +++++++++++++++++++ ...03-Implement-crypto-internal-backend.patch | 23 ++++--------- patches/0004-Use-crypto-backends.patch | 16 +++++++++- 4 files changed, 55 insertions(+), 18 deletions(-) create mode 100644 eng/_util/cmd/run-builder/systemfips_linux.go diff --git a/eng/_util/cmd/run-builder/systemfips_fallback.go b/eng/_util/cmd/run-builder/systemfips_fallback.go index 1e37c82d67c..c876c9dc031 100644 --- a/eng/_util/cmd/run-builder/systemfips_fallback.go +++ b/eng/_util/cmd/run-builder/systemfips_fallback.go @@ -1,7 +1,7 @@ // Copyright (c) Microsoft Corporation. // Licensed under the MIT License. -//go:build !windows +//go:build !windows && !linux package main diff --git a/eng/_util/cmd/run-builder/systemfips_linux.go b/eng/_util/cmd/run-builder/systemfips_linux.go new file mode 100644 index 00000000000..0fa5db5fe0b --- /dev/null +++ b/eng/_util/cmd/run-builder/systemfips_linux.go @@ -0,0 +1,32 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +package main + +import ( + "log" + "os" +) + +// enableSystemWideFIPS enables Mariner and Azure Linux 3 process-wide FIPS mode +// for any process that inherits the current process' environment variables. +func enableSystemWideFIPS() (restore func(), err error) { + // FIPS mode is enabled if OPENSSL_FORCE_FIPS_MODE is set, regardless of the value. + _, ok := os.LookupEnv("OPENSSL_FORCE_FIPS_MODE") + if ok { + log.Println("Mariner and Azure Linux 3 forced FIPS mode (OPENSSL_FORCE_FIPS_MODE) already enabled.") + return nil, nil + } + + env("OPENSSL_FORCE_FIPS_MODE", "1") + log.Println("Enabled Mariner and Azure Linux 3 FIPS mode (OPENSSL_FORCE_FIPS_MODE).") + + return func() { + err := os.Unsetenv("OPENSSL_FORCE_FIPS_MODE") + if err != nil { + log.Printf("Unable to unset OPENSSL_FORCE_FIPS_MODE: %v\n", err) + return + } + log.Println("Successfully unset OPENSSL_FORCE_FIPS_MODE.") + }, nil +} diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index 65043bbdfaf..ea282f44d29 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -7,7 +7,7 @@ Subject: [PATCH] Implement crypto/internal/backend .gitignore | 2 + src/crypto/internal/backend/backend_test.go | 30 ++ src/crypto/internal/backend/backendgen.go | 20 + - .../internal/backend/backendgen_test.go | 284 +++++++++++++ + .../internal/backend/backendgen_test.go | 284 ++++++++++++++ src/crypto/internal/backend/bbig/big.go | 17 + .../internal/backend/bbig/big_boring.go | 12 + src/crypto/internal/backend/bbig/big_cng.go | 12 + @@ -25,8 +25,8 @@ Subject: [PATCH] Implement crypto/internal/backend .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + .../internal/backend/fips140/openssl.go | 41 ++ - src/crypto/internal/backend/nobackend.go | 240 +++++++++++ - src/crypto/internal/backend/openssl_linux.go | 377 ++++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 368 ++++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + src/go/build/deps_test.go | 7 +- .../exp_allowcryptofallback_off.go | 9 + @@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2517 insertions(+), 1 deletion(-) + 41 files changed, 2508 insertions(+), 1 deletion(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -2087,10 +2087,10 @@ index 00000000000000..7c3a95c2c64a2d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..0c4e0c9da6e1ce +index 00000000000000..a66c66ca386847 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,377 @@ +@@ -0,0 +1,368 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2167,16 +2167,7 @@ index 00000000000000..0c4e0c9da6e1ce + // - In OpenSSL 1, the active engine doesn't support FIPS mode. + // - In OpenSSL 1, the active engine supports FIPS mode, but it is not enabled. + // - In OpenSSL 3, the provider used by default doesn't match the `fips=yes` query. -+ // -+ // A best-effort attempt is made to enable FIPS mode. It will only succeed if the following conditions are met: -+ // - In OpenSSL 1, the active engine supports FIPS mode and FIPS mode can be enabled. -+ // - In OpenSSL 3, there is an available provider that supports the `fips=yes` query. -+ // -+ // Note that this best effort is mainly to support test environments. FIPS-compliant production environments -+ // like Mariner 2 and Azure Linux 3 (when executed in kernel FIPS mode) will already be properly configured. -+ if err := openssl.SetFIPS(true); err != nil { -+ panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText() + ": " + err.Error()) -+ } ++ panic("opensslcrypto: FIPS mode requested (" + fips140.Message + ") but not available in " + openssl.VersionText()) + } + } else if fips140.Disabled() { + // TODO: Remove this block when GOFIPS=0 is no longer supported. diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 122b6d26b9e..6fd482bdc3c 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -8,6 +8,7 @@ Subject: [PATCH] Use crypto backends src/cmd/dist/build.go | 13 ++ src/cmd/dist/test.go | 10 +- src/cmd/go/go_boring_test.go | 11 +- + src/cmd/go/script_test.go | 2 + src/cmd/go/testdata/script/darwin_no_cgo.txt | 2 + .../go/testdata/script/gopath_std_vendor.txt | 9 + src/cmd/link/internal/ld/config.go | 8 + @@ -83,7 +84,7 @@ Subject: [PATCH] Use crypto backends src/net/smtp/smtp_test.go | 72 ++++--- src/os/exec/exec_test.go | 9 + src/runtime/pprof/vminfo_darwin_test.go | 6 + - 79 files changed, 1118 insertions(+), 111 deletions(-) + 80 files changed, 1120 insertions(+), 111 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -198,6 +199,19 @@ index ed0fbf3d53d75b..8111b143a1295b 100644 tg := testgo(t) defer tg.cleanup() tg.parallel() +diff --git a/src/cmd/go/script_test.go b/src/cmd/go/script_test.go +index 390a36723787f4..0576ea8add72af 100644 +--- a/src/cmd/go/script_test.go ++++ b/src/cmd/go/script_test.go +@@ -297,6 +297,8 @@ var extraEnvKeys = []string{ + "GO_TESTING_GOTOOLS", // for gccgo testing + "GCCGO", // for gccgo testing + "GCCGOTOOLDIR", // for gccgo testing ++ ++ "OPENSSL_FORCE_FIPS_MODE", // useful for testing on Mariner 2. + } + + // updateSum runs 'go mod tidy', 'go list -mod=mod -m all', or diff --git a/src/cmd/go/testdata/script/darwin_no_cgo.txt b/src/cmd/go/testdata/script/darwin_no_cgo.txt index fa445925b7c374..e36ac86fcaa58d 100644 --- a/src/cmd/go/testdata/script/darwin_no_cgo.txt From 6b465900bb884ce9dcc2609084936874c124d74d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 10:47:45 +0000 Subject: [PATCH 218/887] build(deps): bump github/codeql-action from 3.28.5 to 3.28.6 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.5 to 3.28.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4...17a820bf2e43b47be2c72b39cc905417bc1ab6d0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 123c1053e80..de88e2a91d3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/autobuild@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: category: /language:go From 9b280682f290ffbf4d9ff0966876cd9f3ef59b4e Mon Sep 17 00:00:00 2001 From: qmuntal Date: Tue, 28 Jan 2025 14:16:49 +0100 Subject: [PATCH 219/887] fix conflicts --- patches/0002-Vendor-crypto-backends.patch | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 4fbc2631299..17d7c634036 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -222,7 +222,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..a59c5f120e7dfb 100644 +index ccfdbd8ea22d77..848995bdafa375 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -236,7 +236,7 @@ index 7a1318dcac32ba..a59c5f120e7dfb 100644 + github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 +) diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..b4273d691cbe36 100644 +index 4d6a33e34a4e63..6a09a77031befa 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ @@ -248,7 +248,7 @@ index 9e661352f16e0b..b4273d691cbe36 100644 +github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= - golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= + golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98 h1:36bTiCRO7f/J3t+LumnLTJDXqxsp1x6Q7754SsRD9u4= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index e3e01077c18b17..e017efb1562379 100644 --- a/src/go/build/deps_test.go @@ -15149,7 +15149,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 1c8de570cc2f1f..a249bbfa93dac3 100644 +index d42f50b43ccdba..61fda0cbe57e34 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,19 @@ From a61b96fb0e5b76f61bfafa67fc9a0a745bf625bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 Jan 2025 10:55:39 +0000 Subject: [PATCH 220/887] build(deps): bump github/codeql-action from 3.28.6 to 3.28.8 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.6 to 3.28.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/17a820bf2e43b47be2c72b39cc905417bc1ab6d0...dd746615b3b9d728a6a37ca2045b68ca76d4841a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index de88e2a91d3..b64893ca067 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 + uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 + uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 + uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 with: category: /language:go From 4a90888c0c6b54888014cbbfd94e72531a6d312d Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 4 Feb 2025 07:55:24 +0100 Subject: [PATCH 221/887] Mention GODEBUG=fips140 in FIPS docs (#1508) * mention GODEBUG=fips140 in FIPS docs * promote note to warning * Apply suggestions from code review Co-authored-by: Davis Goodin * document that GOFIPS=1 no longer updates the configured FIPS mode * reintroduce GOFIPS * reintroduce GOFIPS * Apply suggestions from code review Co-authored-by: Davis Goodin * mention GOFIPS * reword build options * reword macos * Apply suggestions from code review Co-authored-by: Davis Goodin * add suggestion --------- Co-authored-by: Davis Goodin --- eng/doc/fips/README.md | 65 +++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 489d5b444e5..ac20296f092 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -39,10 +39,12 @@ The Microsoft Go fork provides several ways to configure the crypto backend and - [`GOEXPERIMENT=crypto` environment variable](#usage-build) - [`goexperiment.crypto` build tag](#usage-build) - [`requirefips` build tag](#build-option-to-require-fips-mode) + - [`GOFIPS140=latest` environment variable](#build-option-to-require-fips-mode) - [`GOEXPERIMENT` `allowcryptofallback`](#build-option-to-use-go-crypto-if-the-backend-compatibility-check-fails) - [`import _ "crypto/tls/fipsonly"` source change](#tls-with-fips-compliant-settings) - Runtime configuration: - [`GOFIPS` environment variable](#usage-runtime) + - [`GODEBUG=fips140` setting](#usage-runtime) - (OpenSSL backend) [`GO_OPENSSL_VERSION_OVERRIDE` environment variable](#runtime-openssl-version-override) - (OpenSSL backend) [`/proc/sys/crypto/fips_enabled` file containing `1`](#linux-fips-mode-openssl) - (CNG backend) [Windows registry `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy` dword value `Enabled` set to `1`](#windows-fips-mode-cng) @@ -52,7 +54,9 @@ The Microsoft Go fork provides several ways to configure the crypto backend and There are typically two goals that lead to this document. Creating a FIPS compliant app is one. The other is to comply with internal Microsoft crypto policies that have been set for Go. This table summarizes common configurations and how suitable each one is for these goals. > [!NOTE] -> This section assumes the use of Microsoft Go 1.21 or later. +> This section assumes the use of Microsoft Go 1.24 or later. +> +> 1.24 introduces `GODEBUG=fips140=on` as a preferred way to enable FIPS mode. See also [the Go 1.24 changelog](#go-124-feb-2025). > > 1.21 introduces `systemcrypto`, `requirefips`, and a build-time compatibility check for the selected crypto backend. The Usage sections go into more detail about the differences between 1.19/1.20 and 1.21 in context. See also [the Go 1.21 changelog](#go-121-aug-2023). @@ -60,10 +64,9 @@ There are typically two goals that lead to this document. Creating a FIPS compli | --- | --- | --- | --- | | Default | Default | Not compliant | Crypto usage is not FIPS compliant. | | `GOEXPERIMENT=systemcrypto` | Default | Compliant | Can be used to create a compliant app. FIPS mode is determined by system-wide configuration. Make sure you are familiar with your platform's system-wide FIPS switch, described in [Usage: Runtime](#usage-runtime). | -| `GOEXPERIMENT=systemcrypto` | `GOFIPS=1` | Compliant | Can be used to create a compliant app. Depending on platform, the app enables FIPS mode, ensures it is already enabled, or doesn't do any additional checks. The app panics if there is a problem. See [Usage: Runtime](#usage-runtime). | -| `GOEXPERIMENT=systemcrypto` | `GOFIPS=0` | Compliant | Crypto usage is unlikely to be FIPS compliant. The exact behavior of `GOFIPS=0` varies per platform. See [Usage: Runtime](#usage-runtime). | +| `GOEXPERIMENT=systemcrypto` | `GODEBUG=fips140=on` or `GOFIPS=1` | Compliant | Can be used to create a compliant app. Depending on platform, the app enables FIPS mode, ensures it is already enabled, or doesn't do any additional checks. The app panics if there is a problem. See [Usage: Runtime](#usage-runtime). | | `GOEXPERIMENT=systemcrypto` | `GO_OPENSSL_VERSION_OVERRIDE=1.1.1k-fips` | Compliant | Can be used to create a compliant app. If the app is built for Linux, `systemcrypto` chooses `opensslcrypto`, and the environment variable causes it to load `libcrypto.so.1.1.1k-fips` instead of using the automatic search behavior. This environment variable has no effect with `cngcrypto`. | -| `GOEXPERIMENT=systemcrypto` and `-tags=requirefips` | Default | Compliant | Can be used to create a compliant app. The behavior is the same as `GOFIPS=1`, but no runtime configuration is necessary. See [the `requirefips` section](#build-option-to-require-fips-mode) for more information on when this "locked-in" approach may be useful rather than the flexible approach. | +| `GOEXPERIMENT=systemcrypto` and `-tags=requirefips` | Default | Compliant | Can be used to create a compliant app. The behavior is the same as `GODEBUG=fips140=on` and `GOFIPS=1`, but no runtime configuration is necessary. See [the `requirefips` section](#build-option-to-require-fips-mode) for more information on when this "locked-in" approach may be useful rather than the flexible approach. | Other notes for common configurations: @@ -200,40 +203,53 @@ Another approach that generally works for any build system is to modify the buil A program built with `systemcrypto` always uses the system-provided cryptography library for supported crypto APIs. This is the case for `opensslcrypto` (always using OpenSSL), `cngcrypto` (always using CNG) and `darwincrypto` (always using CommonCrypto/CryptoKit). If the platform's crypto library can't be found or loaded, the Go program panics during initialization. -The following sections describe how to enable FIPS mode and the effect of the `GOFIPS` environment variable on each supported platform. +The following sections describe how to enable FIPS mode and the effect of the `GODEBUG=fips140` and `GOFIPS=1` settings on each supported platform. + +> [!NOTE] +> Since Go 1.24, setting `GOFIPS=1` is equivalent to setting `GODEBUG=fips140=on`. The latter is the recommended way to enable FIPS mode. Support for the `GOFIPS` environment variable will be removed in Go 1.25. > [!NOTE] > The options described in this section have no effect at build time, only runtime. When the Go program starts up, it examines its environment variables and other platform-specific configurations. This is normally the desired behavior. See [`requirefips`](#build-option-to-require-fips-mode) for info about an optional build tag that may affect FIPS mode. ### Linux FIPS mode (OpenSSL) -To set FIPS mode on Linux, use one of the following options. The first match in this list wins: +To set FIPS mode preference on Linux, use one of the following options. The first match in this list wins: +- Explicitly enable it by setting the environment variable `GODEBUG=fips140=on`. - Explicitly enable it by setting the environment variable `GOFIPS=1`. - Explicitly disable it by setting the environment variable `GOFIPS=0`. - Implicitly enable it by booting the Linux Kernel in FIPS mode. - The Linux Kernel's FIPS mode sets the content of `/proc/sys/crypto/fips_enabled` to `1`. The Go runtime reads this file. -If the Go runtime detects a FIPS preference, it configures OpenSSL during program initialization. This includes disabling FIPS mode if `GOFIPS=0` even if OpenSSL is configured to be in FIPS mode by default. If configuration