diff --git a/config/versions.json b/config/versions.json index 1c7ce26c52..91970b2455 100644 --- a/config/versions.json +++ b/config/versions.json @@ -1,5 +1,5 @@ { "github.com/golang-fips/go": "main", "github.com/golang-fips/openssl-fips": "b175be2ccd46683a51cba60a9a2087b09593317d", - "github.com/golang/go": "go1.21.4" + "github.com/golang/go": "0c7e5d3b8db6668d6bdb16410d59c0ae4133400a" } diff --git a/patches/000-initial-setup.patch b/patches/000-initial-setup.patch index 8268a1cc5d..a5821b243e 100644 --- a/patches/000-initial-setup.patch +++ b/patches/000-initial-setup.patch @@ -1,3 +1,50 @@ +From 1efcae8f62332ae54846c14fbe0fd1132a283420 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Mon, 27 Nov 2023 10:22:57 +0100 +Subject: [PATCH] initial setup + +--- + api/go1.19.txt | 2 + + .../go/testdata/script/gopath_std_vendor.txt | 4 +- + src/crypto/ecdh/ecdh_test.go | 4 + + src/crypto/ecdsa/ecdsa_hashsignverify.go | 45 +++++ + src/crypto/ecdsa/ecdsa_hashsignverify_test.go | 42 +++++ + src/crypto/ecdsa/ecdsa_test.go | 17 +- + src/crypto/ecdsa/equal_test.go | 8 +- + src/crypto/ed25519/ed25519_test.go | 1 + + src/crypto/ed25519/ed25519vectors_test.go | 1 + + src/crypto/internal/backend/bbig/big.go | 38 ++++ + .../internal/backend/boringtest/config.go | 46 +++++ + src/crypto/internal/backend/dummy.s | 0 + src/crypto/internal/backend/nobackend.go | 163 ++++++++++++++++++ + src/crypto/internal/backend/openssl.go | 106 ++++++++++++ + src/crypto/rsa/pkcs1v15_test.go | 63 ++++++- + src/crypto/rsa/pss_test.go | 24 ++- + src/crypto/rsa/rsa.go | 4 +- + src/crypto/rsa/rsa_test.go | 56 +++++- + src/crypto/tls/boring.go | 17 +- + src/crypto/tls/boring_test.go | 81 +++++++-- + src/crypto/tls/cipher_suites.go | 5 + + src/crypto/tls/common.go | 4 + + src/crypto/tls/handshake_client.go | 4 +- + src/crypto/tls/handshake_client_test.go | 1 + + src/crypto/tls/handshake_client_tls13.go | 4 - + src/crypto/tls/handshake_server_tls13.go | 4 - + src/crypto/tls/key_schedule.go | 28 ++- + src/crypto/x509/boring_test.go | 11 +- + src/crypto/x509/x509_test.go | 91 +++++++--- + src/go/build/deps_test.go | 13 +- + src/runtime/pprof/proto_test.go | 32 +++- + src/runtime/runtime_boring.go | 5 + + 32 files changed, 843 insertions(+), 81 deletions(-) + create mode 100644 src/crypto/ecdsa/ecdsa_hashsignverify.go + create mode 100644 src/crypto/ecdsa/ecdsa_hashsignverify_test.go + create mode 100644 src/crypto/internal/backend/bbig/big.go + create mode 100644 src/crypto/internal/backend/boringtest/config.go + create mode 100644 src/crypto/internal/backend/dummy.s + create mode 100644 src/crypto/internal/backend/nobackend.go + create mode 100644 src/crypto/internal/backend/openssl.go + diff --git a/api/go1.19.txt b/api/go1.19.txt index f31d633af9..e078f4aee1 100644 --- a/api/go1.19.txt @@ -16,17 +63,17 @@ index 4aaf46b5d0..c231e299d9 100644 --- a/src/cmd/go/testdata/script/gopath_std_vendor.txt +++ b/src/cmd/go/testdata/script/gopath_std_vendor.txt @@ -21,11 +21,11 @@ go build . - + go list -deps -f '{{.ImportPath}} {{.Dir}}' . stdout $GOPATH[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack -! stdout $GOROOT[/\\]src[/\\]vendor +! stdout $GOROOT[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack - + go list -test -deps -f '{{.ImportPath}} {{.Dir}}' . stdout $GOPATH[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack -! stdout $GOROOT[/\\]src[/\\]vendor +! stdout $GOROOT[/\\]src[/\\]vendor[/\\]golang.org[/\\]x[/\\]net[/\\]http2[/\\]hpack - + -- issue16333/issue16333.go -- package vendoring17 diff --git a/src/crypto/ecdh/ecdh_test.go b/src/crypto/ecdh/ecdh_test.go @@ -182,7 +229,7 @@ index 08a0903eb1..61a4662036 100644 t.Run(test.name, func(t *testing.T) { t.Parallel() @@ -235,7 +246,11 @@ func TestVectors(t *testing.T) { - + switch curve { case "P-224": - pub.Curve = elliptic.P224() @@ -206,10 +253,10 @@ index 53ac8504c2..4371e31b1a 100644 + "crypto/internal/backend/boringtest" "testing" ) - + @@ -65,11 +67,13 @@ func testEqual(t *testing.T, c elliptic.Curve) { } - + func TestEqual(t *testing.T) { - t.Run("P224", func(t *testing.T) { testEqual(t, elliptic.P224()) }) + t.Run("P256", func(t *testing.T) { testEqual(t, elliptic.P256()) }) @@ -229,7 +276,7 @@ index 47c8698e2a..8b5c2cc9af 100644 +++ b/src/crypto/ed25519/ed25519_test.go @@ -321,6 +321,7 @@ func TestMalleability(t *testing.T) { } - + func TestAllocations(t *testing.T) { + t.Skip("Allocations test broken with openssl linkage") if boring.Enabled { @@ -241,11 +288,11 @@ index f933f2800a..223ce04340 100644 +++ b/src/crypto/ed25519/ed25519vectors_test.go @@ -72,6 +72,7 @@ func TestEd25519Vectors(t *testing.T) { } - + func downloadEd25519Vectors(t *testing.T) []byte { + t.Skip("skipping test that downloads external data") testenv.MustHaveExternalNetwork(t) - + // Create a temp dir and modcache subdir. diff --git a/src/crypto/internal/backend/bbig/big.go b/src/crypto/internal/backend/bbig/big.go new file mode 100644 @@ -642,7 +689,7 @@ index dfa1eddc88..39a4fc184a 100644 "crypto/sha1" @@ -54,6 +56,10 @@ var decryptPKCS1v15Tests = []DecryptPKCS1v15Test{ } - + func TestDecryptPKCS1v15(t *testing.T) { + if boring.Enabled && !boringtest.Supports(t, "PKCSv1.5") { + t.Skip("skipping PKCS#1 v1.5 encryption test with BoringCrypto") @@ -653,7 +700,7 @@ index dfa1eddc88..39a4fc184a 100644 return DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext) @@ -78,6 +84,10 @@ func TestDecryptPKCS1v15(t *testing.T) { } - + func TestEncryptPKCS1v15(t *testing.T) { + if boring.Enabled && !boringtest.Supports(t, "PKCSv1.5") { + t.Skip("skipping PKCS#1 v1.5 encryption test with BoringCrypto") @@ -661,10 +708,10 @@ index dfa1eddc88..39a4fc184a 100644 + random := rand.Reader k := (rsaPrivateKey.N.BitLen() + 7) / 8 - + @@ -139,6 +149,10 @@ var decryptPKCS1v15SessionKeyTests = []DecryptPKCS1v15Test{ } - + func TestEncryptPKCS1v15SessionKey(t *testing.T) { + if boring.Enabled && !boringtest.Supports(t, "PKCSv1.5") { + t.Skip("skipping PKCS#1 v1.5 encryption test with BoringCrypto") @@ -675,7 +722,7 @@ index dfa1eddc88..39a4fc184a 100644 err := DecryptPKCS1v15SessionKey(nil, rsaPrivateKey, decodeBase64(test.in), key) @@ -153,6 +167,10 @@ func TestEncryptPKCS1v15SessionKey(t *testing.T) { } - + func TestEncryptPKCS1v15DecrypterSessionKey(t *testing.T) { + if boring.Enabled && !boringtest.Supports(t, "PKCSv1.5") { + t.Skip("skipping PKCS#1 v1.5 encryption test with BoringCrypto") @@ -691,21 +738,21 @@ index dfa1eddc88..39a4fc184a 100644 - {"Test.\n", "a4f3fa6ea93bcdd0c57be020c1193ecbfd6f200a3d95c409769b029578fa0e336ad9a347600e40d3ae823b8c7e6bad88cc07c1d54c3a1523cbbb6d58efc362ae"}, + {"Test.\n", "0c7c85d938862248846cba06b06ac9bfe752aafed3092c224f257855006aa35b43d101e6c8e59cbc4c20b07c81552963f189dea700e042d4b70c236a031a29a9273cc138e69dc1a5834491de4822d8cb6acf218789d2586cb0f3892236b0948ffaf8691f6fa04597caa45068f9be39b8ea8b5336a8c94e2696f872120778abcfea711e5fbf75f835f0f5204ccdd020013c2ceae25e9d1378a1d10cf86ca269eef48fee8ebb5e8dfb08f0c48d22d1a7162e080ec1f6e48541288aaaa1f2370f0688cf1786a32abed41df1d3b96b665794bf7a772743fc8b62d73901cea4569494c794a01ccc7dda0d42199f5b58739c0c0e280774b56ccf51993f5ea3d4954319"}, } - + func TestSignPKCS1v15(t *testing.T) { @@ -201,7 +219,7 @@ func TestSignPKCS1v15(t *testing.T) { h.Write([]byte(test.in)) digest := h.Sum(nil) - + - s, err := SignPKCS1v15(nil, rsaPrivateKey, crypto.SHA1, digest) + s, err := SignPKCS1v15(nil, boringRsaPrivateKey, crypto.SHA1, digest) if err != nil { t.Errorf("#%d %s", i, err) } @@ -221,7 +239,7 @@ func TestVerifyPKCS1v15(t *testing.T) { - + sig, _ := hex.DecodeString(test.out) - + - err := VerifyPKCS1v15(&rsaPrivateKey.PublicKey, crypto.SHA1, digest, sig) + err := VerifyPKCS1v15(&boringRsaPrivateKey.PublicKey, crypto.SHA1, digest, sig) if err != nil { @@ -717,7 +764,7 @@ index dfa1eddc88..39a4fc184a 100644 // file. - expectedSig := decodeBase64("pX4DR8azytjdQ1rtUiC040FjkepuQut5q2ZFX1pTjBrOVKNjgsCDyiJDGZTCNoh9qpXYbhl7iEym30BWWwuiZg==") + expectedSig := decodeBase64("XgDn6nJdfL/gY3eq15l9Va41/nNkDrkTlxOZYHYeFaMOW+Z4BHTCZ1LhqNBXOBK9XEyHho6okpY4rqE1zTIVX/kCGJ+jS6VRgUsHcTcpvKBYZCW84yrjE360gkntzkGxUF9FaiOGzmJKwBm1UvFgFIaYlvF+PdU0H1trBvm/RYRU42xOQRY1U+MSXgruFfINE20vPTlAG22uJ2CELrZUDykQGnrDFsEP0UqyyyiqGqxHt8E7iNYC6+xhPPC/ato9Bev08nu/U/EGH2imifSoNz/IN6h3fQClHwk1a74bPrcRsmUAAHOX2X1VKxK7IruinU8iOyoG6oFuvT+QlMnWAw==") - + - sig, err := SignPKCS1v15(nil, rsaPrivateKey, crypto.Hash(0), msg) + sig, err := SignPKCS1v15(nil, boringRsaPrivateKey, crypto.Hash(0), msg) if err != nil { @@ -731,7 +778,7 @@ index dfa1eddc88..39a4fc184a 100644 t.Fatalf("signature failed to verify: %s", err) } } - + func TestShortSessionKey(t *testing.T) { + if boring.Enabled && !boringtest.Supports(t, "PKCSv1.5") { + t.Skip("skipping PKCS#1 v1.5 encryption test with BoringCrypto") @@ -743,7 +790,7 @@ index dfa1eddc88..39a4fc184a 100644 @@ -297,6 +319,35 @@ func parsePublicKey(s string) *PublicKey { return k } - + + +var boringRsaPrivateKey = parseKey(testingKey(`-----BEGIN RSA TESTING KEY----- +MIIEogIBAAKCAQEAp5qgUIj096pw8U+AjcJucLWenR3oe+tEthXiAuqcYgslW5UU @@ -813,11 +860,11 @@ index cf03e3cb7e..1226149321 100644 @@ -195,10 +204,15 @@ func TestPSSNilOpts(t *testing.T) { h.Write([]byte("testing")) hashed := h.Sum(nil) - + + // Shouldn't this check return value? SignPSS(rand.Reader, rsaPrivateKey, hash, hashed, nil) } - + func TestPSSSigning(t *testing.T) { + if boring.Enabled && !boringtest.Supports(t, "SHA1") { + t.Skip("skipping PSS test with BoringCrypto: too short key") @@ -829,7 +876,7 @@ index cf03e3cb7e..1226149321 100644 @@ -236,11 +250,15 @@ func TestPSSSigning(t *testing.T) { } } - + -func TestPSS513(t *testing.T) { +// This previously tested PSSSaltLengthAuto +// We'll change the key here to 2048 bits to @@ -852,12 +899,12 @@ index cf03e3cb7e..1226149321 100644 + }); err.Error() != InvalidSaltLenErr.Error() && !strings.Contains(err.Error(), "RSA_sign_pss_mgf1 failed") { t.Fatalf("SignPSS unexpected error: got %v, want %v", err, InvalidSaltLenErr) } - + diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index 63bc8dad1a..ab56ccd1ed 100644 +index 0715421187..90557200ea 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go -@@ -509,7 +509,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l +@@ -534,7 +534,7 @@ func EncryptOAEP(hash hash.Hash, random io.Reader, pub *PublicKey, msg []byte, l if err != nil { return nil, err } @@ -865,8 +912,8 @@ index 63bc8dad1a..ab56ccd1ed 100644 + return boring.EncryptRSAOAEP(hash, bkey, msg, label) } boring.UnreachableExceptTests() - -@@ -680,7 +680,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci + +@@ -724,7 +724,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci if err != nil { return nil, err } @@ -882,7 +929,7 @@ index 3278a7ff30..b994daec19 100644 @@ -23,6 +23,8 @@ import ( "testing" ) - + +import "crypto/internal/backend/boringtest" + func TestKeyGeneration(t *testing.T) { @@ -902,7 +949,7 @@ index 3278a7ff30..b994daec19 100644 @@ -114,6 +120,35 