fails, program initialization panics. +If the Go runtime detects a preference to enable FIPS and OpenSSL is not using a FIPS-compliant engine or provider, the program will panic during program initialization. This may be useful to detect and refuse to run with incorrectly configured OpenSSL installations. + +If the Go runtime detects a preference to disable FIPS and OpenSSL is using a FIPS-compliant engine or provider, the program will panic during program initialization. + +Otherwise, FIPS preference has no effect. + +For more information about the standard OpenSSL FIPS behavior, see https://www.openssl.org/docs/fips.html. -If no preference is detected, the Go runtime doesn't set the OpenSSL FIPS mode, and the standard OpenSSL configuration is left unchanged. For more information about the standard OpenSSL FIPS behavior, see https://www.openssl.org/docs/fips.html. +> [!WARNING] +> Prior to Go 1.24, setting `GOFIPS` makes the Go runtime attempt to modify the configured FIPS mode. +> This includes disabling FIPS mode if `GOFIPS=0` even if OpenSSL is configured to be in FIPS mode by default. +> +> Since Go 1.24, the Go runtime no longer makes any attempt to modify OpenSSL FIPS mode. ### Windows FIPS mode (CNG) To enable FIPS mode on Windows, [enable the Windows FIPS policy](https://docs.microsoft.com/en-us/windows/security/threat-protection/fips-140-validation#step-3-enable-the-fips-security-policy). -If the Go runtime detects `GOFIPS=1` and FIPS policy is not enabled, the program will panic during program initialization. This may be useful to detect and refuse to run on incorrectly configured Windows systems. Otherwise, `GOFIPS` has no effect. - -> [!NOTE] -> Unlike `opensslcrypto`, a Windows program built with `cngcrypto` doesn't include the ability to enable/disable FIPS mode. The change must be made by configuring the OS, not the Go program. -> -> This is because Windows FIPS mode is not a per-process setting, and changing it may require elevated permissions. We expect that adding a feature that attempts to change the Windows policy would have unintended consequences. +If the Go runtime detects `GOFIPS=1` or `GODEBUG=fips140=on` and FIPS policy is not enabled, the program will panic during program initialization. This may be useful to detect and refuse to run on incorrectly configured Windows systems. Otherwise, `GODEBUG=fips140` has no effect. For testing purposes, Windows FIPS policy can be enabled via the registry key `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy`, dword value `Enabled` set to `1`. ### macOS FIPS mode (CommonCrypto/CryptoKit) -CommonCrypo/CrytoKit is FIPS compliant by default. This means that regardless of which mode you set `GOFIPS` to, the cryptographic functions will always be FIPS-enabled. +macOS cryptographic primitives are FIPS compliant by default, so there is no need for system-wide nor process-wide configuration. +Refer to the [About Apple security certifications](https://support.apple.com/guide/certifications/about-apple-security-certifications-apc30d0ed034/1/web/1.0) page for more information. + +This means that setting `GOFIPS=1` or `GODEBUG=fips140=on` will never cause a panic on macOS. +They are still necessary to instruct Go to run in FIPS mode, as there is no system-provided parameter to do so. Prior to 1.24, CommonCrypto/CryptoKit is not used by Microsoft Go. @@ -241,19 +257,18 @@ Prior to 1.24, CommonCrypto/CryptoKit is not used by Microsoft Go. ### Build option to require FIPS mode -The `requirefips` feature is available since Go 1.21. +FIPS mode preference is normally determined at runtime, but the `GOFIPS140=latest` and `requirefips` options can be used to make a program always require FIPS mode and panic if FIPS mode is not enabled: -FIPS mode is normally determined at runtime, but the `requirefips` build tag can be used to make a program always require FIPS mode and panic if FIPS mode can't be enabled for any reason. +- The `requirefips` build tag is available since Go 1.21. See [the "GOFLAGS" example in the build section](#modify-the-build-command). +- The `GOFIPS140=latest` environment variable is available since Go 1.24. -Most programs aren't expected to use this tag. Determining FIPS mode at runtime is normal for FIPS compliant applications. This allows the same binary to be deployed to run in both FIPS compliant contexts and non-FIPS contexts, and allows it to be bundled with other binaries that can also run in both contexts. However, in some situations, compile-time `requirefips` is desirable: +Most programs aren't expected to use these options. Determining FIPS mode at runtime is normal for FIPS compliant applications. This allows the same binary to be deployed to run in both FIPS compliant contexts and non-FIPS contexts, and allows it to be bundled with other binaries that can also run in both contexts. However, it is useful in some cases: -- Dependence on environment variables like `GOFIPS` in any way may be undesirable. +- Dependence on environment variables like `GODEBUG` and `GOFIPS` in any way may be undesirable. - The program's documentation can state it will always run in FIPS mode without any nuance about environment variables. - If the program is used by someone unfamiliar with the system they're configuring, the panic will help catch mistakes before they become a problem. -We chose to make a `requirefips` Go program panic if `GOFIPS=0` rather than silently ignoring the setting. This helps avoid a surprise if a user of a `requirefips` program sets `GOFIPS=0` and expects it to turn off FIPS mode. It may not be obvious which programs are built using `requirefips`, and the panic is intended to help avoid confusion. - -Modifying the `go build` command to include `-tags=requirefips` enables this feature. However, if it is difficult to change the build command but possible to change the environment (e.g. by modifying a Dockerfile's `FROM` image), the `GOFLAGS` environment variable can be used to pass `-tags=requirefips` to every `go build` command that runs. See [the "GOFLAGS" example in the build section](#modify-the-build-command). +We chose to make a FIPS-only Go program panic if `GOFIPS=0` rather than silently ignoring the setting. This helps avoid a surprise if a user of such program sets `GOFIPS=0` and expects it to turn off FIPS mode. ### Build option to use Go crypto if the backend compatibility check fails @@ -288,7 +303,7 @@ This table shows an example of the fragile behavior that results from using `all | `GOOS=linux GOEXPERIMENT=systemcrypto,allowcryptofallback` | Compliant | *Not recommended,* but can be used to create a compliant app, as `allowcryptofallback` has no effect in this situation. | | `GOOS=linux CGO_ENABLED=0 GOEXPERIMENT=systemcrypto,allowcryptofallback` | Not compliant | Crypto usage is not FIPS compliant. `systemcrypto` on `linux` picks the OpenSSL backend. The backend requires cgo, so `CGO_ENABLED=0` would normally result in a build error. However, `allowcryptofallback` causes the Go standard library crypto to be used and ignores the error. | -A scenario we expect is that a dev attempts to rebuild an open source Go app with an OpenSSL backend to start working towards FIPS compliance. A Dockerfile or other build script provided by the open source project may set `CGO_ENABLED=0` in a non-obvious way. With *silent crypto backend fallback*, the dev needs to notice that the OpenSSL backend isn't being used in some situations (e.g. `GOFIPS=1` causes failure) and figure out why. If they don't notice, they may deliver an app that uses Go crypto without realizing it. The compatibility check makes it so this issue blocks the build and can't be missed. +A scenario we expect is that a dev attempts to rebuild an open source Go app with an OpenSSL backend to start working towards FIPS compliance. A Dockerfile or other build script provided by the open source project may set `CGO_ENABLED=0` in a non-obvious way. With *silent crypto backend fallback*, the dev needs to notice that the OpenSSL backend isn't being used in some situations (e.g. `GODEBUG=fips140=on` and `GOFIPS=1` causes failure) and figure out why. If they don't notice, they may deliver an app that uses Go crypto without realizing it. The compatibility check makes it so this issue blocks the build and can't be missed. > [!NOTE] > In rare cases, it may be more practical to use `allowcryptofallback` than to remove the `GOEXPERIMENT`. For example, a generic build script that supports many platforms, some of which don't support crypto backends, may find it practical to use `GOEXPERIMENT=systemcrypto,allowcryptofallback` despite the risk of unclear or accidental fallback to Go crypto. @@ -408,6 +423,10 @@ This list of major changes is intended for quick reference and for access to his ### Go 1.24 (Feb 2025) - Introduces macOS crypto backend `darwincrypto`. +- Support `GODEBUG=fips140=on` as an alias for `GOFIPS=1`. +- `GOFIPS=1` no longer tries to enable FIPS mode on Linux. It will now panic if FIPS mode is not enabled. +- `GOFIPS=0` no longer tries to disable FIPS mode on Linux. It will now panic if FIPS mode is enabled. +- Support for the `GOFIPS` environment variable will be removed in Go 1.25. ### Go [1.22.9-2](https://github.com/microsoft/go/releases/tag/v1.22.9-2) and [1.23.3-2](https://github.com/microsoft/go/releases/tag/v1.23.3-2) (Dec 2024) From 32ecffa12c3f8b83f8424575613120307d2c77be Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 4 Feb 2025 09:51:34 +0100 Subject: [PATCH 222/887] Take into account the OpenSSL FIPS mode when setting GODEBUG=fips140 (#1519) * check OpenSSL config * add tests * simplify deps * fix bootstrap * fix compilation * review suggestions --- patches/0002-Vendor-crypto-backends.patch | 68 ++-- ...03-Implement-crypto-internal-backend.patch | 368 ++++++++++++++---- patches/0004-Use-crypto-backends.patch | 12 +- 3 files changed, 343 insertions(+), 105 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 17d7c634036..d8083025015 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -9,7 +9,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result src/crypto/internal/backend/deps_ignore.go | 22 + src/go.mod | 6 + src/go.sum | 6 + - src/go/build/deps_test.go | 17 +- + src/go/build/deps_test.go | 35 +- src/go/build/vendor_test.go | 3 + .../golang-fips/openssl/v2/.gitignore | 1 + .../golang-fips/openssl/v2/.gitleaks.toml | 9 + @@ -101,7 +101,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 16 + - 95 files changed, 13799 insertions(+), 3 deletions(-) + 95 files changed, 13813 insertions(+), 7 deletions(-) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -250,44 +250,64 @@ index 4d6a33e34a4e63..6a09a77031befa 100644 golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98 h1:36bTiCRO7f/J3t+LumnLTJDXqxsp1x6Q7754SsRD9u4= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e3e01077c18b17..e017efb1562379 100644 +index e3e01077c18b17..72e56b5da8e582 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -503,7 +503,7 @@ var depsRules = ` - NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; - sync/atomic < crypto/internal/boring/bcache; +@@ -493,6 +493,24 @@ var depsRules = ` + < crypto/internal/fips140/rsa + < FIPS; -- FIPS, internal/godebug, hash, embed, -+ FIPS, internal/godebug, hash, embed, encoding/binary, - crypto/internal/boring/sig, - crypto/internal/boring/syso, - crypto/internal/boring/bcache -@@ -513,6 +513,14 @@ var depsRules = ` - < crypto/sha3 - < crypto/internal/fips140hash - < crypto/cipher -+ < github.com/golang-fips/openssl/v2/internal/subtle ++ FIPS, hash < crypto/internal/fips140only; ++ crypto/internal/fips140/subtle, hash < crypto; ++ crypto/internal/fips140/subtle < crypto/subtle; ++ crypto/subtle, crypto/internal/fips140only < crypto/cipher; ++ ++ crypto, ++ crypto/subtle, ++ encoding/binary, ++ hash, ++ crypto/cipher + < github.com/golang-fips/openssl/v2 + < github.com/microsoft/go-crypto-darwin/internal/cryptokit + < github.com/microsoft/go-crypto-darwin/xcrypto + < github.com/microsoft/go-crypto-winnative/internal/subtle + < github.com/microsoft/go-crypto-winnative/internal/sysdll + < github.com/microsoft/go-crypto-winnative/internal/bcrypt -+ < github.com/microsoft/go-crypto-winnative/cng ++ < github.com/microsoft/go-crypto-winnative/cng; ++ + FIPS, internal/godebug < crypto/fips140; + + crypto, hash !< FIPS; +@@ -506,13 +524,12 @@ var depsRules = ` + FIPS, internal/godebug, hash, embed, + crypto/internal/boring/sig, + crypto/internal/boring/syso, +- crypto/internal/boring/bcache +- < crypto/internal/fips140only +- < crypto +- < crypto/subtle ++ crypto/internal/boring/bcache, ++ crypto/internal/fips140only, ++ crypto, ++ crypto/cipher + < crypto/sha3 + < crypto/internal/fips140hash +- < crypto/cipher < crypto/internal/boring < crypto/boring < crypto/aes, -@@ -534,6 +542,9 @@ var depsRules = ` +@@ -533,6 +550,10 @@ var depsRules = ` + # CRYPTO-MATH is crypto that exposes math/big APIs - no cgo, net; fmt now ok. ++ math/big, github.com/golang-fips/openssl/v2 < github.com/golang-fips/openssl/v2/bbig; ++ math/big, github.com/microsoft/go-crypto-darwin/xcrypto < github.com/microsoft/go-crypto-darwin/bbig; ++ math/big, github.com/microsoft/go-crypto-winnative/cng < github.com/microsoft/go-crypto-winnative/cng/bbig; ++ CRYPTO, FMT, math/big -+ < github.com/golang-fips/openssl/v2/bbig -+ < github.com/microsoft/go-crypto-darwin/bbig -+ < github.com/microsoft/go-crypto-winnative/cng/bbig < crypto/internal/boring/bbig < crypto/rand - < crypto/ed25519 # depends on crypto/rand.Reader -@@ -837,7 +848,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -837,7 +858,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -296,7 +316,7 @@ index e3e01077c18b17..e017efb1562379 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -847,7 +858,7 @@ func findImports(pkg string) ([]string, error) { +@@ -847,7 +868,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch index ea282f44d29..2004ba0694d 100644 --- a/patches/0003-Implement-crypto-internal-backend.patch +++ b/patches/0003-Implement-crypto-internal-backend.patch @@ -13,10 +13,10 @@ Subject: [PATCH] Implement crypto/internal/backend src/crypto/internal/backend/bbig/big_cng.go | 12 + .../internal/backend/bbig/big_darwin.go | 12 + .../internal/backend/bbig/big_openssl.go | 12 + - src/crypto/internal/backend/boring_linux.go | 279 +++++++++++++ + src/crypto/internal/backend/boring_linux.go | 279 ++++++++++++++ src/crypto/internal/backend/cng_windows.go | 336 ++++++++++++++++ src/crypto/internal/backend/common.go | 59 +++ - src/crypto/internal/backend/darwin_darwin.go | 359 +++++++++++++++++ + src/crypto/internal/backend/darwin_darwin.go | 359 ++++++++++++++++++ src/crypto/internal/backend/fips140/boring.go | 11 + src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/internal/backend/fips140/darwin.go | 11 + @@ -24,11 +24,15 @@ Subject: [PATCH] Implement crypto/internal/backend .../internal/backend/fips140/isrequirefips.go | 9 + .../internal/backend/fips140/norequirefips.go | 9 + .../backend/fips140/nosystemcrypto.go | 11 + - .../internal/backend/fips140/openssl.go | 41 ++ + .../internal/backend/fips140/openssl_cgo.go | 57 +++ + .../internal/backend/fips140/openssl_nocgo.go | 15 + + .../internal/opensslsetup/opensslsetup.go | 70 ++++ + .../opensslsetup/opensslsetup_test.go | 92 +++++ + .../backend/internal/opensslsetup/stub.go | 8 + src/crypto/internal/backend/nobackend.go | 240 ++++++++++++ - src/crypto/internal/backend/openssl_linux.go | 368 ++++++++++++++++++ + src/crypto/internal/backend/openssl_linux.go | 331 ++++++++++++++++ src/crypto/internal/backend/stub.s | 10 + - src/go/build/deps_test.go | 7 +- + src/go/build/deps_test.go | 27 +- .../exp_allowcryptofallback_off.go | 9 + .../exp_allowcryptofallback_on.go | 9 + src/internal/goexperiment/flags.go | 8 + @@ -45,7 +49,7 @@ Subject: [PATCH] Implement crypto/internal/backend ...ckenderr_gen_requirefips_nosystemcrypto.go | 17 + .../backenderr_gen_systemcrypto_nobackend.go | 16 + src/runtime/runtime_boring.go | 5 + - 41 files changed, 2508 insertions(+), 1 deletion(-) + 45 files changed, 2690 insertions(+), 3 deletions(-) create mode 100644 src/crypto/internal/backend/backend_test.go create mode 100644 src/crypto/internal/backend/backendgen.go create mode 100644 src/crypto/internal/backend/backendgen_test.go @@ -65,7 +69,11 @@ Subject: [PATCH] Implement crypto/internal/backend create mode 100644 src/crypto/internal/backend/fips140/isrequirefips.go create mode 100644 src/crypto/internal/backend/fips140/norequirefips.go create mode 100644 src/crypto/internal/backend/fips140/nosystemcrypto.go - create mode 100644 src/crypto/internal/backend/fips140/openssl.go + create mode 100644 src/crypto/internal/backend/fips140/openssl_cgo.go + create mode 100644 src/crypto/internal/backend/fips140/openssl_nocgo.go + create mode 100644 src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go + create mode 100644 src/crypto/internal/backend/internal/opensslsetup/opensslsetup_test.go + create mode 100644 src/crypto/internal/backend/internal/opensslsetup/stub.go create mode 100644 src/crypto/internal/backend/nobackend.go create mode 100644 src/crypto/internal/backend/openssl_linux.go create mode 100644 src/crypto/internal/backend/stub.s @@ -1792,23 +1800,39 @@ index 00000000000000..83691d7dd42d51 +func systemFIPSMode() bool { + return false +} -diff --git a/src/crypto/internal/backend/fips140/openssl.go b/src/crypto/internal/backend/fips140/openssl.go +diff --git a/src/crypto/internal/backend/fips140/openssl_cgo.go b/src/crypto/internal/backend/fips140/openssl_cgo.go new file mode 100644 -index 00000000000000..2d126bcfc053de +index 00000000000000..d9ea4e513db72d --- /dev/null -+++ b/src/crypto/internal/backend/fips140/openssl.go -@@ -0,0 +1,41 @@ ++++ b/src/crypto/internal/backend/fips140/openssl_cgo.go +@@ -0,0 +1,57 @@ +// Copyright 2024 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build goexperiment.opensslcrypto ++//go:build goexperiment.opensslcrypto && cgo + +package fips140 + -+import "syscall" ++import ( ++ _ "crypto/internal/backend/internal/opensslsetup" ++ "syscall" ++ ++ "github.com/golang-fips/openssl/v2" ++) + ++// systemFIPSMode reports whether the system is in FIPS mode. ++// It first checks the kernel, and if that is not available, it checks the ++// OpenSSL library. +func systemFIPSMode() bool { ++ if kernelFIPSMode() { ++ return true ++ } ++ return openssl.FIPS() ++} ++ ++// kernelFIPSMode reports whether the kernel is in FIPS mode. ++func kernelFIPSMode() bool { + var fd int + for { + var err error @@ -1825,7 +1849,7 @@ index 00000000000000..2d126bcfc053de + // If there is an error reading we could either panic or assume FIPS is not enabled. + // Panicking would be too disruptive for apps that don't require FIPS. + // If an app wants to be 100% sure that is running in FIPS mode -+ // it should use boring.Enabled() or GODEBUG=fips140=1. ++ // it should use fips140.Enabled() or GODEBUG=fips140=1. + return false + } + } @@ -1839,6 +1863,215 @@ index 00000000000000..2d126bcfc053de + // fips_enabled can be either '0' or '1'. + return tmp[0] == '1' +} +diff --git a/src/crypto/internal/backend/fips140/openssl_nocgo.go b/src/crypto/internal/backend/fips140/openssl_nocgo.go +new file mode 100644 +index 00000000000000..60ed26591d05d8 +--- /dev/null ++++ b/src/crypto/internal/backend/fips140/openssl_nocgo.go +@@ -0,0 +1,15 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto && !cgo ++ ++// The opensslcrypto experiment can be used even when cgo ++// is disabled. The OpenSSL backend can't be imported ++// without cgo, so we use a stub systemFIPSMode implementation. ++ ++package fips140 ++ ++func systemFIPSMode() bool { ++ return false ++} +diff --git a/src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go +new file mode 100644 +index 00000000000000..c6c1f53e7452ab +--- /dev/null ++++ b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup.go +@@ -0,0 +1,70 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto && cgo ++ ++// opensslsetup is a package that initializes the OpenSSL library. ++// It doesn't export any symbol, but blank importing it has the ++// side effect of initializing the OpenSSL library. ++package opensslsetup ++ ++import ( ++ "syscall" ++ ++ "github.com/golang-fips/openssl/v2" ++) ++ ++// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. ++// FreeBSD library version numbering does not directly align to the version of OpenSSL. ++// Its preferred search order is 11 -> 111. ++// Some distributions use 1.0.0 and others (such as Debian) 1.0.2 to refer to the same OpenSSL 1.0.2 version. ++// Fedora derived distros use different naming for the version 1.0.x. ++var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"} ++ ++const lcryptoPrefix = "libcrypto.so." ++ ++func init() { ++ lib := library() ++ if err := openssl.Init(lib); err != nil { ++ panic("opensslcrypto: can't initialize OpenSSL " + lib + ": " + err.Error()) ++ } ++} ++ ++// library returns the name of the OpenSSL library to use. ++// It first checks the environment variable GO_OPENSSL_VERSION_OVERRIDE. ++// If that is not set, it searches a well-known list of library names. ++// If no library is found, it returns "libcrypto.so". ++func library() string { ++ if version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE"); version != "" { ++ return lcryptoPrefix + version ++ } ++ if lib := searchKnownLibrary(); lib != "" { ++ return lib ++ } ++ return lcryptoPrefix[:len(lcryptoPrefix)-1] // no version found, try without version suffix ++} ++ ++// checkVersion is a variable that holds the openssl.CheckVersion function. ++// It is initialized in the init function to allow overriding in tests. ++var checkVersion = openssl.CheckVersion ++ ++// searchKnownLibrary returns the name of the highest available FIPS-enabled version of OpenSSL ++// using the known library suffixes. ++// If no FIPS-enabled version is found, it returns the name of the highest available version. ++// If no version is found, it returns an empty string. ++func searchKnownLibrary() string { ++ var lcryptoFallback string ++ for _, v := range knownVersions { ++ lcryptoCandidate := lcryptoPrefix + v ++ if exists, fips := checkVersion(lcryptoCandidate); exists { ++ if fips { ++ return lcryptoCandidate ++ } ++ if lcryptoFallback == "" { ++ lcryptoFallback = lcryptoCandidate ++ } ++ } ++ } ++ return lcryptoFallback ++} +diff --git a/src/crypto/internal/backend/internal/opensslsetup/opensslsetup_test.go b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup_test.go +new file mode 100644 +index 00000000000000..e9f67449710d65 +--- /dev/null ++++ b/src/crypto/internal/backend/internal/opensslsetup/opensslsetup_test.go +@@ -0,0 +1,92 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++//go:build goexperiment.opensslcrypto && cgo ++ ++package opensslsetup ++ ++import "testing" ++ ++func mockCheckVersion(t *testing.T, fn func(string) (bool, bool)) { ++ original := checkVersion ++ t.Cleanup(func() { ++ checkVersion = original ++ }) ++ checkVersion = fn ++} ++ ++func assertLibrary(t *testing.T, expected string) { ++ if result := library(); result != expected { ++ t.Errorf("expected %s, got %s", expected, result) ++ } ++} ++ ++func TestLibraryWithEnvOverride(t *testing.T) { ++ t.Setenv("GO_OPENSSL_VERSION_OVERRIDE", "1.1") ++ mockCheckVersion(t, func(s string) (bool, bool) { return false, false }) ++ assertLibrary(t, "libcrypto.so.1.1") ++} ++ ++func TestLibraryWithKnownVersion(t *testing.T) { ++ t.Setenv("GO_OPENSSL_VERSION_OVERRIDE", "") ++ ++ const maxLib = "libcrypto.so.3" ++ ++ t.Run("AllExistsNoneFIPS", func(t *testing.T) { ++ mockCheckVersion(t, func(s string) (bool, bool) { ++ return true, false ++ }) ++ for _, v := range knownVersions { ++ t.Run(v, func(t *testing.T) { ++ assertLibrary(t, maxLib) ++ }) ++ } ++ }) ++ ++ t.Run("OnlyOneExists", func(t *testing.T) { ++ for _, v := range knownVersions { ++ t.Run(v, func(t *testing.T) { ++ expected := "libcrypto.so." + v ++ mockCheckVersion(t, func(s string) (bool, bool) { ++ if s == expected { ++ return true, false ++ } ++ return false, false ++ }) ++ assertLibrary(t, expected) ++ }) ++ } ++ }) ++ ++ t.Run("AllExistsOnlyOneFIPS", func(t *testing.T) { ++ fipsLib := "libcrypto.so.1.1" ++ mockCheckVersion(t, func(s string) (bool, bool) { ++ return true, s == fipsLib ++ }) ++ for _, v := range knownVersions { ++ t.Run(v, func(t *testing.T) { ++ assertLibrary(t, fipsLib) ++ }) ++ } ++ }) ++ ++ t.Run("AllExistsAndAreFIPS", func(t *testing.T) { ++ mockCheckVersion(t, func(s string) (bool, bool) { ++ return true, true ++ }) ++ for _, v := range knownVersions { ++ t.Run(v, func(t *testing.T) { ++ assertLibrary(t, maxLib) ++ }) ++ } ++ }) ++} ++ ++func TestLibraryNoVersionFound(t *testing.T) { ++ t.Setenv("GO_OPENSSL_VERSION_OVERRIDE", "") ++ mockCheckVersion(t, func(string) (bool, bool) { ++ return false, false ++ }) ++ assertLibrary(t, "libcrypto.so") ++} +diff --git a/src/crypto/internal/backend/internal/opensslsetup/stub.go b/src/crypto/internal/backend/internal/opensslsetup/stub.go +new file mode 100644 +index 00000000000000..3b92bfc5fbabf6 +--- /dev/null ++++ b/src/crypto/internal/backend/internal/opensslsetup/stub.go +@@ -0,0 +1,8 @@ ++// Copyright 2025 The Go Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// Placeholder to allow the opensslsetup package to be imported ++// without cgo enabled or without goexperiment.opensslcrypto. ++ ++package opensslsetup diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 index 00000000000000..7c3a95c2c64a2d @@ -2087,10 +2320,10 @@ index 00000000000000..7c3a95c2c64a2d +} diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go new file mode 100644 -index 00000000000000..a66c66ca386847 +index 00000000000000..fe575dd8c71435 --- /dev/null +++ b/src/crypto/internal/backend/openssl_linux.go -@@ -0,0 +1,368 @@ +@@ -0,0 +1,331 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2106,9 +2339,9 @@ index 00000000000000..a66c66ca386847 + "crypto" + "crypto/cipher" + "crypto/internal/backend/fips140" ++ _ "crypto/internal/backend/internal/opensslsetup" + "crypto/internal/boring/sig" + "hash" -+ "syscall" + + "github.com/golang-fips/openssl/v2" +) @@ -2118,44 +2351,7 @@ index 00000000000000..a66c66ca386847 + +type BigInt = openssl.BigInt + -+// knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order. -+// FreeBSD library version numbering does not directly align to the version of OpenSSL. -+// Its preferred search order is 11 -> 111. -+// Some distributions use 1.0.0 and others (such as Debian) 1.0.2 to refer to the same OpenSSL 1.0.2 version. -+// Fedora derived distros use different naming for the version 1.0.x. -+var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"} -+ -+const lcryptoPrefix = "libcrypto.so." -+ +func init() { -+ var lcrypto string -+ if version, _ := syscall.Getenv("GO_OPENSSL_VERSION_OVERRIDE"); version != "" { -+ lcrypto = lcryptoPrefix + version -+ } else { -+ // Try to find the highest available FIPS-enabled version of OpenSSL -+ // using the known library suffixes. -+ var lcryptoFallback string -+ for _, v := range knownVersions { -+ lcryptoCandidate := lcryptoPrefix + v -+ if exists, fips := openssl.CheckVersion(lcryptoCandidate); exists { -+ if fips { -+ lcrypto = lcryptoCandidate -+ break -+ } -+ if lcryptoFallback == "" { -+ lcryptoFallback = lcryptoCandidate -+ } -+ } -+ } -+ if lcrypto == "" && lcryptoFallback != "" { -+ // There is no FIPS-enabled version of OpenSSL, -+ // use the highest available version. -+ lcrypto = lcryptoFallback -+ } -+ } -+ if err := openssl.Init(lcrypto); err != nil { -+ panic("opensslcrypto: can't initialize OpenSSL " + lcrypto + ": " + err.Error()) -+ } + if fips140.Enabled() { + // Some distributions, e.g. Azure Linux 3, don't set the `fips=yes` property when running in FIPS mode, + // but they configure OpenSSL to use a FIPS-compliant provider (in the case of Azure Linux 3, the SCOSSL provider). @@ -2476,39 +2672,61 @@ index 00000000000000..5e4b436554d44d +// from complaining about the missing body +// (because the implementation might be here). diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index e017efb1562379..ab5539f978a266 100644 +index 72e56b5da8e582..45ceb3e2b4ce11 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -493,6 +493,8 @@ var depsRules = ` - < crypto/internal/fips140/rsa - < FIPS; +@@ -511,6 +511,11 @@ var depsRules = ` + < github.com/microsoft/go-crypto-winnative/internal/bcrypt + < github.com/microsoft/go-crypto-winnative/cng; -+ syscall < crypto/internal/backend/fips140; ++ syscall, ++ github.com/golang-fips/openssl/v2 ++ < crypto/internal/backend/internal/opensslsetup ++ < crypto/internal/backend/fips140; + FIPS, internal/godebug < crypto/fips140; crypto, hash !< FIPS; -@@ -506,7 +508,8 @@ var depsRules = ` - FIPS, internal/godebug, hash, embed, encoding/binary, +@@ -521,16 +526,28 @@ var depsRules = ` + NONE < crypto/internal/boring/sig, crypto/internal/boring/syso; + sync/atomic < crypto/internal/boring/bcache; + ++ crypto, crypto/cipher, ++ crypto/internal/boring/sig, crypto/internal/boring/syso ++ < crypto/internal/boring; ++ ++ crypto/internal/boring/sig, ++ crypto/internal/backend/fips140, ++ github.com/golang-fips/openssl/v2, ++ github.com/microsoft/go-crypto-darwin/xcrypto, ++ github.com/microsoft/go-crypto-winnative/cng, ++ crypto/internal/boring ++ < crypto/internal/backend; ++ + FIPS, internal/godebug, hash, embed, crypto/internal/boring/sig, crypto/internal/boring/syso, -- crypto/internal/boring/bcache -+ crypto/internal/boring/bcache, -+ crypto/internal/backend/fips140 - < crypto/internal/fips140only - < crypto - < crypto/subtle -@@ -522,6 +525,7 @@ var depsRules = ` - < github.com/microsoft/go-crypto-winnative/internal/bcrypt - < github.com/microsoft/go-crypto-winnative/cng - < crypto/internal/boring -+ < crypto/internal/backend + crypto/internal/boring/bcache, + crypto/internal/fips140only, + crypto, +- crypto/cipher ++ crypto/cipher, ++ crypto/internal/backend + < crypto/sha3 + < crypto/internal/fips140hash +- < crypto/internal/boring < crypto/boring < crypto/aes, crypto/des, -@@ -546,6 +550,7 @@ var depsRules = ` - < github.com/microsoft/go-crypto-darwin/bbig - < github.com/microsoft/go-crypto-winnative/cng/bbig +@@ -554,8 +571,12 @@ var depsRules = ` + math/big, github.com/microsoft/go-crypto-darwin/xcrypto < github.com/microsoft/go-crypto-darwin/bbig; + math/big, github.com/microsoft/go-crypto-winnative/cng < github.com/microsoft/go-crypto-winnative/cng/bbig; + +- CRYPTO, FMT, math/big ++ CRYPTO, FMT, math/big, ++ github.com/golang-fips/openssl/v2/bbig, ++ github.com/microsoft/go-crypto-darwin/bbig, ++ github.com/microsoft/go-crypto-winnative/cng/bbig < crypto/internal/boring/bbig + < crypto/internal/backend/bbig < crypto/rand diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 6fd482bdc3c..034c30c66fe 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -2557,19 +2557,19 @@ index e7369542a73270..ff52175e4ac636 100644 } } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index ab5539f978a266..484c95dfb65f60 100644 +index e4e07843c8ce55..87e92a5d6d1ee9 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -495,7 +495,7 @@ var depsRules = ` - - syscall < crypto/internal/backend/fips140; +@@ -510,7 +510,7 @@ var depsRules = ` + < crypto/internal/backend/internal/opensslsetup + < crypto/internal/backend/fips140; - FIPS, internal/godebug < crypto/fips140; + FIPS, internal/godebug, crypto/internal/backend/fips140 < crypto/fips140; crypto, hash !< FIPS; -@@ -539,6 +539,7 @@ var depsRules = ` +@@ -551,6 +551,7 @@ var depsRules = ` crypto/pbkdf2, crypto/ecdh, crypto/mlkem @@ -2577,7 +2577,7 @@ index ab5539f978a266..484c95dfb65f60 100644 < CRYPTO; CGO, fmt, net !< CRYPTO; -@@ -564,7 +565,7 @@ var depsRules = ` +@@ -576,7 +577,7 @@ var depsRules = ` # TLS, Prince of Dependencies. From 08c5a085eaaf5a6eb0bd610e17f6dbf927cf9dcf Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 4 Feb 2025 20:04:03 +0100 Subject: [PATCH 223/887] retry Darwin CI builds (#1524) --- eng/pipeline/stages/builders-to-stages.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/eng/pipeline/stages/builders-to-stages.yml b/eng/pipeline/stages/builders-to-stages.yml index 5234e5f4b75..4d0905278c2 100644 --- a/eng/pipeline/stages/builders-to-stages.yml +++ b/eng/pipeline/stages/builders-to-stages.yml @@ -43,6 +43,10 @@ stages: # "Access Denied" during EXE copying and general flakiness during tests. ${{ if eq(builder.os, 'windows') }}: retryAttempts: [1, 2, 3, 4, "FINAL"] + # Attempt to retry the build on macOS to mitigate flakiness: + # "read: connection reset by peer" in cmd/go tests + ${{ if eq(builder.os, 'darwin') }}: + retryAttempts: [1, 2, "FINAL"] - ${{ if eq(parameters.sign, true) }}: - template: pool.yml From 50908a9ba1f46c99fe7973e77d5164cebc431e6a Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Tue, 4 Feb 2025 20:04:40 +0100 Subject: [PATCH 224/887] Override prod branch classification settings (#1522) * override prod branch classification settings * add microsoft/main --- .azuredevops/policies/branchClassification.