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { t.Errorf("private exponent too large") } - + + if boring.Enabled { + // Cannot call encrypt/decrypt with raw RSA. PKCSv1.5 + // not supported in some configurations. Test with @@ -938,7 +985,7 @@ index 3278a7ff30..b994daec19 100644 @@ -121,7 +156,7 @@ func testKeyBasics(t *testing.T, priv *PrivateKey) { return } - + - dec, err := DecryptPKCS1v15(nil, priv, enc) + dec, err := DecryptPKCS1v15(rand.Reader, priv, enc) if err != nil { @@ -963,7 +1010,7 @@ index 3278a7ff30..b994daec19 100644 + continue + } public := PublicKey{N: n, E: test.e} - + for j, message := range test.msgs { @@ -652,6 +694,10 @@ func TestDecryptOAEP(t *testing.T) { d := new(big.Int) @@ -979,13 +1026,13 @@ index 3278a7ff30..b994daec19 100644 @@ -695,6 +741,10 @@ func Test2DecryptOAEP(t *testing.T) { sha1 := crypto.SHA1 sha256 := crypto.SHA256 - + + if boring.Enabled && n.BitLen() < 2048 { + t.Skipf("skipping encryption tests with BoringCrypto: too short key: %d", n.BitLen()) + } + out, err := priv.Decrypt(random, in, &OAEPOptions{MGFHash: sha1, Hash: sha256}) - + if err != nil { @@ -710,6 +760,10 @@ func TestEncryptDecryptOAEP(t *testing.T) { d := new(big.Int) @@ -1003,12 +1050,12 @@ index 1827f76458..140b1a3dd8 100644 --- a/src/crypto/tls/boring.go +++ b/src/crypto/tls/boring.go @@ -8,8 +8,15 @@ package tls - + import ( "crypto/internal/boring/fipstls" + boring "crypto/internal/backend" ) - + +func init() { + if boring.Enabled && !boring.ExecutingTest() { + fipstls.Force() @@ -1019,14 +1066,14 @@ index 1827f76458..140b1a3dd8 100644 func needFIPS() bool { return fipstls.Required() @@ -17,14 +24,18 @@ func needFIPS() bool { - + // fipsMinVersion replaces c.minVersion in FIPS-only mode. func fipsMinVersion(c *Config) uint16 { - // FIPS requires TLS 1.2. + // FIPS requires TLS 1.2 or later. return VersionTLS12 } - + // fipsMaxVersion replaces c.maxVersion in FIPS-only mode. func fipsMaxVersion(c *Config) uint16 { - // FIPS requires TLS 1.2. @@ -1038,10 +1085,10 @@ index 1827f76458..140b1a3dd8 100644 + return VersionTLS12 + } } - + // default defaultFIPSCurvePreferences is the FIPS-allowed curves, diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index ba68f355eb..7bfe3f9417 100644 +index 085ff5713e..06bc373283 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -9,6 +9,8 @@ package tls @@ -1063,7 +1110,7 @@ index ba68f355eb..7bfe3f9417 100644 + } else { + test("VersionTLS13", VersionTLS13, "") + } - + fipstls.Force() defer fipstls.Abandon() @@ -52,11 +58,13 @@ func TestBoringServerProtocolVersion(t *testing.T) { @@ -1075,12 +1122,12 @@ index ba68f355eb..7bfe3f9417 100644 + test("VersionTLS13", VersionTLS13, "") + } } - + func isBoringVersion(v uint16) bool { - return v == VersionTLS12 + return v == VersionTLS12 || (boring.SupportsHKDF() && v == VersionTLS13) } - + func isBoringCipherSuite(id uint16) bool { @@ -66,7 +74,9 @@ func isBoringCipherSuite(id uint16) bool { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, @@ -1096,7 +1143,7 @@ index ba68f355eb..7bfe3f9417 100644 @@ -226,7 +236,14 @@ func TestBoringServerSignatureAndHash(t *testing.T) { // 1.3, and the ECDSA ones bind to the curve used. serverConfig.MaxVersion = VersionTLS12 - + - clientErr, serverErr := boringHandshake(t, testConfig, serverConfig) + clientConfig := testConfig.Clone() + @@ -1111,7 +1158,7 @@ index ba68f355eb..7bfe3f9417 100644 } @@ -315,15 +332,31 @@ func TestBoringCertAlgs(t *testing.T) { R2 := boringCert(t, "R2", boringRSAKey(t, 512), nil, boringCertCA) - + M1_R1 := boringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK) - M2_R1 := boringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA) + @@ -1123,13 +1170,13 @@ index ba68f355eb..7bfe3f9417 100644 + } else { + M2_R1 = boringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P384()), R1, boringCertCA|boringCertFIPSOK) + } - + I_R1 := boringCert(t, "I_R1", boringRSAKey(t, 3072), R1, boringCertCA|boringCertFIPSOK) - I_R2 := boringCert(t, "I_R2", I_R1.key, R2, boringCertCA|boringCertFIPSOK) + I_R2 := boringCert(t, "I_R2", I_R1.key, R2, boringCertCA) I_M1 := boringCert(t, "I_M1", I_R1.key, M1_R1, boringCertCA|boringCertFIPSOK) I_M2 := boringCert(t, "I_M2", I_R1.key, M2_R1, boringCertCA|boringCertFIPSOK) - + L1_I := boringCert(t, "L1_I", boringECDSAKey(t, elliptic.P384()), I_R1, boringCertLeaf|boringCertFIPSOK) - L2_I := boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf) + @@ -1141,20 +1188,20 @@ index ba68f355eb..7bfe3f9417 100644 + } else { + L2_I = boringCert(t, "L2_I", boringRSAKey(t, 1024), I_R1, boringCertLeaf|boringCertNotBoring) + } - + // client verifying server cert testServerCert := func(t *testing.T, desc string, pool *x509.CertPool, key interface{}, list [][]byte, ok bool) { @@ -336,6 +369,11 @@ func TestBoringCertAlgs(t *testing.T) { serverConfig.Certificates = []Certificate{{Certificate: list, PrivateKey: key}} serverConfig.BuildNameToCertificate() - + + if boring.Enabled { + serverConfig.Rand = boring.RandReader + clientConfig.Rand = boring.RandReader + } + clientErr, _ := boringHandshake(t, clientConfig, serverConfig) - + if (clientErr == nil) == ok { @@ -362,6 +400,16 @@ func TestBoringCertAlgs(t *testing.T) { serverConfig := testConfig.Clone() @@ -1170,9 +1217,9 @@ index ba68f355eb..7bfe3f9417 100644 + serverConfig.Rand = boring.RandReader + clientConfig.Rand = boring.RandReader + } - + _, serverErr := boringHandshake(t, clientConfig, serverConfig) - + @@ -384,8 +432,8 @@ func TestBoringCertAlgs(t *testing.T) { // exhaustive test with computed answers. r1pool := x509.NewCertPool() @@ -1217,7 +1264,7 @@ index ba68f355eb..7bfe3f9417 100644 boringCertFIPSOK = 0x80 + boringCertNotBoring = 0x100 ) - + func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey { @@ -490,6 +539,7 @@ type boringCertificate struct { cert *x509.Certificate @@ -1225,7 +1272,7 @@ index ba68f355eb..7bfe3f9417 100644 fipsOK bool + notBoring bool } - + func boringCert(t *testing.T, name string, key interface{}, parent *boringCertificate, mode int) *boringCertificate { @@ -511,7 +561,7 @@ func boringCert(t *testing.T, name string, key interface{}, parent *boringCertif ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}, @@ -1238,22 +1285,22 @@ index ba68f355eb..7bfe3f9417 100644 tmpl.IsCA = true @@ -548,7 +598,8 @@ func boringCert(t *testing.T, name string, key interface{}, parent *boringCertif } - + fipsOK := mode&boringCertFIPSOK != 0 - return &boringCertificate{name, org, parentOrg, der, cert, key, fipsOK} + notBoring := mode&boringCertNotBoring != 0 + return &boringCertificate{name, org, parentOrg, der, cert, key, fipsOK, notBoring} } - + // A self-signed test certificate with an RSA key of size 2048, for testing diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 04e6dfe018..b6ed936cd1 100644 +index 6f5bc37197..d352a8cfa8 100644 --- a/src/crypto/tls/cipher_suites.go +++ b/src/crypto/tls/cipher_suites.go -@@ -354,6 +354,11 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ +@@ -378,6 +378,11 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ TLS_AES_256_GCM_SHA384, } - + +var defaultFIPSCipherSuitesTLS13 = []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, @@ -1263,7 +1310,7 @@ index 04e6dfe018..b6ed936cd1 100644 hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go -index 5394d64ac6..db4e2dbf60 100644 +index 849e8b0a20..c0087ef5df 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -12,6 +12,7 @@ import ( @@ -1274,7 +1321,7 @@ index 5394d64ac6..db4e2dbf60 100644 "crypto/rand" "crypto/rsa" "crypto/sha512" -@@ -994,6 +995,9 @@ const roleServer = false +@@ -1040,6 +1041,9 @@ var tls10server = godebug.New("tls10server") func (c *Config) supportedVersions(isClient bool) []uint16 { versions := make([]uint16, 0, len(supportedVersions)) for _, v := range supportedVersions { @@ -1285,10 +1332,10 @@ index 5394d64ac6..db4e2dbf60 100644 continue } diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 63d86b9f3a..a8ee915041 100644 +index f016e01b4b..f7a31860c4 100644 --- a/src/crypto/tls/handshake_client.go +++ b/src/crypto/tls/handshake_client.go -@@ -127,7 +127,9 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) { +@@ -139,7 +139,9 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) { if len(hello.supportedVersions) == 1 { hello.cipherSuites = nil } @@ -1300,25 +1347,25 @@ index 63d86b9f3a..a8ee915041 100644 } else { hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...) diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go -index 22be38faff..d460eeb880 100644 +index ee9e79afab..b3338fd4f8 100644 --- a/src/crypto/tls/handshake_client_test.go +++ b/src/crypto/tls/handshake_client_test.go -@@ -2156,6 +2156,7 @@ func testBuffering(t *testing.T, version uint16) { +@@ -2198,6 +2198,7 @@ func testBuffering(t *testing.T, version uint16) { } - + func TestAlertFlushing(t *testing.T) { + t.Skip("unsupported in FIPS mode, different error returned") c, s := localPipe(t) done := make(chan bool) - + diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go -index 4a8661085e..87fe11de5c 100644 +index 2f59f6888c..a84cede1b0 100644 --- a/src/crypto/tls/handshake_client_tls13.go +++ b/src/crypto/tls/handshake_client_tls13.go @@ -41,10 +41,6 @@ type clientHandshakeStateTLS13 struct { func (hs *clientHandshakeStateTLS13) handshake() error { c := hs.c - + - if needFIPS() { - return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") - } @@ -1327,13 +1374,13 @@ index 4a8661085e..87fe11de5c 100644 // sections 4.1.2 and 4.1.3. if c.handshakes > 0 { diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index b7b568cd84..af75e7dbe0 100644 +index 21d798de37..816ca10858 100644 --- a/src/crypto/tls/handshake_server_tls13.go +++ b/src/crypto/tls/handshake_server_tls13.go -@@ -44,10 +44,6 @@ type serverHandshakeStateTLS13 struct { +@@ -45,10 +45,6 @@ type serverHandshakeStateTLS13 struct { func (hs *serverHandshakeStateTLS13) handshake() error { c := hs.c - + - if needFIPS() { - return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") - } @@ -1342,7 +1389,7 @@ index b7b568cd84..af75e7dbe0 100644 if err := hs.processClientHello(); err != nil { return err diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go -index ae8f80a7cf..30a8450f40 100644 +index d7f082c9ee..e7a360fdd4 100644 --- a/src/crypto/tls/key_schedule.go +++ b/src/crypto/tls/key_schedule.go @@ -7,6 +7,7 @@ package tls @@ -1353,7 +1400,7 @@ index ae8f80a7cf..30a8450f40 100644 "errors" "fmt" "hash" -@@ -58,9 +59,20 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by +@@ -59,9 +60,20 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by panic(fmt.Errorf("failed to construct HKDF label: %s", err)) } out := make([]byte, length) @@ -1377,7 +1424,7 @@ index ae8f80a7cf..30a8450f40 100644 } return out } -@@ -78,7 +90,15 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { +@@ -79,7 +91,15 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { if newSecret == nil { newSecret = make([]byte, c.hash.Size()) } @@ -1392,7 +1439,7 @@ index ae8f80a7cf..30a8450f40 100644 + return hkdf.Extract(c.hash.New, newSecret, currentSecret) + } } - + // nextTrafficSecret generates the next traffic secret, given the current one, diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go index 33fd0ed52b..102acda578 100644 @@ -1408,7 +1455,7 @@ index 33fd0ed52b..102acda578 100644 "crypto/x509/pkix" @@ -58,7 +59,15 @@ func TestBoringAllowCert(t *testing.T) { R3 := testBoringCert(t, "R3", boringRSAKey(t, 4096), nil, boringCertCA|boringCertFIPSOK) - + M1_R1 := testBoringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK) - M2_R1 := testBoringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA) + @@ -1420,11 +1467,11 @@ index 33fd0ed52b..102acda578 100644 + } else { + M2_R1 = testBoringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P384()), R1, boringCertCA|boringCertFIPSOK) + } - + I_R1 := testBoringCert(t, "I_R1", boringRSAKey(t, 3072), R1, boringCertCA|boringCertFIPSOK) testBoringCert(t, "I_R2", I_R1.key, R2, boringCertCA|boringCertFIPSOK) diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go -index 8846b00312..8734dd03c1 100644 +index f32c390900..dca9c51990 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -12,6 +12,8 @@ import ( @@ -1436,10 +1483,10 @@ index 8846b00312..8734dd03c1 100644 "crypto/rand" "crypto/rsa" _ "crypto/sha256" -@@ -125,32 +127,54 @@ func TestParsePKIXPublicKey(t *testing.T) { +@@ -127,32 +129,54 @@ func TestParsePKIXPublicKey(t *testing.T) { }) } - + +// This public key is extracted from pemPrivateKey defined below with +// the following command: +// @@ -1462,7 +1509,7 @@ index 8846b00312..8734dd03c1 100644 +aQIDAQAB -----END PUBLIC KEY----- ` - + +// This key is generated with the following command: +// +// openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out key.pem @@ -1510,9 +1557,9 @@ index 8846b00312..8734dd03c1 100644 +QOhL8wXZcdwHKsONy55kZHo8pmneqi9EnqqLGguLwx5WIMzWvZ8= -----END RSA TESTING KEY----- `) - -@@ -210,13 +234,13 @@ func bigFromHexString(s string) *big.Int { - + +@@ -212,13 +236,13 @@ func bigFromHexString(s string) *big.Int { + var rsaPrivateKey = &rsa.PrivateKey{ PublicKey: rsa.PublicKey{ - N: bigFromString("124737666279038955318614287965056875799409043964547386061640914307192830334599556034328900586693254156136128122194531292927142396093148164407300419162827624945636708870992355233833321488652786796134504707628792159725681555822420087112284637501705261187690946267527866880072856272532711620639179596808018872997"), @@ -1528,10 +1575,10 @@ index 8846b00312..8734dd03c1 100644 + bigFromString("146306182837940795154243491672545598732731521261772425577071902398494756400761181229877966908959767779942799478853764354255505873530749881845000716071915494302715554511619294255599209521952152229250381623079574375248555498847701822870266575429060940749806104053368129657146195126647000200158517816035847077797"), }, } - -@@ -629,6 +653,13 @@ func TestCreateSelfSignedCertificate(t *testing.T) { + +@@ -631,6 +655,13 @@ func TestCreateSelfSignedCertificate(t *testing.T) { extraExtensionData := []byte("extra extension") - + for _, test := range tests { + if boring.Enabled && test.sigAlgo.isRSAPSS() { + key, _ := test.priv.(*rsa.PrivateKey) @@ -1543,9 +1590,9 @@ index 8846b00312..8734dd03c1 100644 commonName := "test.example.com" template := Certificate{ SerialNumber: big.NewInt(1), -@@ -3607,11 +3638,19 @@ func TestParseRevocationList(t *testing.T) { +@@ -3685,11 +3716,19 @@ func TestParseRevocationList(t *testing.T) { } - + func TestRevocationListCheckSignatureFrom(t *testing.T) { - goodKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + var testCurve elliptic.Curve @@ -1566,13 +1613,13 @@ index 8846b00312..8734dd03c1 100644 t.Fatalf("failed to generate test key: %s", err) } diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 08452c7b1d..0732db0662 100644 +index 147137262b..8a05f6df3e 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -396,9 +396,11 @@ var depsRules = ` +@@ -428,9 +428,11 @@ var depsRules = ` < crypto/internal/alias < crypto/cipher; - + - crypto/cipher, + fmt, crypto/cipher, crypto/internal/boring/bcache @@ -1580,15 +1627,15 @@ index 08452c7b1d..0732db0662 100644 + < github.com/golang-fips/openssl-fips/openssl + < crypto/internal/backend < crypto/boring; - + crypto/internal/alias -@@ -427,11 +429,13 @@ var depsRules = ` +@@ -459,11 +461,13 @@ var depsRules = ` crypto/sha512 < CRYPTO; - + - CGO, fmt, net !< CRYPTO; + CGO, net !< CRYPTO; - + # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big + < github.com/golang-fips/openssl-fips/openssl/bbig @@ -1597,16 +1644,16 @@ index 08452c7b1d..0732db0662 100644 < crypto/rand < crypto/ed25519 < encoding/asn1 -@@ -629,6 +633,7 @@ func listStdPkgs(goroot string) ([]string, error) { +@@ -705,6 +709,7 @@ func listStdPkgs(goroot string) ([]string, error) { } - + func TestDependencies(t *testing.T) { + t.Skip("openssl-fips based toolchain has different dependencies than upstream") if !testenv.HasSrc() { // Tests run in a limited file system and we do not // provide access to every source file. -@@ -671,7 +676,7 @@ var buildIgnore = []byte("\n//go:build ignore") - +@@ -747,7 +752,7 @@ var buildIgnore = []byte("\n//go:build ignore") + func findImports(pkg string) ([]string, error) { vpkg := pkg - if strings.HasPrefix(pkg, "golang.org") { @@ -1614,7 +1661,7 @@ index 08452c7b1d..0732db0662 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -681,7 +686,7 @@ func findImports(pkg