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .azuredevops/policies/branchClassification.yml diff --git a/.azuredevops/policies/branchClassification.yml b/.azuredevops/policies/branchClassification.yml new file mode 100644 index 00000000000..ac2bb61d472 --- /dev/null +++ b/.azuredevops/policies/branchClassification.yml @@ -0,0 +1,15 @@ +# Schema taken from https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/product-catalog/branch-classification/branch-classification#optional-update-branch-classification-at-the-repo. +name: branch_classification +description: Branch classification configuration for repository +resource: repository +disabled: false +where: +configuration: + branchClassificationSettings: + defaultClassification: nonproduction + ruleset: + - name: prod-branches + branchNames: + - microsoft/main + - microsoft/release-branch.go* + classification: production From 7dc0b5eaa6ac80d24ac03252381944e4e877cd46 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 4 Feb 2025 20:22:31 -0800 Subject: [PATCH 225/887] Add dotnet-public NuGet feed to Release Studio project This helps the project be resilient to .NET SDK version changes in the build agent. --- eng/release-studio/NuGet.config | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/eng/release-studio/NuGet.config b/eng/release-studio/NuGet.config index ec763b4e4a8..6ea4355ea85 100644 --- a/eng/release-studio/NuGet.config +++ b/eng/release-studio/NuGet.config @@ -7,6 +7,12 @@ + + From ee59bf71a9905d1c20f4e949d9c7ff71f7af6e70 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Fri, 7 Feb 2025 11:31:06 +0100 Subject: [PATCH 226/887] drop `gotest.tools/gotestsum` dependency (#1532) --- eng/_util/README.md | 22 ----- eng/_util/buildutil/buildutil.go | 28 ++++++ eng/_util/cmd/build/build.go | 41 +++------ eng/_util/cmd/run-builder/run-builder.go | 100 ++++++--------------- eng/_util/go.mod | 10 --- eng/_util/go.sum | 106 ----------------------- eng/pipeline/stages/run-stage.yml | 5 +- 7 files changed, 68 insertions(+), 244 deletions(-) diff --git a/eng/_util/README.md b/eng/_util/README.md index 6bd3f0c301e..da664d9c3a9 100644 --- a/eng/_util/README.md +++ b/eng/_util/README.md @@ -16,25 +16,3 @@ The minimal dependencies are themselves tested by `TestMinimalCommandDependencies` in `testutil`. It uses `go list` to ensure that all commands that use more than the minimal set of dependencies include the conditional panic upon init. - -### Support for gotestsum wrapping -The `run-builder` command implements a gotestsum wrapper around the `build` -command. This isn't implemented in `build` itself to keep dependencies for the -signed build low. There are some features in the build command that accommodate -gotestsum but don't make sense as standalone features a dev would use. For -example, JSON test output and stderr redirection to stdout. - -The high-level execution flow looks roughly like this when running in CI: - -* `eng/pipeline/jobs/run-stage.yml` - runs: -* `eng/run.ps1 run-builder -test -builder linux-amd64-test -junitfile [...]` - which runs the Go function: -* `gotestsum.Run(... eng/run.ps1 build -test -json ...)` - which runs and captures the output of: -* `eng/run.ps1 build -test -json` - which runs [`cmd/build/build.go`](cmd/build/build.go) in this module. - -> [!NOTE] -> This support is not currently used in our CI because this process seems to cut off some test output: -> [microsoft/go#1114](https://github.com/microsoft/go/issues/1114). diff --git a/eng/_util/buildutil/buildutil.go b/eng/_util/buildutil/buildutil.go index 6177f2f601d..b6cdb774ed6 100644 --- a/eng/_util/buildutil/buildutil.go +++ b/eng/_util/buildutil/buildutil.go @@ -6,8 +6,10 @@ package buildutil import ( "fmt" + "io" "log" "os" + "os/exec" "strconv" "strings" ) @@ -120,3 +122,29 @@ func UnassignGOROOT() error { } return nil } + +// RunAndSaveStdOut runs a command and outputs the stdout to [os.Stdout] and, +// if outPath is not empty, to a file at outPath. +func RunAndSaveStdOut(cmdline []string, outPath string) error { + var stdout io.Writer = os.Stdout + if outPath != "" { + f, err := os.Create(outPath) + if err != nil { + return err + } + defer func() { + closeErr := f.Close() + if err == nil { + err = closeErr + } + }() + stdout = io.MultiWriter(stdout, f) + } + + c := exec.Command(cmdline[0], cmdline[1:]...) + c.Stdout = stdout + c.Stderr = os.Stderr + + fmt.Printf("---- Running command: %v\n", c.Args) + return c.Run() +} diff --git a/eng/_util/cmd/build/build.go b/eng/_util/cmd/build/build.go index e0d0ec0e626..220c0c789e9 100644 --- a/eng/_util/cmd/build/build.go +++ b/eng/_util/cmd/build/build.go @@ -53,6 +53,7 @@ func main() { "For more refresh options, use the top level 'submodule-refresh' command instead of 'build'.") flag.StringVar(&o.Experiment, "experiment", "", "Include this string in GOEXPERIMENT.") + flag.StringVar(&o.TestOutFile, "testout", "", "Write the tets output to this path if this builder runs tests.") o.MaxMakeAttempts = buildutil.MaxMakeRetryAttemptsOrExit() @@ -70,22 +71,22 @@ func main() { // If build returns an error, handle it here with panic. Having build return an error makes it // easier to adapt build in the future to somewhere else in the module to use it as an API. (For - // example, "build" could be changed to "Build" and run-builder could use it. The reason this - // hasn't been done yet is that gotestsum can only run a command line, not a Go function.) + // example, "build" could be changed to "Build" and run-builder could use it.) if err := build(o); err != nil { panic(err) } } type options struct { - SkipBuild bool - Test bool - JSON bool - PackBuild bool - PackSource bool - CreatePDB bool - Refresh bool - Experiment string + SkipBuild bool + Test bool + JSON bool + PackBuild bool + PackSource bool + CreatePDB bool + Refresh bool + Experiment string + TestOutFile string MaxMakeAttempts int } @@ -224,25 +225,7 @@ func build(o *options) error { testCommandLine = append(testCommandLine, "-json") } - testCmd := exec.Command(testCommandLine[0], testCommandLine[1:]...) - testCmd.Stdout = os.Stdout - // Redirect stderr to stdout. We expect some lines of stderr to always show up during the - // test run, but "build"'s caller might not understand that. - // - // For example, if we're running in CI, gotestsum may be capturing our output to report in a - // JUnit file. If gotestsum detects output in stderr, it prints it in an error message. This - // error message stands out, and could mislead someone trying to diagnose a failed test run. - // Redirecting all stderr output avoids this scenario. (See /eng/_util/README.md for more - // info on why we may be wrapped by gotestsum.) - // - // An example of benign stderr output is when the tests check for machine capabilities. A - // Cgo static linking test emits "/usr/bin/ld: cannot find -lc" when it checks the - // capabilities of "ld" on the current system. - // - // The stderr output isn't used to determine whether the tests succeeded or not. (The - // redirect doesn't cause an issue where tests succeed that should have failed.) - testCmd.Stderr = os.Stdout - if err := runCmd(testCmd); err != nil { + if err := buildutil.RunAndSaveStdOut(testCommandLine, o.TestOutFile); err != nil { return err } } diff --git a/eng/_util/cmd/run-builder/run-builder.go b/eng/_util/cmd/run-builder/run-builder.go index 80f9cf275f0..9b52f62ac5d 100644 --- a/eng/_util/cmd/run-builder/run-builder.go +++ b/eng/_util/cmd/run-builder/run-builder.go @@ -14,7 +14,6 @@ import ( "strings" "github.com/microsoft/go/_util/buildutil" - gotestsumcmd "gotest.tools/gotestsum/cmd" ) const description = ` @@ -40,7 +39,8 @@ func main() { var builder = flag.String("builder", "", "[Required] Specify a builder to run. Note, this may be destructive!") var experiment = flag.String("experiment", "", "Include this string in GOEXPERIMENT.") var fipsMode = flag.Bool("fipsmode", false, "Run the Go tests in FIPS mode.") - var jUnitFile = flag.String("junitfile", "", "Write a JUnit XML file to this path if this builder runs tests.") + var json = flag.Bool("json", false, "Runs tests with -json flag to emit verbose results in JSON format. For use in CI.") + var testOutFile = flag.String("testout", "", "Write the tets output to this path if this builder runs tests.") var build = flag.Bool("build", false, "Run the build.") var test = flag.Bool("test", false, "Run the tests.") @@ -134,7 +134,13 @@ func main() { // validate the run.ps1 script with "build" tool works to build and test Go. It runs a // subset of the "test" builder's tests, but it uses the dev workflow. testCmdline := append(buildCmdline, "-skipbuild", "-test") - if err := runTest(testCmdline, *jUnitFile); err != nil { + if *json { + testCmdline = append(testCmdline, "-json") + } + if *testOutFile != "" { + testCmdline = append(testCmdline, "-testout", *testOutFile) + } + if err := run(testCmdline...); err != nil { log.Fatal(err) } @@ -194,15 +200,23 @@ func main() { ) } - err := runTest(cmdline, *jUnitFile) - // If we got an ExitError, the error message was already printed by the command. We just - // need to exit with the same exit code. - if exitErr, ok := err.(*exec.ExitError); ok { - os.Exit(exitErr.ExitCode()) + if *json { + cmdline = append(cmdline, "-json") } - if err != nil { - // Something else happened: alert the user. - log.Fatal(err) + + if *dryRun { + fmt.Printf("---- Dry run. Would have run test command: %v\n", cmdline) + } else { + err := buildutil.RunAndSaveStdOut(cmdline, *testOutFile) + // If we got an ExitError, the error message was already printed by the command. We just + // need to exit with the same exit code. + if exitErr, ok := err.(*exec.ExitError); ok { + os.Exit(exitErr.ExitCode()) + } + if err != nil { + // Something else happened: alert the user. + log.Fatal(err) + } } } } @@ -244,67 +258,3 @@ func runOrPanic(cmdline ...string) { panic(err) } } - -// runTest runs a testing command. If given a JUnit XML file path, runs the test command inside a -// gotestsum command that converts the JSON output into JUnit XML and writes it to a file at this -// path. -func runTest(cmdline []string, jUnitFile string) error { - if jUnitFile != "" { - // Emit verbose JSON results in stdout for conversion. - cmdline = append(cmdline, "-json") - } - - if *dryRun { - fmt.Printf("---- Dry run. Would have run test command: %v\n", cmdline) - return nil - } - - if jUnitFile != "" { - // Set up gotestsum args. We rely on gotestsum to run the command, capture its output, and - // convert it to JUnit test result XML. - gotestsumArgs := append( - []string{ - "--junitfile", jUnitFile, - "--hide-summary", "skipped,output", - "--format", "standard-quiet", - // When a builder runs tests, some JSON lines are mixed in with standard output - // lines. Normally gotestsum treats this as an error, but we need to allow it. - "--ignore-non-json-output-lines", - // We don't use 'go test', we pass our own raw command. ("cmdline" args.) - "--raw-command", - }, - cmdline..., - ) - - // gotestsum embeds the current version of Go into the JUnit file. This causes some - // problems, so use GOVERSION to override the behavior and use a simple placeholder. - // - // To find the Go version, gotestsum first looks up GOVERSION in env. If it doesn't exist, - // then it looks for "go" in PATH and uses the output of "go version". If Go doesn't exist - // in PATH, then gotestsum emits a warning. - // - // There are two problems. First, in CI, we don't have Go in PATH, so the warning shows up. - // It's shown as the last line of output in CI, so it seems more important than it really - // is. Second, even if gotestsum does find Go in PATH, it's the wrong version. We're running - // tests using the Go we just built, which is never in PATH. Both of these problems could - // end up being red herrings in the future, but we prevent them by setting GOVERSION. - // - // We could run "go version", parse the output, and use that as GOVERSION. However, this - // doesn't seem useful, because we know that we ran tests using the Go we just built. - env("GOVERSION", "gotestsum_go_version_placeholder") - - fmt.Printf("---- Running gotestsum command: %v\n", gotestsumArgs) - - // Use "ARG_0_PLACEHOLDER" as an arbitrary placeholder name. This is because here, we're - // essentially directly calling gotestsum's main method. The 0th arg to a main method is - // usually the program's path. This is used in the program's help text to give example - // commands that the user can copy-paste no matter where the executable lives or if it's - // been renamed. However, run-builder uses gotestsum as a library, so it's compiled into our - // binary and there is no actual 'gotestsum' program. We could pass run-builder's path, but - // that would be misleading if it ever shows up in gotestsum's output unexpectedly. Instead, - // pass an obvious placeholder. - return gotestsumcmd.Run("ARG_0_PLACEHOLDER", gotestsumArgs) - } - // If we don't have a jUnitFile target, run the command normally. - return run(cmdline...) -} diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 106ee16c17e..9378b2eea5e 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -10,20 +10,10 @@ require ( github.com/microsoft/go-infra v0.0.6 github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 golang.org/x/sys v0.29.0 - gotest.tools/gotestsum v1.12.0 ) require ( - github.com/bitfield/gotestdox v0.2.2 // indirect - github.com/dnephin/pflag v1.0.7 // indirect - github.com/fatih/color v1.17.0 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 // indirect - golang.org/x/sync v0.10.0 // indirect - golang.org/x/term v0.20.0 // indirect golang.org/x/text v0.21.0 // indirect ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 4e6e7c69b14..4e3236a72fb 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -1,123 +1,17 @@ -github.com/bitfield/gotestdox v0.2.2 h1:x6RcPAbBbErKLnapz1QeAlf3ospg8efBsedU93CDsnE= -github.com/bitfield/gotestdox v0.2.2/go.mod h1:D+gwtS0urjBrzguAkTM2wodsTQYFHdpx8eqRJ3N+9pY= -github.com/dnephin/pflag v1.0.7 h1:oxONGlWxhmUct0YzKTgrpQv9AUA1wtPBn7zuSjJqptk= -github.com/dnephin/pflag v1.0.7/go.mod h1:uxE91IoWURlOiTUIA8Mq5ZZkAv3dPUfZNaT80Zm7OQE= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U= github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= -github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/microsoft/go-infra v0.0.6 h1:RB/Jx3bMC8I+16Ra9iy+HcrHe3Ss1iM46OZ0LzNUZ0Y= github.com/microsoft/go-infra v0.0.6/go.mod h1:L+TMMmm7bkfgUfx1FZmReNHXL9m4oqvc+bVXCuaKD30= github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 h1:i/EXV3vFmJ6UYZ8a4fM2ssKlvSstxvJfiUHau81iNZE= github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67/go.mod h1:SFsdKAEHdmGsGoh8FkksVaxoQ3rnnJ/TBqN09Ml/0Cw= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= -golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.11.0/go.mod h1:anzJrxPjNtfgiYQYirP2CPGzGLxrH2u2QBhn6Bf3qY8= -golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gotest.tools/gotestsum v1.12.0 h1:CmwtaGDkHxrZm4Ib0Vob89MTfpc3GrEFMJKovliPwGk= -gotest.tools/gotestsum v1.12.0/go.mod h1:fAvqkSptospfSbQw26CTYzNwnsE/ztqLeyhP0h67ARY= -gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= -gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index 3a5d7af9612..328b724fc73 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -216,8 +216,7 @@ stages: pwsh eng/run.ps1 build displayName: Build - # Use run-builder for any configuration that includes tests. run-builder uses the "gotestsum" - # module to convert test results to a JUnit file that Azure DevOps can understand. + # Use run-builder for any configuration that includes tests. - ${{ else }}: - ${{ if eq(parameters.builder.os, 'windows') }}: - pwsh: | @@ -281,6 +280,8 @@ stages: ) -join ';' } + # Test publishing currently used in our CI because this process seems to cut off some test output: + # https://github.com/microsoft/go/issues/1114. eng/run.ps1 cmdscan -envprefix GO_CMDSCAN_RULE_ -successvar TEST_BUILDER_SUCCESSFUL -- ` pwsh eng/run.ps1 run-builder -test ` -builder '${{ parameters.builder.os }}-${{ parameters.builder.arch }}-${{ parameters.builder.config }}' ` From 190482cb9c956db5470d680db84edccf777ebd81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Feb 2025 10:32:15 +0000 Subject: [PATCH 227/887] build(deps): bump golang.org/x/sys from 0.29.0 to 0.30.0 in /eng/_util Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.29.0 to 0.30.0. - [Commits](https://github.com/golang/sys/compare/v0.29.0...v0.30.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 9378b2eea5e..3ac18a8c002 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -9,7 +9,7 @@ go 1.22.0 require ( github.com/microsoft/go-infra v0.0.6 github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 - golang.org/x/sys v0.29.0 + golang.org/x/sys v0.30.0 ) require ( diff --git a/eng/_util/go.sum b/eng/_util/go.sum index 4e3236a72fb..f9ed168a89b 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -9,8 +9,8 @@ github.com/microsoft/go-infra v0.0.6 h1:RB/Jx3bMC8I+16Ra9iy+HcrHe3Ss1iM46OZ0LzNU github.com/microsoft/go-infra v0.0.6/go.mod h1:L+TMMmm7bkfgUfx1FZmReNHXL9m4oqvc+bVXCuaKD30= github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 h1:i/EXV3vFmJ6UYZ8a4fM2ssKlvSstxvJfiUHau81iNZE= github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67/go.mod h1:SFsdKAEHdmGsGoh8FkksVaxoQ3rnnJ/TBqN09Ml/0Cw= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= From b1892205c76e7b3752b0f23fdb7042e766b76de7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Feb 2025 11:10:20 +0000 Subject: [PATCH 228/887] build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.8 to 3.28.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b64893ca067..da1104a34b3 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,16 +23,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Initialize CodeQL - uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: languages: go - name: Autobuild - uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: working-directory: eng/_util - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8 + uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9 with: category: /language:go From eefb598ae2ae30c6c7de111eaef804191d3d692d Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Sun, 9 Feb 2025 23:14:42 -0800 Subject: [PATCH 229/887] remove allowcryptofallback from runtime.Version() (#1540) Co-authored-by: Quim Muntal --- patches/0004-Use-crypto-backends.patch | 33 +++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 034c30c66fe..030657c00a9 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -13,6 +13,7 @@ Subject: [PATCH] Use crypto backends .../go/testdata/script/gopath_std_vendor.txt | 9 + src/cmd/link/internal/ld/config.go | 8 + src/cmd/link/internal/ld/lib.go | 1 + + src/cmd/link/internal/ld/main.go | 12 +- src/crypto/aes/aes.go | 2 +- src/crypto/boring/boring.go | 4 +- src/crypto/cipher/ctr_aes_test.go | 2 +- @@ -84,7 +85,7 @@ Subject: [PATCH] Use crypto backends src/net/smtp/smtp_test.go | 72 ++++--- src/os/exec/exec_test.go | 9 + src/runtime/pprof/vminfo_darwin_test.go | 6 + - 80 files changed, 1120 insertions(+), 111 deletions(-) + 81 files changed, 1131 insertions(+), 112 deletions(-) create mode 100644 src/crypto/dsa/boring.go create mode 100644 src/crypto/dsa/notboring.go create mode 100644 src/crypto/ecdsa/badlinkname.go @@ -282,6 +283,36 @@ index 2d8f964f3594c6..a587e1abde57c9 100644 "crypto/internal/boring", "crypto/internal/boring/syso", "crypto/x509", +diff --git a/src/cmd/link/internal/ld/main.go b/src/cmd/link/internal/ld/main.go +index 7614b6d194facf..f0f53ab2bab047 100644 +--- a/src/cmd/link/internal/ld/main.go ++++ b/src/cmd/link/internal/ld/main.go +@@ -44,6 +44,7 @@ import ( + "os" + "runtime" + "runtime/pprof" ++ "slices" + "strconv" + "strings" + ) +@@ -185,7 +186,16 @@ func Main(arch *sys.Arch, theArch Arch) { + + buildVersion := buildcfg.Version + if goexperiment := buildcfg.Experiment.String(); goexperiment != "" { +- buildVersion += " X:" + goexperiment ++ // buildVersion is intended to contain non-default experiment flags. ++ // The Microsoft Go toolchain default behavior is to set the ++ // allowcryptofallback experiment, so we don't include it in the ++ // buildVersion string. ++ goexperiment = strings.Join(slices.DeleteFunc(strings.Split(goexperiment, ","), func(s string) bool { ++ return s == "allowcryptofallback" ++ }), ",") ++ if goexperiment != "" { ++ buildVersion += " X:" + goexperiment ++ } + } + addstrdata1(ctxt, "runtime.buildVersion="+buildVersion) + diff --git a/src/crypto/aes/aes.go b/src/crypto/aes/aes.go index 5bc2d13d673e0a..b803c77be62a66 100644 --- a/src/crypto/aes/aes.go From 16425663c4a5ad3c715e4f64361e3dfad6a3af58 Mon Sep 17 00:00:00 2001 From: Quim Muntal Date: Mon, 10 Feb 2025 19:25:44 +0000 Subject: [PATCH 230/887] correct references to Microsoft build of Go (#1542) --- README.md | 8 ++--- docs/go1.23.md | 2 +- eng/README.md | 8 ++--- eng/_util/cmd/sign/README.md | 2 +- eng/_util/cmd/sign/sign.go | 2 +- eng/_util/go-install.ps1 | 24 ++++++------- eng/_util/go.mod | 2 +- eng/_util/go.sum | 4 +-- eng/doc/CrossPlatformCryptography.md | 22 ++++++------ eng/doc/DeveloperGuide.md | 12 +++---- eng/doc/fips/README.md | 34 +++++++++---------- eng/doc/fips/UserGuide.md | 10 +++--- eng/pipeline/stages/run-stage.yml | 2 +- eng/run.ps1 | 4 +-- eng/signing/README.md | 2 +- patches/0002-Vendor-crypto-backends.patch | 2 +- patches/0004-Use-crypto-backends.patch | 6 ++-- .../0008-remove-long-path-support-hack.patch | 4 +-- patches/README.md | 4 +-- 19 files changed, 77 insertions(+), 77 deletions(-) diff --git a/README.md b/README.md index 7064b0dc31c..a3d1fd14b70 100644 --- a/README.md +++ b/README.md @@ -108,17 +108,17 @@ The first step is to clone this repository using Git and check out the desired tag or commit. The `zip` file that GitHub offers for download is incomplete: it doesn't include the `go` submodule. -If you want to contribute to the Microsoft Go project, read the [Developer +If you want to contribute to the Microsoft for Go developers project, read the [Developer Guide](eng/doc/DeveloperGuide.md). It lists the steps we recommend to set up a -Microsoft Go development environment, execute your first Microsoft Go build, run +Microsoft build of Go development environment, execute your first build, run the standard library test suite, and contribute a PR. -If you just want to build Microsoft Go on your own machine, you may find it more +If you just want to build on your own machine, you may find it more convenient to use the tools provided by the `eng/run.ps1` script. We use this script for CI builds. See [eng/README.md](eng/README.md) for more details about `eng/run.ps1` and other repository infrastructure. -Once built, the Microsoft Go binary is found at `go/bin/go`. +Once built, the Microsoft build of Go binary is found at `go/bin/go`. ## Contributing diff --git a/docs/go1.23.md b/docs/go1.23.md index d9b9f56fa98..c99b2796226 100644 --- a/docs/go1.23.md +++ b/docs/go1.23.md @@ -1,3 +1,3 @@ -# Microsoft Go 1.23 release notes +# Microsoft build of Go 1.23 release notes After the release of 1.23, 1.21 is no longer supported, per the [Go release policy](https://go.dev/doc/devel/release). diff --git a/eng/README.md b/eng/README.md index 5f43b5fabb3..9a8786749f2 100644 --- a/eng/README.md +++ b/eng/README.md @@ -64,12 +64,12 @@ complete, to match the content of the official binary releases of Go. ## Patch files -The Microsoft Go repository uses patch files to store changes to the `go` +The Microsoft build of Go repository uses patch files to store changes to the `go` submodule. The patch files are found in [`/patches`](/patches). We created [the `git-go-patch` tool][git-go-patch] to develop and maintain the -patch files. We wrote this tool specifically for the Microsoft Go project. It's -a Go program that can be invoked as `git go-patch` after it's installed. See +patch files. We wrote this tool specifically for the Microsoft for Go developers project. +It's a Go program that can be invoked as `git go-patch` after it's installed. See [the `git-go-patch` readme][git-go-patch] for more information. We also have some utilities in this repository to apply patches without @@ -79,7 +79,7 @@ installing `git-go-patch`: patches. * Pass `-commits` to apply each patch as a separate commit. * `pwsh eng/run.ps1 build -refresh` refreshes the submodule and applies patches - and then goes on to build Microsoft Go. + and then goes on to build the Microsoft build of Go. The patch files are ordinary Git patches and can also be applied manually without any custom tooling. Git commands like [`git diff --git a/eng/_util/cmd/sign/README.md b/eng/_util/cmd/sign/README.md index a74a2beffdd..56f2794154c 100644 --- a/eng/_util/cmd/sign/README.md +++ b/eng/_util/cmd/sign/README.md @@ -1,4 +1,4 @@ -# `sign` and the Microsoft Go signing infrastructure +# `sign` and the Microsoft build of Go signing infrastructure Most of the logic for signing (extracting files, repackaging, creating checksums) is implemented by this `sign` command. diff --git a/eng/_util/cmd/sign/sign.go b/eng/_util/cmd/sign/sign.go index b91959a2a8e..587758e8062 100644 --- a/eng/_util/cmd/sign/sign.go +++ b/eng/_util/cmd/sign/sign.go @@ -20,7 +20,7 @@ import ( ) const description = ` -This command signs build artifacts using MicroBuild. It is used in the Microsoft Go build pipeline. +This command signs build artifacts using MicroBuild. It is used in the Microsoft build of Go build pipeline. Use '-n' to test the command locally. Signs in multiple passes. Some steps only apply to certain types of archives: diff --git a/eng/_util/go-install.ps1 b/eng/_util/go-install.ps1 index 29cc7fc9a13..ddebb164aa1 100644 --- a/eng/_util/go-install.ps1 +++ b/eng/_util/go-install.ps1 @@ -3,14 +3,14 @@ <# .SYNOPSIS - Installs Microsoft Go + Installs Microsoft build of Go .DESCRIPTION - Installs the Microsoft Go toolset. + Installs the Microsoft build of Go toolset. Note that the intended use of this script is for Continuous Integration (CI) scenarios, where: - The toolset needs to be installed without user interaction and without admin rights. - The toolset installation doesn't need to persist across multiple CI runs. - Visit https://github.com/microsoft/go for a list of other ways to install Microsoft Go. + Visit https://github.com/microsoft/go for a list of other ways to install Microsoft build of Go. .PARAMETER Version Default: Latest @@ -21,11 +21,11 @@ examples: go1.18, go1.23 - 3-part version in format go1.A.B - latest revision of a specific release. examples: go1.18.0, go1.23.1 - - 4-part version in format go1.A.B-C - a specific revision of Microsoft Go, immutable. + - 4-part version in format go1.A.B-C - a specific revision of Microsoft build of Go, immutable. examples: go1.18.0-1, go1.23.1-3 - Microsoft Go doesn't publish prereleases, so they are not available. + Microsoft build of Go doesn't publish prereleases, so they are not available. .PARAMETER InstallDir - Path to where to install Microsoft Go. Note that if a directory is given, GOROOT is placed + Path to where to install Microsoft build of Go. Note that if a directory is given, GOROOT is placed directly in that directory. Default: - a folder automatically selected inside LocalApplicationData as evaluated by PowerShell. Example auto on Windows: C:\Users\myself\AppData\Local\microsoft-go\ @@ -42,7 +42,7 @@ Possible values are: , amd64, x64, 386, x86, arm64, arm .PARAMETER DryRun If set, it will not perform installation. Instead, it displays what command line to use to - consistently install currently requested version of Microsoft Go. For example, if you specify + consistently install currently requested version of Microsoft build of Go. For example, if you specify Version 'Latest', it will print a command with the specific 4-part version so this command can be used deterministicly in a build script. It also prints the location the binaries would have been installed to. @@ -75,10 +75,10 @@ Displays diagnostics information. .EXAMPLE go-install.ps1 - Installs the latest released Microsoft Go version. + Installs the latest released Microsoft build of Go version. .EXAMPLE go-install.ps1 -Version Previous - Installs the latest version of the previous major (1.X) version of Microsoft Go. + Installs the latest version of the previous major (1.X) version of Microsoft build of Go. #> [cmdletbinding()] param( @@ -802,12 +802,12 @@ if ($Help) { exit } -Say "Microsoft Go Install Script version $MicrosoftGoInstallScriptVersion" +Say "Microsoft build of Go Install Script version $MicrosoftGoInstallScriptVersion" Say-Verbose "Note that the intended use of this script is for Continuous Integration (CI) scenarios, where:" Say-Verbose "- The toolset needs to be installed without user interaction and without admin rights." Say-Verbose "- The toolset installation doesn't need to persist across multiple CI runs." -Say-Verbose "Visit https://github.com/microsoft/go for a list of other ways to install Microsoft Go.`r`n" +Say-Verbose "Visit https://github.com/microsoft/go for a list of other ways to install Microsoft build of Go.`r`n" Measure-Action "Product discovery" { $script:CLIArchitecture = Get-CLIArchitecture-From-Architecture $Architecture @@ -835,7 +835,7 @@ Say-Verbose "Found download link $DownloadLink with version $SpecificVersion" if (-Not $DryRun) { Say-Verbose "Checking if the version $SpecificVersion is already installed" if (Is-ToolsetInstalled -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion) { - Say "Microsoft Go version '$SpecificVersion' is already installed." + Say "Microsoft build of Go version '$SpecificVersion' is already installed." Measure-Action "Setting up shell environment" { Prepend-ToolsetPathEnv -InstallRoot $InstallRoot -SpecificVersion $SpecificVersion } return } diff --git a/eng/_util/go.mod b/eng/_util/go.mod index 3ac18a8c002..cf05917856a 100644 --- a/eng/_util/go.mod +++ b/eng/_util/go.mod @@ -8,7 +8,7 @@ go 1.22.0 require ( github.com/microsoft/go-infra v0.0.6 - github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 + github.com/microsoft/go-infra/goinstallscript v0.0.0-20250210150554-f31015b54477 golang.org/x/sys v0.30.0 ) diff --git a/eng/_util/go.sum b/eng/_util/go.sum index f9ed168a89b..2c2cea54f5d 100644 --- a/eng/_util/go.sum +++ b/eng/_util/go.sum @@ -7,8 +7,8 @@ github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHS github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/microsoft/go-infra v0.0.6 h1:RB/Jx3bMC8I+16Ra9iy+HcrHe3Ss1iM46OZ0LzNUZ0Y= github.com/microsoft/go-infra v0.0.6/go.mod h1:L+TMMmm7bkfgUfx1FZmReNHXL9m4oqvc+bVXCuaKD30= -github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67 h1:i/EXV3vFmJ6UYZ8a4fM2ssKlvSstxvJfiUHau81iNZE= -github.com/microsoft/go-infra/goinstallscript v0.0.0-20241113173623-26aea3823c67/go.mod h1:SFsdKAEHdmGsGoh8FkksVaxoQ3rnnJ/TBqN09Ml/0Cw= +github.com/microsoft/go-infra/goinstallscript v0.0.0-20250210150554-f31015b54477 h1:wTb+eE4fmHYaHok8MROCDSNBprhBPlj5IAx3KP4MGfU= +github.com/microsoft/go-infra/goinstallscript v0.0.0-20250210150554-f31015b54477/go.mod h1:SFsdKAEHdmGsGoh8FkksVaxoQ3rnnJ/TBqN09Ml/0Cw= golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= diff --git a/eng/doc/CrossPlatformCryptography.md b/eng/doc/CrossPlatformCryptography.md index dbdf1829362..83638ff681d 100644 --- a/eng/doc/CrossPlatformCryptography.md +++ b/eng/doc/CrossPlatformCryptography.md @@ -1,7 +1,7 @@ -# Cross-Platform Cryptography in Microsoft Go +# Cross-Platform Cryptography in the Microsoft build of Go -Cryptographic operations in Microsoft Go are delegated to the operating system (OS) libraries in some conditions. -The high level conditions and the benefits of delegating cryptographic operations are described in the [Microsoft Go FIPS README](./fips/README.md). +Cryptographic operations in the Microsoft build of Go are delegated to the operating system (OS) libraries in some conditions. +The high level conditions and the benefits of delegating cryptographic operations are described in the [Microsoft build of Go FIPS README](./fips/README.md). At a fine-grained level, Go apps will fall back to the native Go implementation of an algorithm if the OS libraries don't support it. This article identifies the features that are supported on each platform. @@ -9,26 +9,26 @@ This article assumes you have a working familiarity with cryptography in Go. ## Platform support -Microsoft Go supports the following platforms: +The Microsoft build of Go supports the following platforms: ### Windows -On Windows, Microsoft Go uses the [CNG library (Cryptography API: Next Generation)](https://learn.microsoft.com/en-us/windows/win32/seccng/cng-portal) for cryptographic operations. +On Windows, the Microsoft build of Go uses the [CNG library (Cryptography API: Next Generation)](https://learn.microsoft.com/en-us/windows/win32/seccng/cng-portal) for cryptographic operations. CNG is available since Windows Vista and Windows Server 2008 and it doesn't require any additional installation nor configuration. ### Linux -On Linux, Microsoft Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) for cryptographic operations. +On Linux, the Microsoft build of Go uses the [OpenSSL crypto library](https://docs.openssl.org/3.0/man7/crypto/) for cryptographic operations. OpenSSL is normally available on Linux distributions, but it may not be installed by default. If it is not installed, you can install it using the package manager of your distribution. OpenSSL 3 implements all the cryptographic algorithms using [Providers](https://docs.openssl.org/3.0/man7/crypto/#providers). -Microsoft Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later. +The Microsoft build of Go officially supports the built-in providers and [SCOSSL (SymCrypt provider for OpenSSL)](https://github.com/microsoft/SymCrypt-OpenSSL) v1.6.1 or later. SCOSSL is expected to be used with the default built-in provider enabled as a fallback (which is the case when using [Azure Linux 3](https://github.com/microsoft/AzureLinux)). ## macOS -On macOS, Microsoft Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations. +On macOS, th Microsoft build Go uses [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) for cryptographic operations. CommonCrypto and CryptoKit are shipped with macOS and don't require any additional installation nor configuration. Currently macOS 13 and above is supported. @@ -42,7 +42,7 @@ The following legend describes the symbols used in the tables to indicate the le | ⚠️ | Supported with limitations that require special configuration action | | ❌ | Not supported | -When an algorithm is not supported or the limitations are exceeded, Microsoft Go will fall back to the Go implementation. +When an algorithm is not supported or the limitations are exceeded, the Microsoft build of Go will fall back to the Go implementation. ## Hash and Message Authentication Algorithms @@ -75,7 +75,7 @@ This section includes the following packages: | CSHAKE-256 | ❌ | ❌ | ❌ | | HMAC3 | ✔️ | ✔️ | ✔️ | -1Available starting in Microsoft Go 1.24. +1Available starting in the Microsoft build of Go 1.24. 