string) ([]string, error) { +@@ -757,7 +762,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} @@ -1624,7 +1671,7 @@ index 08452c7b1d..0732db0662 100644 } fset := token.NewFileSet() diff --git a/src/runtime/pprof/proto_test.go b/src/runtime/pprof/proto_test.go -index 780b481de8..63db9e9ed7 100644 +index e1a7f2306d..babe54b13b 100644 --- a/src/runtime/pprof/proto_test.go +++ b/src/runtime/pprof/proto_test.go @@ -15,6 +15,7 @@ import ( @@ -1635,7 +1682,7 @@ index 780b481de8..63db9e9ed7 100644 "strings" "testing" "unsafe" -@@ -95,11 +96,15 @@ func testPCs(t *testing.T) (addr1, addr2 uint64, map1, map2 *profile.Mapping) { +@@ -91,11 +92,15 @@ func testPCs(t *testing.T) (addr1, addr2 uint64, map1, map2 *profile.Mapping) { // region of memory. t.Skipf("need 2 or more mappings, got %v", len(mprof.Mapping)) } @@ -1651,12 +1698,12 @@ index 780b481de8..63db9e9ed7 100644 + map2.Offset = (addr2 - map2.Start) + map2.Offset + map2.Start = addr2 map2.BuildID, _ = elfBuildID(map2.File) - case "windows": + case "windows", "darwin", "ios": addr1 = uint64(abi.FuncPCABIInternal(f1)) -@@ -145,6 +150,29 @@ func testPCs(t *testing.T) (addr1, addr2 uint64, map1, map2 *profile.Mapping) { +@@ -136,6 +141,29 @@ func testPCs(t *testing.T) (addr1, addr2 uint64, map1, map2 *profile.Mapping) { return } - + +func findAddrInExecutableSection(t *testing.T, mmap []byte, m *profile.Mapping) uint64 { + mappings := strings.Split(string(mmap), "\n") + for _, mapping := range mappings { @@ -1682,13 +1729,13 @@ index 780b481de8..63db9e9ed7 100644 + func TestConvertCPUProfile(t *testing.T) { addr1, addr2, map1, map2 := testPCs(t) - + diff --git a/src/runtime/runtime_boring.go b/src/runtime/runtime_boring.go index 5a98b20253..dc25cdcfd5 100644 --- a/src/runtime/runtime_boring.go +++ b/src/runtime/runtime_boring.go @@ -17,3 +17,8 @@ func boring_runtime_arg0() string { - + //go:linkname fipstls_runtime_arg0 crypto/internal/boring/fipstls.runtime_arg0 func fipstls_runtime_arg0() string { return boring_runtime_arg0() } + @@ -1697,3 +1744,6 @@ index 5a98b20253..dc25cdcfd5 100644 + return boring_runtime_arg0() +} \ No newline at end of file +-- +2.43.0 + diff --git a/patches/001-initial-openssl-for-fips.patch b/patches/001-initial-openssl-for-fips.patch index 36e3861900..4e6317f218 100644 --- a/patches/001-initial-openssl-for-fips.patch +++ b/patches/001-initial-openssl-for-fips.patch @@ -20,7 +20,7 @@ index f0e3575637..a4139169b8 100644 os.Exit(0) } diff --git a/src/crypto/aes/cipher.go b/src/crypto/aes/cipher.go -index 183c1697c8..abe85b5ad3 100644 +index a9e6208696..1de76641aa 100644 --- a/src/crypto/aes/cipher.go +++ b/src/crypto/aes/cipher.go @@ -7,7 +7,7 @@ package aes @@ -100,16 +100,15 @@ index 33e5f1b37e..0000000000 -} diff --git a/src/crypto/boring/notboring_test.go b/src/crypto/boring/notboring_test.go deleted file mode 100644 -index ffe18e9109..0000000000 +index 0701628464..0000000000 --- a/src/crypto/boring/notboring_test.go +++ /dev/null -@@ -1,14 +0,0 @@ +@@ -1,13 +0,0 @@ -// Copyright 2020 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -//go:build (goexperiment.boringcrypto && !boringcrypto) || (!goexperiment.boringcrypto && boringcrypto) --// +build goexperiment.boringcrypto,!boringcrypto !goexperiment.boringcrypto,boringcrypto - -package boring_test - @@ -119,7 +118,7 @@ index ffe18e9109..0000000000 - t.Error("goexperiment.boringcrypto and boringcrypto should be equivalent build tags") -} diff --git a/src/crypto/ecdh/ecdh.go b/src/crypto/ecdh/ecdh.go -index b86f521787..5b48335c69 100644 +index b7c26f91e5..0e6680fd04 100644 --- a/src/crypto/ecdh/ecdh.go +++ b/src/crypto/ecdh/ecdh.go @@ -8,7 +8,7 @@ package ecdh @@ -185,7 +184,7 @@ index af6bcd86f4..cc111c5564 100644 } if testing.Short() { diff --git a/src/crypto/ecdh/nist.go b/src/crypto/ecdh/nist.go -index 01354fa2cf..a7f1d9eced 100644 +index b366491544..a930d7e5e2 100644 --- a/src/crypto/ecdh/nist.go +++ b/src/crypto/ecdh/nist.go @@ -5,7 +5,7 @@ @@ -255,7 +254,7 @@ index 275c60b4de..58f0034b18 100644 "math/big" ) diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go -index e1503779ae..00953a453a 100644 +index 3ed15a888a..d5ab3d32e3 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -27,8 +27,8 @@ import ( @@ -458,7 +457,7 @@ index 8b5c2cc9af..ebbb1c0c07 100644 } testenv.SkipIfOptimizationOff(t) diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go -index 35b9d5a17a..5697756a27 100644 +index 46ec81b8c5..1b99c68577 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -22,7 +22,7 @@ timing side-channels: @@ -471,8 +470,8 @@ index 35b9d5a17a..5697756a27 100644 "hash" ) @@ -127,7 +127,7 @@ func (h *hmac) Reset() { - // the returned Hash does not implement encoding.BinaryMarshaler - // or encoding.BinaryUnmarshaler. + // the returned Hash does not implement [encoding.BinaryMarshaler] + // or [encoding.BinaryUnmarshaler]. func New(h func() hash.Hash, key []byte) hash.Hash { - if boring.Enabled { + if boring.Enabled() { @@ -505,7 +504,7 @@ index 55415abf02..0edd7a6003 100644 defer func() { diff --git a/src/crypto/internal/boring/aes.go b/src/crypto/internal/boring/aes.go deleted file mode 100644 -index 6fae1d54f8..0000000000 +index 8819f576f4..0000000000 --- a/src/crypto/internal/boring/aes.go +++ /dev/null @@ -1,385 +0,0 @@ @@ -513,7 +512,7 @@ index 6fae1d54f8..0000000000 -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan - -package boring - @@ -935,7 +934,7 @@ index 5ce46972b3..0000000000 -} diff --git a/src/crypto/internal/boring/boring.go