2Requires OpenSSL 1.1.1 or later. @@ -167,7 +167,7 @@ Operations that require random numbers (rand io.Reader) only support [rand.Reade 1Supports only hash algorithms that are [supported as standalone hash functions](#hash-and-message-authentication-algorithms). -2Available starting in Microsoft Go 1.24. +2Available starting in the Microsoft build of Go 1.24. 3On Windows, when verifying a PSS signature, [rsa.PSSSaltLengthAuto](https://pkg.go.dev/crypto/rsa#pkg-constants) is not supported. diff --git a/eng/doc/DeveloperGuide.md b/eng/doc/DeveloperGuide.md index 7f95f61ff70..65cae50fa63 100644 --- a/eng/doc/DeveloperGuide.md +++ b/eng/doc/DeveloperGuide.md @@ -1,6 +1,6 @@ # Developer Guide -This document is a guide for developers who want to contribute to the Microsoft Go repository. +This document is a guide for developers who want to contribute to the Microsoft build of Go repository. It explains how to build the repository, how to work with the Go submodule, and how to use the different tools that help maintain the repository. This guide is primarily intended for developers working for the Go team at Microsoft, but it can also be useful for external contributors. @@ -15,7 +15,7 @@ For details, visit https://cla.opensource.microsoft.com. ### Install a Go toolchain A preexisting Go toolchain is required to bootstrap the build process. -You can use your system's package manager to install Go, download Go from the [official Go website](https://golang.org/dl/), or download a prebuilt version of Microsoft Go itself. +You can use your system's package manager to install Go, download Go from the [official Go website](https://golang.org/dl/), or download a prebuilt version of the Microsoft build Go itself. The only requirement is that the Go version is high enough for the bootstrap process. If you attempt to build Go while using a bootstrap Go with a version that is too low, the bootstrap process will fail and ask you to install a newer version. @@ -23,13 +23,13 @@ If you attempt to build Go while using a bootstrap Go with a version that is too > [!NOTE] > The in-support versions of Go found on the [official Go website](https://golang.org/dl/) are always high enough to bootstrap the development branch. > This is because: -> * The [last two major versions of Go are supported by the Go project](https://go.dev/s/release#release-maintenance). (Microsoft Go has the same policy.) +> * The [last two major versions of Go are supported by the Go project](https://go.dev/s/release#release-maintenance). (the Microsoft build of Go has the same policy.) > * Go N can always be bootstrapped by [both N-1 and N-2](https://tip.golang.org/doc/install/source#go14). > [!NOTE] -> This repository's `eng/run.ps1` PowerShell script is able to download a correct bootstrapping Go version automatically before building Microsoft Go from source. -> We recommend that Microsoft Go team members be familiar with this script because it is used by Microsoft Go CI. -> However, it isn't necessary to use the script for most work on the Microsoft Go patches. +> This repository's `eng/run.ps1` PowerShell script is able to download a correct bootstrapping Go version automatically before building the Microsoft build of Go from source. +> We recommend that Microsoft developers team members be familiar with this script because it is used by our CI. +> However, it isn't necessary to use the script for most work on the Microsoft build of Go patches. > See the [`eng` Readme](/eng/README.md) for more information about `eng/run.ps1`. ### Install git and the git-go-patch command diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index ac20296f092..827b376dc87 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -23,9 +23,9 @@ In addition to that, the boringcrypto flag also provides a mechanism to restrict import _ "crypto/tls/fipsonly" ``` -## Microsoft Go fork FIPS compliance +## Microsoft build of Go FIPS compliance -The Microsoft Go fork modifies the Go runtime to implement several crypto primitives using cgo to call into a platform-provided cryptographic library rather than use the standard Go crypto implementations. This allows Go programs to use a platform-provided FIPS 140-2 certified crypto library. +The Microsoft build of Go modifies the Go runtime to implement several crypto primitives using cgo to call into a platform-provided cryptographic library rather than use the standard Go crypto implementations. This allows Go programs to use a platform-provided FIPS 140-2 certified crypto library. On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. Since 1.24, on macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140-2 certified. @@ -33,7 +33,7 @@ It is important to note that an application built with Microsoft's Go toolchain ## Configuration overview -The Microsoft Go fork provides several ways to configure the crypto backend and its behavior. These are described in the following sections in detail. +The Microsoft build of Go fork provides several ways to configure the crypto backend and its behavior. These are described in the following sections in detail. - Build-time configuration (`go build`): - [`GOEXPERIMENT=crypto` environment variable](#usage-build) @@ -54,7 +54,7 @@ The Microsoft Go fork provides several ways to configure the crypto backend and There are typically two goals that lead to this document. Creating a FIPS compliant app is one. The other is to comply with internal Microsoft crypto policies that have been set for Go. This table summarizes common configurations and how suitable each one is for these goals. > [!NOTE] -> This section assumes the use of Microsoft Go 1.24 or later. +> This section assumes the use of the Microsoft build of Go 1.24 or later. > > 1.24 introduces `GODEBUG=fips140=on` as a preferred way to enable FIPS mode. See also [the Go 1.24 changelog](#go-124-feb-2025). > @@ -117,10 +117,10 @@ If a crypto backend is selected but isn't supported, the build fails. For exampl > [!NOTE] > Prior to Go 1.21, instead of failing, the build automatically uses the Go standard library crypto implementation. This behavior can cause accidental or unclear fallback to Go crypto, silently breaking compliance with the internal Microsoft crypto policy. > -> In 1.21, this behavior was changed. Fallback is now opt-in with the `GOEXPERIMENT` `allowcryptofallback`. This option is primarily intended for internal use during the Microsoft Go build and should be avoided in general use. See [`allowcryptofallback`](#build-option-to-allow-go-standard-library-crypto-fallback) for more information. +> In 1.21, this behavior was changed. Fallback is now opt-in with the `GOEXPERIMENT` `allowcryptofallback`. This option is primarily intended for internal use during the Microsoft build of Go build and should be avoided in general use. See [`allowcryptofallback`](#build-option-to-allow-go-standard-library-crypto-fallback) for more information. -The Microsoft Go fork must be used for these `GOEXPERIMENT` values to work. See setup instructions in [the distribution section of the microsoft/go readme][microsoft-go-download]. +The Microsoft build of Go must be used for these `GOEXPERIMENT` values to work. See setup instructions in [the distribution section of the microsoft/go readme][microsoft-go-download]. > [!NOTE] > "Experiment" doesn't indicate the FIPS features are experimental. The original intent of `GOEXPERIMENT` is to use it to enable experimental features in the Go runtime and toolchain, but we and Google are now using `GOEXPERIMENT` for this FIPS-related feature because the mechanism itself perfectly fits our needs. @@ -129,14 +129,14 @@ The next sections describe how to select a crypto backend in some common scenari ### Dockerfile base image -Since Go 1.21, you can swap your Dockerfile's base image to the special Microsoft Go images marked with `-fips-`. These images include `env GOEXPERIMENT=systemcrypto` and are otherwise the same as the non`-fips-` images. These exist for convenience. See [the microsoft/go-images documentation][microsoft-go-images] for more information about available images and how to use them. +Since Go 1.21, you can swap your Dockerfile's base image to the special Microsoft build of Go images marked with `-fips-`. These images include `env GOEXPERIMENT=systemcrypto` and are otherwise the same as the non`-fips-` images. These exist for convenience. See [the microsoft/go-images documentation][microsoft-go-images] for more information about available images and how to use them. > [!NOTE] > Prior to Go 1.21, `-fips-` images do exist, but they are only available for Linux and include `env GOEXPERIMENT=opensslcrypto`. For this reason, these images can't easily be used to build Windows binaries on a Linux host. ### Dockerfile env instruction -If you don't use the standard Go base images (e.g. your Dockerfile downloads Microsoft Go manually), use an `env` instruction before the build instruction in your Dockerfile: +If you don't use the standard Go base images (e.g. your Dockerfile downloads the Microsoft build of Go manually), use an `env` instruction before the build instruction in your Dockerfile: ```dockerfile env GOEXPERIMENT=systemcrypto @@ -251,7 +251,7 @@ Refer to the [About Apple security certifications](https://support.apple.com/gui This means that setting `GOFIPS=1` or `GODEBUG=fips140=on` will never cause a panic on macOS. They are still necessary to instruct Go to run in FIPS mode, as there is no system-provided parameter to do so. -Prior to 1.24, CommonCrypto/CryptoKit is not used by Microsoft Go. +Prior to 1.24, CommonCrypto/CryptoKit is not used by the Microsoft build of Go. ## Usage: Extra configuration options @@ -308,7 +308,7 @@ A scenario we expect is that a dev attempts to rebuild an open source Go app wit > [!NOTE] > In rare cases, it may be more practical to use `allowcryptofallback` than to remove the `GOEXPERIMENT`. For example, a generic build script that supports many platforms, some of which don't support crypto backends, may find it practical to use `GOEXPERIMENT=systemcrypto,allowcryptofallback` despite the risk of unclear or accidental fallback to Go crypto. > -> For example, `allowcryptofallback` plays an important role in the Microsoft Go build process. We have CI jobs that run the build and tests under the OpenSSL, CNG, and Boring crypto backends, but parts of the upstream build and tests disable cgo and run cross-builds. This would cause a failure because the backend can't be enabled, but by including `allowcryptofallback`, the build is allowed to continue and fall back to the Go standard library crypto implementation when necessary. +> For example, `allowcryptofallback` plays an important role in the Microsoft build of Go build process. We have CI jobs that run the build and tests under the OpenSSL, CNG, and Boring crypto backends, but parts of the upstream build and tests disable cgo and run cross-builds. This would cause a failure because the backend can't be enabled, but by including `allowcryptofallback`, the build is allowed to continue and fall back to the Go standard library crypto implementation when necessary. ### Runtime OpenSSL version override @@ -350,7 +350,7 @@ Since Go 1.21: > Prior to the introduction of the systemcrypto alias in Go 1.21, the constraint is: `//go:build goexperiment.opensslcrypto && goexperiment.cngcrypto && goexperiment.boringcrypto`. -The `goexperiment.systemcrypto` tag's behavior is implemented in a Microsoft Go patch to the build system. It is not available in builds of upstream Go. The constraint `//go:build !goexperiment.systemcrypto` won't cause a build to fail with upstream Go, but it is always satisfied even if the BoringCrypto backend is enabled. +The `goexperiment.systemcrypto` tag's behavior is implemented in a patch to the build system. It is not available in builds of upstream Go. The constraint `//go:build !goexperiment.systemcrypto` won't cause a build to fail with upstream Go, but it is always satisfied even if the BoringCrypto backend is enabled. ## Features @@ -372,7 +372,7 @@ Not all OpenSSL versions are supported. OpenSSL does not maintain ABI compatibil Versions not listed above are not supported at all. > [!NOTE] -> Any build of OpenSSL might have various [OpenSSL features] enabled or disabled, diverging from the default configuration. Microsoft Go does not support all possible OpenSSL configurations. Some may cause the Go runtime to panic during initialization or not work as expected. +> Any build of OpenSSL might have various [OpenSSL features] enabled or disabled, diverging from the default configuration. The Microsoft build of Go does not support all possible OpenSSL configurations. Some may cause the Go runtime to panic during initialization or not work as expected. > > The Go runtime is tested with the default configuration of each supported OpenSSL version and with the OpenSSL configurations in the [Azure Linux] 2 and [Azure Linux] 3 distributions. @@ -384,7 +384,7 @@ For OpenSSL, Go uses [dlopen] when initializing. Sometimes this is called *dynam For CNG, Go uses Windows syscalls to call the CNG APIs. This can also not be considered *dynamic linking*, but like *dynamic loading*, syscalls also mean the app is using OS-provided crypto functionality. -It's common in the Go ecosystem to statically link all dependencies to produce a single binary that can run standalone (e.g. in a minimal Docker container). Unfortunately, the requirements of FIPS and the way it's implemented in Microsoft mean this is not possible for a Go program that uses the Microsoft Go runtime and FIPS features. If you are responsible for a Go app in Microsoft and this is impossible, contact the crypto board for more details. We opened an issue to discuss support for static linking: [microsoft/go#744 *OpenSSL static linking proposal*](https://github.com/microsoft/go/issues/744). However, as we learned this would not be considered FIPS compliant for use in Microsoft, we don't have any plans to implement it. +It's common in the Go ecosystem to statically link all dependencies to produce a single binary that can run standalone (e.g. in a minimal Docker container). Unfortunately, the requirements of FIPS and the way it's implemented in Microsoft mean this is not possible for a Go program that uses the Microsoft build of Go runtime and FIPS features. If you are responsible for a Go app in Microsoft and this is impossible, contact the crypto board for more details. We opened an issue to discuss support for static linking: [microsoft/go#744 *OpenSSL static linking proposal*](https://github.com/microsoft/go/issues/744). However, as we learned this would not be considered FIPS compliant for use in Microsoft, we don't have any plans to implement it. ### Portable OpenSSL @@ -396,7 +396,7 @@ This feature does not require any additional configuration, but it only works wi The Go TLS stack will automatically use crypto primitives from the selected crypto backend. Yet, this isn't enough for FIPS compliance: the FIPS 140-2 standard places additional restrictions on TLS communications, mainly on which cyphers and signers are allowed. Note that this can reduce compatibility with old devices that do not support modern cryptography techniques such as TLS 1.2. -Since Go 1.22, the Microsoft Go runtime automatically enforces that `crypto/tls` and `crypto/x509` only use FIPS-compliant settings when running in FIPS mode. This differs from upstream's BoringCrypto backend, which requires you to import `crypto/tls/fipsonly` to apply the FIPS-mandated restrictions. The Microsoft Go crypto backends do this automatically to reduce the source code changes necessary to produce a FIPS-compliant Go application, and to make it easier to use the same binary in both FIPS and non-FIPS environments. +Since Go 1.22, the Microsoft build of Go runtime automatically enforces that `crypto/tls` and `crypto/x509` only use FIPS-compliant settings when running in FIPS mode. This differs from upstream's BoringCrypto backend, which requires you to import `crypto/tls/fipsonly` to apply the FIPS-mandated restrictions. The Microsoft build of Go crypto backends do this automatically to reduce the source code changes necessary to produce a FIPS-compliant Go application, and to make it easier to use the same binary in both FIPS and non-FIPS environments. Prior to Go 1.22, a program using the Go TLS stack must import the `crypto/tls/fipsonly` package to be compliant with these restrictions. The configuration is done by an `init()` function, so only importing it is necessary: @@ -456,13 +456,13 @@ This list of major changes is intended for quick reference and for access to his - Upstream Go made this change for BoringCrypto, and we adopted it for our OpenSSL and CNG backends. See [the `dev.boringcrypto` branch readme](https://github.com/golang/go/blob/dev.boringcrypto/README.boringcrypto.md). For more details about the merge, see [golang/go#51940](https://github.com/golang/go/issues/51940). `dev.boringcrypto*` branches are no longer maintained. - Downloading a different toolset build to build FIPS vs. non-FIPS programs is no longer necessary. - Backend selection is done at compile time. The backend is always used by the resulting program, and it can't be changed at runtime. -- Only one Microsoft Go toolset is provided per platform. It supports building both FIPS and non-FIPS programs. +- Only one Microsoft build of Go is provided per platform. It supports building both FIPS and non-FIPS programs. ### Go 1.16 (Feb 2022) - OpenSSL (Linux) backend introduced. -- Introduction of FIPS features in the Microsoft Go fork based on the upstream `dev.boringcrypto*` branches of Go. -- The backend is only used if FIPS mode is requested (e.g. `GOFIPS=1`), otherwise Microsoft Go falls back to the Go standard library at runtime. +- Introduction of FIPS features in the Microsoft build of Go based on the upstream `dev.boringcrypto*` branches of Go. +- The backend is only used if FIPS mode is requested (e.g. `GOFIPS=1`), otherwise the Microsoft build of Go falls back to the Go standard library at runtime. - To build a FIPS-compliant program, a FIPS-specific toolset build must be downloaded and used. - For historical information about Go 1.16-1.18, see [the FIPS documentation in the 1.20 release branch](https://github.com/microsoft/go/tree/microsoft/release-branch.go1.20/eng/doc/fips). It includes details about FIPS in 1.18 and the changes in 1.19. diff --git a/eng/doc/fips/UserGuide.md b/eng/doc/fips/UserGuide.md index 7053637c545..af6c9599579 100644 --- a/eng/doc/fips/UserGuide.md +++ b/eng/doc/fips/UserGuide.md @@ -1,13 +1,13 @@ # FIPS 140-2 User Guide -This document is a user guide for the Microsoft Go crypto package running on FIPS 140-2 compatibility mode (hereafter referred to as FIPS). It is intended as a technical reference for developers using, and system administrators installing, the Go toolset, and for use in risk assessment reviews by security auditors. This is not a replacement for the Go crypto documentation, rather it is a collection of notes and more detailed explanations in the context of FIPS compatibility. +This document is a user guide for the Microsoft build of Go crypto package running on FIPS 140-2 compatibility mode (hereafter referred to as FIPS). It is intended as a technical reference for developers using, and system administrators installing, the Go toolset, and for use in risk assessment reviews by security auditors. This is not a replacement for the Go crypto documentation, rather it is a collection of notes and more detailed explanations in the context of FIPS compatibility. The Go crypto documentation is available online at https://pkg.go.dev/crypto. - [FIPS 140-2 User Guide](#fips-140-2-user-guide) - - [The Microsoft Go crypto backends](#the-microsoft-go-crypto-backends) + - [The Microsoft build of Go crypto backends](#the-microsoft-build-of-go-crypto-backends) - [Using Go crypto APIs](#using-go-crypto-apis) - [crypto/aes](#cryptoaes) - [func NewCipher](#func-newcipher) @@ -95,11 +95,11 @@ The Go crypto documentation is available online at https://pkg.go.dev/crypto. - [crypto/subtle](#cryptosubtle) - [crypto/tls](#cryptotls) -## The Microsoft Go crypto backends +## The Microsoft build of Go crypto backends The OpenSSL backend uses [golang-fips/openssl]. The CNG backend uses [go-crypto-winnative]. -For more general information about the backends, such as how to enable them, see the [Microsoft Go FIPS README](./README.md). +For more general information about the backends, such as how to enable them, see the [Microsoft build of Go FIPS README](./README.md). [golang-fips/openssl]: https://github.com/golang-fips/openssl [go-crypto-winnative]: https://github.com/microsoft/go-crypto-winnative @@ -1697,7 +1697,7 @@ Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, Package tls will automatically use FIPS compliant primitives implemented in other crypto packages. -Since Go 1.22, the Microsoft Go runtime automatically enforces that tls only uses FIPS-approved settings when running in FIPS mode. +Since Go 1.22, the Microsoft build of Go runtime automatically enforces that tls only uses FIPS-approved settings when running in FIPS mode. Prior to Go 1.22, a program using tls must import the `crypto/tls/fipsonly` package to be compliant with these restrictions. When using TLS in FIPS-only mode the TLS handshake has the following restrictions: diff --git a/eng/pipeline/stages/run-stage.yml b/eng/pipeline/stages/run-stage.yml index 328b724fc73..f9e8bc7f17f 100644 --- a/eng/pipeline/stages/run-stage.yml +++ b/eng/pipeline/stages/run-stage.yml @@ -94,7 +94,7 @@ stages: - name: MS_GO_UTIL_ALLOW_ONLY_MINIMAL_DEPS value: '1' - # On darwin (macOS) we haven't released a Microsoft Go toolchain. + # On darwin (macOS) we haven't released a Microsoft build Go toolchain. - ${{ if eq(parameters.builder.os, 'darwin') }}: - name: MS_USE_PATH_GO value: '1' diff --git a/eng/run.ps1 b/eng/run.ps1 index d3cebeafba8..8fa0dfe07f2 100644 --- a/eng/run.ps1 +++ b/eng/run.ps1 @@ -17,8 +17,8 @@ To list all possible tools: Builds 'eng/_util/cmd//.go' and runs it using the list of arguments. -This command automatically installs a known version of Microsoft Go that will be -used to build the tools. The known version of Go will also be used to build the +This command automatically installs a known version of the Microsoft build Go that +will be used to build the tools. The known version of Go will also be used to build the Go source code, if it's built. Set environment variable "MS_USE_PATH_GO" to 1 to your own Go from PATH instead. diff --git a/eng/signing/README.md b/eng/signing/README.md index 2ffc00ab368..5062fda3f25 100644 --- a/eng/signing/README.md +++ b/eng/signing/README.md @@ -1,6 +1,6 @@ # MSBuild signing infrastructure -This directory contains a component of the Microsoft Go signing infrastructure written using MSBuild. +This directory contains a component of the Microsoft build of Go signing infrastructure written using MSBuild. `Sign.csproj` is the interface between the Go signing command [`/eng/_util/cmd/sign`][sign] and MicroBuild, an internal Microsoft toolset written to primarily support .NET projects that use MSBuild. See [`/eng/_util/cmd/sign`][sign] for more information about the signing infrastructure. diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index d8083025015..45b684bd58e 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -427,7 +427,7 @@ index 00000000000000..1bfbaf60f4dd58 +All supported OpenSSL versions pass a small set of automatic tests that ensure they can be built and that there are no major regressions. +These tests do not validate the cryptographic correctness of the `openssl` package. + -+On top of that, the [golang-fips Go fork](https://github.com/golang-fips/go) -maintained by Red Hat- and the [Microsoft Go fork](https://github.com/microsoft/go), tests a subset of the supported OpenSSL versions when integrated with the Go `crypto` package. ++On top of that, the [golang-fips Go fork](https://github.com/golang-fips/go) -maintained by Red Hat- and the [Microsoft build of Go](https://github.com/microsoft/go), tests a subset of the supported OpenSSL versions when integrated with the Go `crypto` package. +These tests are much more exhaustive and validate a specific OpenSSL version can produce working applications. + +### Building without OpenSSL headers diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch index 030657c00a9..db8298b6bd0 100644 --- a/patches/0004-Use-crypto-backends.patch +++ b/patches/0004-Use-crypto-backends.patch @@ -301,7 +301,7 @@ index 7614b6d194facf..f0f53ab2bab047 100644 if goexperiment := buildcfg.Experiment.String(); goexperiment != "" { - buildVersion += " X:" + goexperiment + // buildVersion is intended to contain non-default experiment flags. -+ // The Microsoft Go toolchain default behavior is to set the ++ // The Microsoft build of Go default behavior is to set the + // allowcryptofallback experiment, so we don't include it in the + // buildVersion string. + goexperiment = strings.Join(slices.DeleteFunc(strings.Split(goexperiment, ","), func(s string) bool { @@ -744,7 +744,7 @@ index 00000000000000..1dc05d09b2062d + +import _ "unsafe" + -+// The symbols below are pulled by some crypto backend in the Microsoft Go compiler. ++// The symbols below are pulled by some crypto backend in the Microsoft build of Go compiler. +// We provide a push linkname here, to keep them accessible with pull linknames. + +//go:linkname encodeSignature @@ -2304,7 +2304,7 @@ index 00000000000000..1adf3098356307 +// license that can be found in the LICENSE file. + +/* -+Microsoft Go only package. ++Microsoft build of Go only package. + +TLS 1.3 Key Schedule is normally not part of the FIPS boundary, but upstream Go +decided to include it in the FIPS boundary to facilitate the FIPS 140-3 certification diff --git a/patches/0008-remove-long-path-support-hack.patch b/patches/0008-remove-long-path-support-hack.patch index e8852986509..35bf86b183f 100644 --- a/patches/0008-remove-long-path-support-hack.patch +++ b/patches/0008-remove-long-path-support-hack.patch @@ -4,11 +4,11 @@ Date: Mon, 25 Mar 2024 12:14:00 +0100 Subject: [PATCH] remove long path support hack Upstream Go tricks Windows into enabling long path support by setting an -undocumented flag in the PEB. The Microsoft Go fork can't use undocumented +undocumented flag in the PEB. The Microsoft build of Go can't use undocumented APIs, so this commit removes the hack. There is no documented way to enable long path support from within the -process, so this this is a breaking change for the Microsoft Go fork. +process, so this this is a breaking change for the Microsoft build of Go. Note that the Go standard library makes a best effort to support long paths by using the `\\?\` prefix when possible, so this change should only affect long relative paths, which can't be used with the `\\?\`. diff --git a/patches/README.md b/patches/README.md index 51e6703679a..9bf2fe6ed98 100644 --- a/patches/README.md +++ b/patches/README.md @@ -1,6 +1,6 @@ -# Microsoft Go patches +# Microsoft build of Go patches -The patches in this directory are applied to the `/go` submodule before building Microsoft Go. +The patches in this directory are applied to the `/go` submodule before building th Microsoft build of Go. This is done automatically by the build tools provided in `/eng`. We use [`git-go-patch`](https://github.com/microsoft/go-infra/tree/main/cmd/git-go-patch) to maintain these patch files. From 376cd32df307b0cd3793d8f6f149701d483618a9 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 11 Feb 2025 14:33:47 -0800 Subject: [PATCH 231/887] Fix single-feed error with Release Studio nuget.config (#1549) --- eng/release-studio/NuGet.config | 7 +------ eng/release-studio/ReleaseStudio.csproj | 12 +++++++++++- eng/signing/NuGet.config | 1 + 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/eng/release-studio/NuGet.config b/eng/release-studio/NuGet.config index 6ea4355ea85..cfde83028f8 100644 --- a/eng/release-studio/NuGet.config +++ b/eng/release-studio/NuGet.config @@ -6,13 +6,8 @@ + - - diff --git a/eng/release-studio/ReleaseStudio.csproj b/eng/release-studio/ReleaseStudio.csproj index 0c90dde172d..c7139c2c0ea 100644 --- a/eng/release-studio/ReleaseStudio.csproj +++ b/eng/release-studio/ReleaseStudio.csproj @@ -3,7 +3,17 @@ - net7.0 + + net$(BundledNETCoreAppTargetFrameworkVersion) diff --git a/eng/signing/NuGet.config b/eng/signing/NuGet.config index 8f32de83184..d4ccd2557cf 100644 --- a/eng/signing/NuGet.config +++ b/eng/signing/NuGet.config @@ -6,6 +6,7 @@ + From 43e5ee4c8a90c850ac9e75c710de1ef5fc189983 Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Tue, 11 Feb 2025 16:42:42 -0800 Subject: [PATCH 232/887] Fix Release Studio script gathering: stable target dir (#1550) --- eng/pipeline/stages/public-publish-stage.yml | 3 ++- eng/release-studio/ReleaseStudio.csproj | 17 +++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/eng/pipeline/stages/public-publish-stage.yml b/eng/pipeline/stages/public-publish-stage.yml index 7dc8d5a32bf..614f57e9c8f 100644 --- a/eng/pipeline/stages/public-publish-stage.yml +++ b/eng/pipeline/stages/public-publish-stage.yml @@ -48,7 +48,7 @@ stages: - name: GoBinariesDir value: $(Pipeline.Workspace)/Binaries Signed - name: NetCorePublishingScripts - value: $(Build.SourcesDirectory)/eng/release-studio/bin/Debug/net7.0/MsGoPublishingScripts + value: $(Build.SourcesDirectory)/eng/release-studio/bin/MsGoPublishingScripts # This is read directly by release studio scripts through env. - name: RMExecutionEnvironment @@ -70,6 +70,7 @@ stages: projects: '$(Build.SourcesDirectory)/eng/release-studio/ReleaseStudio.csproj' custom: build arguments: >- + /p:NetCorePublishingScripts=$(NetCorePublishingScripts) /bl:eng/release-studio/Build.binlog /v:n diff --git a/eng/release-studio/ReleaseStudio.csproj b/eng/release-studio/ReleaseStudio.csproj index c7139c2c0ea..2f5570c4a97 100644 --- a/eng/release-studio/ReleaseStudio.csproj +++ b/eng/release-studio/ReleaseStudio.csproj @@ -14,10 +14,27 @@ We aren't actually building an app anyway, we just need the RM package. --> net$(BundledNETCoreAppTargetFrameworkVersion) + + + $(MSBuildThisFileDirectory)bin\MsGoPublishingScripts + + + + + + From f1860777e4019da9508b2daf627021367f107de2 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 12 Feb 2025 16:06:43 +0000 Subject: [PATCH 233/887] Update submodule to latest master (d9cc4944): cmd/dist: correct gccheckmark test name --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 608acff8479..d9cc4944ce3 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 608acff8479640b00c85371d91280b64f5ec9594 +Subproject commit d9cc4944ce3f36fc8fd1c63f35c206b308a3503f From 1b499161c8c96cc2f5d52c564ad65fe8ea51359b Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 12 Feb 2025 10:22:59 -0600 Subject: [PATCH 234/887] Upgrade CNG backend --- patches/0002-Vendor-crypto-backends.patch | 25 ++++++++++++----------- 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/patches/0002-Vendor-crypto-backends.patch b/patches/0002-Vendor-crypto-backends.patch index 45b684bd58e..7b33e81f68f 100644 --- a/patches/0002-Vendor-crypto-backends.patch +++ b/patches/0002-Vendor-crypto-backends.patch @@ -94,14 +94,14 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../microsoft/go-crypto-winnative/cng/rc4.go | 65 ++ .../microsoft/go-crypto-winnative/cng/rsa.go | 396 ++++++++++ .../microsoft/go-crypto-winnative/cng/sha3.go | 311 ++++++++ - .../go-crypto-winnative/cng/tls1prf.go | 88 +++ + .../go-crypto-winnative/cng/tls1prf.go | 89 +++ .../internal/bcrypt/bcrypt_windows.go | 368 +++++++++ .../internal/bcrypt/ntstatus_windows.go | 45 ++ .../internal/bcrypt/zsyscall_windows.go | 412 ++++++++++ .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 16 + - 95 files changed, 13813 insertions(+), 7 deletions(-) + 95 files changed, 13814 insertions(+), 7 deletions(-) create mode 100644 src/crypto/internal/backend/deps_ignore.go create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml @@ -222,7 +222,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index ccfdbd8ea22d77..848995bdafa375 100644 +index ccfdbd8ea22d77..8279edd727aada 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -233,10 +233,10 @@ index ccfdbd8ea22d77..848995bdafa375 100644 +require ( + github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6 + github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20250211154640-f49c8e1379ea +) diff --git a/src/go.sum b/src/go.sum -index 4d6a33e34a4e63..6a09a77031befa 100644 +index 4d6a33e34a4e63..501aecb4cccb41 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ @@ -244,8 +244,8 @@ index 4d6a33e34a4e63..6a09a77031befa 100644 +github.com/golang-fips/openssl/v2 v2.0.4-0.20250115103809-bf655f6d08d6/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67 h1:SI0IFiHducwfamZR7pv6jb92oc5o/z5tn66wynS6ADE= +github.com/microsoft/go-crypto-darwin v0.0.2-0.20250116101429-467bd63a2d67/go.mod h1:LyP4oZ0QcysEJdqUTOk9ngNFArRFK94YRImkoJ8julQ= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 h1:97wOagHu7OExwU929NjuPIlUEUaFIQtffQMaVj0mR5E= -+github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250211154640-f49c8e1379ea h1:JuRzAUOV9uaQdoNeuHyOEAJbpRahsICnwfPPGzzuzRw= ++github.com/microsoft/go-crypto-winnative v0.0.0-20250211154640-f49c8e1379ea/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20250121202134-9a960c88dd98 h1:36bTiCRO7f/J3t+LumnLTJDXqxsp1x6Q7754SsRD9u4= @@ -427,7 +427,7 @@ index 00000000000000..1bfbaf60f4dd58 +All supported OpenSSL versions pass a small set of automatic tests that ensure they can be built and that there are no major regressions. +These tests do not validate the cryptographic correctness of the `openssl` package. + -+On top of that, the [golang-fips Go fork](https://github.com/golang-fips/go) -maintained by Red Hat- and the [Microsoft build of Go](https://github.com/microsoft/go), tests a subset of the supported OpenSSL versions when integrated with the Go `crypto` package. ++On top of that, the [golang-fips Go fork](https://github.com/golang-fips/go) -maintained by Red Hat- and the [Microsoft Go fork](https://github.com/microsoft/go), tests a subset of the supported OpenSSL versions when integrated with the Go `crypto` package. +These tests are much more exhaustive and validate a specific OpenSSL version can produce working applications. + +### Building without OpenSSL headers @@ -14134,10 +14134,10 @@ index 00000000000000..15c1345475a3b1 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go new file mode 100644 -index 00000000000000..5a3fb01606ef95 +index 00000000000000..56131a6bc93d3f --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/tls1prf.go -@@ -0,0 +1,88 @@ +@@ -0,0 +1,89 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -14184,6 +14184,7 @@ index 00000000000000..5a3fb01606ef95 + if err := bcrypt.GenerateSymmetricKey(alg, &kh, nil, secret, 0); err != nil { + return err + } ++ defer bcrypt.DestroyKey(kh) + + buffers := make([]bcrypt.Buffer, 0, 3) + if len(label) > 0 { @@ -15169,7 +15170,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index d42f50b43ccdba..61fda0cbe57e34 100644 +index d42f50b43ccdba..8f04bd6fc8fd78 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,19 @@ @@ -15182,7 +15183,7 @@ index d42f50b43ccdba..61fda0cbe57e34 100644 +github.com/microsoft/go-crypto-darwin/bbig +github.com/microsoft/go-crypto-darwin/internal/cryptokit +github.com/microsoft/go-crypto-darwin/xcrypto -+# github.com/microsoft/go-crypto-winnative v0.0.0-20250110072644-50d2dfac4b70 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20250211154640-f49c8e1379ea +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig From fa16cc101843479cee11eee86d7cb221751baaff Mon Sep 17 00:00:00 2001 From: Davis Goodin Date: Wed, 12 Feb 2025 14:48:12 -0800 Subject: [PATCH 235/887] Additional FIPS readme updates for 1.24 (#1556) * Refer to FIPS 140 without -2 * FIPS readme updates for 1.24 --- eng/doc/fips/README.md | 160 +++++++++++++++++++++++++---------------- 1 file changed, 100 insertions(+), 60 deletions(-) diff --git a/eng/doc/fips/README.md b/eng/doc/fips/README.md index 827b376dc87..fdafdc59cdd 100644 --- a/eng/doc/fips/README.md +++ b/eng/doc/fips/README.md @@ -1,50 +1,60 @@ This directory contains documentation about FIPS and the FIPS implementation in the Microsoft fork of Go. * README.md (this file): a general overview and first steps. -* [**FIPS 140-2 User Guide** (UserGuide.md)](UserGuide.md): notes on FIPS compliance of specific crypto APIs. +* [**FIPS 140 User Guide** (UserGuide.md)](UserGuide.md): notes on FIPS compliance of specific crypto APIs. -# Crypto FIPS 140-2 support +# Crypto FIPS 140 support ## Background -FIPS 140-2 is a U.S. government computer security standard used to approve cryptographic modules. FIPS compliance may come up when working with U.S. government and other regulated industries. +FIPS 140 is a U.S. government computer security standard used to approve cryptographic modules. FIPS compliance and specifically FIPS 140-3 certification may come up when working with U.S. government and other regulated industries. ### Go FIPS compliance -The Go `crypto` package is not FIPS certified, and the Go team has stated that it won't be, e.g. in [golang/go/issues/21734](https://github.com/golang/go/issues/21734#issuecomment-326980213) Adam Langley says: +The upstream plan to support building FIPS compliant Go apps is described in [FIPS 140-3 Compliance](https://go.dev/doc/security/fips140) and [crypto: obtain a FIPS 140-3 validation (golang/go#69536)](https://github.com/golang/go/issues/69536). +Go 1.24 delivered some major steps in this plan: the crypto module itself (written in Go and Go assembly), the concept of FIPS mode in the Go runtime, and new toolset settings. -> The status of FIPS 140 for Go itself remains "no plans, basically zero chance". +Prior to Go 1.24, Google maintained the [goexperiment](https://pkg.go.dev/internal/goexperiment) `boringcrypto`, that uses cgo and BoringSSL to implement various crypto primitives. +As BoringSSL is FIPS 140 certified, an application built using this flag is more likely to be FIPS 140 compliant, yet Google does not provide any liability about the suitability of this code in relation to the FIPS 140 standard. -On the other hand, Google maintains the [goexperiment](https://pkg.go.dev/internal/goexperiment) `boringcrypto`, that uses cgo and BoringSSL to implement various crypto primitives. As BoringSSL is FIPS 140-2 certified, an application built using this flag is more likely to be FIPS 140-2 compliant, yet Google does not provide any liability about the suitability of this code in relation to the FIPS 140-2 standard. - -In addition to that, the boringcrypto flag also provides a mechanism to restrict all TLS configuration to FIPS-compliant settings. The effect is triggered by importing the fipsonly package anywhere in a program, as in: +In addition to that, the `boringcrypto` flag also provides a mechanism to restrict all TLS configuration to FIPS-compliant settings. +The effect is triggered by importing the fipsonly package anywhere in a program, as in: ```go import _ "crypto/tls/fipsonly" ``` +In Go 1.24, the TLS FIPS-compliant mode is controlled by the Go runtime's FIPS mode. + ## Microsoft build of Go FIPS compliance -The Microsoft build of Go modifies the Go runtime to implement several crypto primitives using cgo to call into a platform-provided cryptographic library rather than use the standard Go crypto implementations. This allows Go programs to use a platform-provided FIPS 140-2 certified crypto library. +The Microsoft build of Go modifies the Go runtime to call into a platform-provided cryptographic library to implement crypto primitives rather than use the standard Go crypto implementations. +Depending on the platform, this is done using cgo or syscalls. +This allows Go programs to use a platform-provided FIPS 140 certified crypto library. -On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. Since 1.24, on macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140-2 certified. +On Linux, the fork uses [OpenSSL](https://www.openssl.org/) through the [golang-fips/openssl] module in Go 1.21+ and the [go-crypto-openssl] module in earlier versions. On Windows, [CNG](https://docs.microsoft.com/en-us/windows/win32/seccng/about-cng), using [go-crypto-winnative]. Since 1.24, on macOS, [CommonCrypto](https://developer.apple.com/library/archive/documentation/System/Conceptual/ManPages_iPhoneOS/man3/Common%20Crypto.3cc.html) and [CryptoKit](https://developer.apple.com/documentation/cryptokit) using [go-crypto-darwin]. Similar to BoringSSL, certain OpenSSL, CNG and CommonCrypto/CryptoKit versions are FIPS 140 certified. -It is important to note that an application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_. It is the responsibility of the application development team to use FIPS-compliant crypto primitives and workflows. The modified crypto runtime will fall back to Go standard library crypto if it cannot provide a FIPS-compliant implementation, e.g. when hashing a message using `crypto/md5` hashes or when using an AES-GCM cipher with a non-standard nonce size. +> [!IMPORTANT] +> An application built with Microsoft's Go toolchain and running in FIPS compatible mode is not FIPS compliant _per-se_. +> It is the responsibility of the application development team to use FIPS-compliant crypto primitives and workflows. +> +> For compatibility reasons, the modified crypto runtime will fall back to Go standard library crypto if it cannot provide a FIPS-compliant implementation, e.g. when hashing a message using `crypto/md5` hashes or when using an AES-GCM cipher with a non-standard nonce size. ## Configuration overview -The Microsoft build of Go fork provides several ways to configure the crypto backend and its behavior. These are described in the following sections in detail. +The Microsoft build of Go provides several ways to configure the crypto backend and its behavior. +These are described in the following sections in detail. - Build-time configuration (`go build`): - [`GOEXPERIMENT=crypto` environment variable](#usage-build) - [`goexperiment.crypto` build tag](#usage-build) - [`requirefips` build tag](#build-option-to-require-fips-mode) - - [`GOFIPS140=latest` environment variable](#build-option-to-require-fips-mode) + - [`GOFIPS140=latest` environment variable](#build-option-to-require-fips-mode) (go1.24+) - [`GOEXPERIMENT` `allowcryptofallback`](#build-option-to-use-go-crypto-if-the-backend-compatibility-check-fails) - [`import _ "crypto/tls/fipsonly"` source change](#tls-with-fips-compliant-settings) - Runtime configuration: - [`GOFIPS` environment variable](#usage-runtime) - - [`GODEBUG=fips140` setting](#usage-runtime) + - [`GODEBUG=fips140` setting](#usage-runtime) (go1.24+) - (OpenSSL backend) [`GO_OPENSSL_VERSION_OVERRIDE` environment variable](#runtime-openssl-version-override) - (OpenSSL backend) [`/proc/sys/crypto/fips_enabled` file containing `1`](#linux-fips-mode-openssl) - (CNG backend) [Windows registry `HKLM\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy` dword value `Enabled` set to `1`](#windows-fips-mode-cng) @@ -56,9 +66,7 @@ There are typically two goals that lead to this document. Creating a FIPS compli > [!NOTE] > This section assumes the use of the Microsoft build of Go 1.24 or later. > -> 1.24 introduces `GODEBUG=fips140=on` as a preferred way to enable FIPS mode. See also [the Go 1.24 changelog](#go-124-feb-2025). -> -> 1.21 introduces `systemcrypto`, `requirefips`, and a build-time compatibility check for the selected crypto backend. The Usage sections go into more detail about the differences between 1.19/1.20 and 1.21 in context. See also [the Go 1.21 changelog](#go-121-aug-2023). +> 1.24 introduces `GODEBUG=fips140=on` as the preferred way to enable FIPS mode. See also [the Go 1.24 changelog](#go-124-feb-2025). | Build-time config | Runtime config | Internal Microsoft crypto policy | FIPS behavior | | --- | --- | --- | --- | @@ -68,10 +76,7 @@ There are typically two goals that lead to this document. Creating a FIPS compli | `GOEXPERIMENT=systemcrypto` | `GO_OPENSSL_VERSION_OVERRIDE=1.1.1k-fips` | Compliant | Can be used to create a compliant app. If the app is built for Linux, `systemcrypto` chooses `opensslcrypto`, and the environment variable causes it to load `libcrypto.so.1.1.1k-fips` instead of using the automatic search behavior. This environment variable has no effect with `cngcrypto`. | | `GOEXPERIMENT=systemcrypto` and `-tags=requirefips` | Default | Compliant | Can be used to create a compliant app. The behavior is the same as `GODEBUG=fips140=on` and `GOFIPS=1`, but no runtime configuration is necessary. See [the `requirefips` section](#build-option-to-require-fips-mode) for more information on when this "locked-in" approach may be useful rather than the flexible approach. | -Other notes for common configurations: - -- Prior to Go 1.22, if the app uses TLS, `import _ "crypto/tls/fipsonly"` is also necessary for FIPS compliance. See [TLS with FIPS-compliant settings](#tls-with-fips-compliant-settings) -- A Docker image is available that includes suitable build-time config in the environment. See [Dockerfile base image](#dockerfile-base-image) +A [Docker base image](#dockerfile-base-image) is available that includes suitable build-time config in the environment. Some configurations are invalid and intentionally result in a build error or runtime panic: @@ -91,7 +96,7 @@ The `GOEXPERIMENT` environment variable is used at build time to select a crypto - `opensslcrypto` selects OpenSSL, for Linux - `cngcrypto` selects CNG, for Windows - Since 1.24, `darwincrypto` selects CommonCrypto & CryptoKit for macOS -- `boringcrypto` selects the upstream BoringCrypto backend, which is **not supported nor compliant** +- `boringcrypto` selects the upstream BoringCrypto backend, which is **not supported and not compliant with internal Microsoft policy** - If no option is selected, Go standard library cryptography is used. The options are exclusive and must not be enabled at the same time as one another. @@ -105,53 +110,44 @@ The options are exclusive and must not be enabled at the same time as one anothe | macOS (since 1.24) | `darwincrypto` | CommonCrypto & CryptoKit | | macOS (prior to 1.24) | N/A, build error | N/A | -The crypto backend selection must match the target platform. In a cross-build scenario, such as using Linux to build an app that will run on Windows, `GOOS=windows GOEXPERIMENT=systemcrypto` will correctly select `cngcrypto`. Prior to Go 1.21, the selection must be made manually: `GOOS=windows GOEXPERIMENT=cngcrypto`. +The crypto backend selection must match the target platform. In a cross-build scenario, such as using Linux to build an app that will run on Windows, `GOOS=windows GOEXPERIMENT=systemcrypto` will correctly select `cngcrypto`. -Setting the `goexperiment.