b/src/crypto/internal/boring/boring.go deleted file mode 100644 -index 102380a839..0000000000 +index ded36a92f9..0000000000 --- a/src/crypto/internal/boring/boring.go +++ /dev/null @@ -1,126 +0,0 @@ @@ -943,7 +942,7 @@ index 102380a839..0000000000 -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan - -package boring - @@ -1107,7 +1106,7 @@ index 83bbbd3404..0000000000 -} diff --git a/src/crypto/internal/boring/doc.go b/src/crypto/internal/boring/doc.go deleted file mode 100644 -index 6060fe5951..0000000000 +index 091e0d641e..0000000000 --- a/src/crypto/internal/boring/doc.go +++ /dev/null @@ -1,19 +0,0 @@ @@ -1123,7 +1122,7 @@ index 6060fe5951..0000000000 -// Enabled reports whether BoringCrypto is available. -// When enabled is false, all functions in this package panic. -// --// BoringCrypto is only available on linux/amd64 systems. +-// BoringCrypto is only available on linux/amd64 and linux/arm64 systems. -const Enabled = available - -// A BigInt is the raw words from a BigInt. @@ -1132,7 +1131,7 @@ index 6060fe5951..0000000000 -type BigInt []uint diff --git a/src/crypto/internal/boring/ecdh.go b/src/crypto/internal/boring/ecdh.go deleted file mode 100644 -index 8f46d8146f..0000000000 +index 6a5d174c16..0000000000 --- a/src/crypto/internal/boring/ecdh.go +++ /dev/null @@ -1,224 +0,0 @@ @@ -1140,7 +1139,7 @@ index 8f46d8146f..0000000000 -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan - -package boring - @@ -1471,7 +1470,7 @@ index 2abc043640..a83be6dfdb 100644 + panic("!no_openssl: not available") } diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go -index 55fea1ab93..d6eaf7cea8 100644 +index 2705036fdd..b870749e33 100644 --- a/src/crypto/rsa/pkcs1v15.go +++ b/src/crypto/rsa/pkcs1v15.go @@ -6,7 +6,7 @@ package rsa @@ -1608,7 +1607,7 @@ index 39a4fc184a..0853178e3a 100644 } diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go -index 3a377cc9db..ce78a13d6f 100644 +index b63b6eb01d..a09a4926f7 100644 --- a/src/crypto/rsa/pss.go +++ b/src/crypto/rsa/pss.go @@ -9,7 +9,7 @@ package rsa @@ -1679,7 +1678,7 @@ index 1226149321..befd1612b5 100644 } diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go -index ad860d7f0c..86f700bee2 100644 +index 90557200ea..3a45deef7d 100644 --- a/src/crypto/rsa/rsa.go +++ b/src/crypto/rsa/rsa.go @@ -28,8 +28,8 @@ package rsa @@ -1820,42 +1819,37 @@ index b994daec19..4b7427e1ae 100644 t.Logf("skipping encryption tests with BoringCrypto: too short key: %d", n.BitLen()) continue } -diff --git a/src/crypto/sha1/boring.go b/src/crypto/sha1/boring.go -index b5786d1bf4..9bd03f3940 100644 ---- a/src/crypto/sha1/boring.go -+++ b/src/crypto/sha1/boring.go -@@ -12,11 +12,11 @@ - package sha1 +diff --git a/src/crypto/sha1/sha1.go b/src/crypto/sha1/sha1.go +index ac10fa1557..f561d09089 100644 +--- a/src/crypto/sha1/sha1.go ++++ b/src/crypto/sha1/sha1.go +@@ -10,7 +10,7 @@ package sha1 import ( + "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" + "encoding/binary" + "errors" "hash" - ) - --const boringEnabled = boring.Enabled -+var boringEnabled = boring.Enabled() - - func boringNewSHA1() hash.Hash { return boring.NewSHA1() } - -diff --git a/src/crypto/sha1/notboring.go b/src/crypto/sha1/notboring.go -index 42ef87937f..c1a3205539 100644 ---- a/src/crypto/sha1/notboring.go -+++ b/src/crypto/sha1/notboring.go -@@ -11,10 +11,10 @@ import ( - "hash" - ) - --const boringEnabled = false -+var boringEnabled = false - --func boringNewSHA1() hash.Hash { panic("boringcrypto: not available") } -+func boringNewSHA1() hash.Hash { panic("!no_openssl: not available") } - - func boringUnreachable() {} +@@ -108,7 +108,7 @@ func (d *digest) Reset() { + // implements [encoding.BinaryMarshaler] and [encoding.BinaryUnmarshaler] to + // marshal and unmarshal the internal state of the hash. + func New() hash.Hash { +- if boring.Enabled { ++ if boring.Enabled() { + return boring.NewSHA1() + } + d := new(digest) +@@ -255,7 +255,7 @@ func (d *digest) constSum() [Size]byte { --func boringSHA1([]byte) [20]byte { panic("boringcrypto: not available") } -+func boringSHA1([]byte) [20]byte { panic("!no_openssl: not available") } + // Sum returns the SHA-1 checksum of the data. + func Sum(data []byte) [Size]byte { +- if boring.Enabled { ++ if boring.Enabled() { + return boring.SHA1(data) + } + var d digest diff --git a/src/crypto/sha1/sha1_test.go b/src/crypto/sha1/sha1_test.go index 85ed126091..71f4b46663 100644 --- a/src/crypto/sha1/sha1_test.go @@ -1897,7 +1891,7 @@ index 85ed126091..71f4b46663 100644 } in := []byte("hello, world!") diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 2deafbc9fc..282c326b32 100644 +index 0cc7fca0a6..1bfbf904b1 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -8,7 +8,7 @@ package sha256 @@ -1910,7 +1904,7 @@ index 2deafbc9fc..282c326b32 100644 "errors" "hash" @@ -148,7 +148,7 @@ func (d *digest) Reset() { - // encoding.BinaryUnmarshaler to marshal and unmarshal the internal + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal // state of the hash. func New() hash.Hash { - if boring.Enabled { @@ -2079,7 +2073,7 @@ index 140b1a3dd8..fe6fa96d28 100644 } } diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 7bfe3f9417..49702f59ba 100644 +index 06bc373283..5cc0816414 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -2,14 +2,14 @@ @@ -2181,7 +2175,7 @@ index 7bfe3f9417..49702f59ba 100644 } if reachableFIPS[c.org] && c.fipsOK { diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 669208bb86..15a44e8cf6 100644 +index d352a8cfa8..a8920d151b 100644 --- a/src/crypto/tls/cipher_suites.go +++ b/src/crypto/tls/cipher_suites.go @@ -10,7 +10,7 @@ import ( @@ -2193,7 +2187,7 @@ index 669208bb86..15a44e8cf6 100644 "crypto/rc4" "crypto/sha1" "crypto/sha256" -@@ -422,7 +422,7 @@ func macSHA1(key []byte) hash.Hash { +@@ -446,7 +446,7 @@ func macSHA1(key []byte) hash.Hash { h := sha1.New // The BoringCrypto SHA1 does not have a constant-time // checksum function, so don't try to use it. @@ -2202,7 +2196,7 @@ index 669208bb86..15a44e8cf6 100644 h = newConstantTimeHash(h) } return hmac.New(h, key) -@@ -514,7 +514,7 @@ func aeadAESGCM(key, noncePrefix []byte) aead { +@@ -538,7 +538,7 @@ func aeadAESGCM(key, noncePrefix []byte) aead { panic(err) } var aead cipher.AEAD @@ -2212,7 +2206,7 @@ index 669208bb86..15a44e8cf6 100644 } else { boring.Unreachable() diff --git a/src/crypto/tls/common.go b/src/crypto/tls/common.go -index 5edbd19995..a72d4855c1 100644 +index c0087ef5df..251a05cb75 100644 --- a/src/crypto/tls/common.go +++ b/src/crypto/tls/common.go @@ -12,7 +12,7 @@ import ( @@ -2224,7 +2218,7 @@ index 5edbd19995..a72d4855c1 100644 "crypto/rand" "crypto/rsa" "crypto/sha512" -@@ -1032,7 +1032,7 @@ const roleServer = false +@@ -1041,7 +1041,7 @@ var tls10server = godebug.New("tls10server") func (c *Config) supportedVersions(isClient bool) []uint16 { versions := make([]uint16, 0, len(supportedVersions)) for _, v := range supportedVersions { @@ -2317,7 +2311,7 @@ index c83a7272c9..0c7dea2f1f 100644 package x509 diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go -index 0c2cbf3182..e01c24292e 100644 +index dca9c51990..224ed4c1d1 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -12,7 +12,7 @@ import ( @@ -2329,7 +2323,7 @@ index 0c2cbf3182..e01c24292e 100644 "crypto/internal/backend/boringtest" "crypto/rand" "crypto/rsa" -@@ -653,7 +653,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) { +@@ -655,7 +655,7 @@ func TestCreateSelfSignedCertificate(t *testing.T) { extraExtensionData := []byte("extra extension") for _, test := range tests { @@ -2338,7 +2332,7 @@ index 0c2cbf3182..e01c24292e 100644 key, _ := test.priv.(*rsa.PrivateKey) if key.PublicKey.N.BitLen() < 2048 { t.Logf("skipping short key with BoringCrypto: %d", key.PublicKey.N.BitLen()) -@@ -3716,7 +3716,7 @@ func TestRevocationListCheckSignatureFrom(t *testing.T) { +@@ -3719,7 +3719,7 @@ func TestRevocationListCheckSignatureFrom(t *testing.T) { var testCurve elliptic.Curve // If OpenSSL supports P224, use the default upstream behavior, // otherwise test with P384 @@ -2348,27 +2342,27 @@ index 0c2cbf3182..e01c24292e 100644 } else { testCurve = elliptic.P384() diff --git a/src/go.mod b/src/go.mod -index 3b24053b94..c4bc3c1e96 100644 +index 003d6a96a9..6b8b04c520 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std - go 1.21 + go 1.22 require ( + github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46 - golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d - golang.org/x/net v0.12.1-0.20231027154334-5ca955b1789c + golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995 + golang.org/x/net v0.17.1-0.20231025180729-4c7a5b64f145 ) diff --git a/src/go.sum b/src/go.sum -index caf8ff010d..16a5d8c7da 100644 +index 22519d7feb..b3cb54bd01 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ +github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46 h1:1oaM7kpYYlqwc6sIROINgj5fUW4CGZGEBwfzIc+TnJI= +github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46/go.mod h1:V2IU8imz/VkScnIbTOrdYsZ5R88ZFypCE0LzhRJ3HsI= - golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d h1:LiA25/KWKuXfIq5pMIBq1s5hz3HQxhJJSu/SUGlD+SM= - golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= - golang.org/x/net v0.12.1-0.20231027154334-5ca955b1789c h1:d+VvAxu4S13DWtf73R5eY//VaCk3aUcVdyYjM1SX7zw= + golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995 h1:fwu25/DhiXr/++jtzz2gHfC/FL/FimAGVxczaK4pjR8= + golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995/go.mod h1:aSyBXtGhRzSMdne9jbl3+PPMVS0IgOWF6Llc+HB5uUU= + golang.org/x/net v0.17.1-0.20231025180729-4c7a5b64f145 h1:b50rfQxeg+jm4ud87SAQt4escws56zdE+/rT1oKU4oU= diff --git a/src/vendor/github.com/golang-fips/openssl-fips/LICENSE b/src/vendor/github.com/golang-fips/openssl-fips/LICENSE new file mode 100644 index 0000000000..97e8515401 @@ -3164,14 +3158,14 @@ diff --git a/src/crypto/internal/boring/ecdsa.go b/src/vendor/github.com/golang- similarity index 60% rename from src/crypto/internal/boring/ecdsa.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -index e15f3682c7..5e1e789da0 100644 +index 2adfdb2c9f..5e1e789da0 100644 --- a/src/crypto/internal/boring/ecdsa.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go @@ -2,19 +2,24 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl @@ -4624,14 +4618,14 @@ diff --git a/src/crypto/internal/boring/hmac.go b/src/vendor/github.com/golang-f similarity index 69% rename from src/crypto/internal/boring/hmac.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go -index 6241a65f5f..6f001777ae 100644 +index ae926da695..6f001777ae 100644 --- a/src/crypto/internal/boring/hmac.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hmac.go @@ -2,14 +2,14 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl @@ -4749,14 +4743,14 @@ diff --git a/src/crypto/internal/boring/notboring.go b/src/vendor/github.com/gol similarity index 63% rename from src/crypto/internal/boring/notboring.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go -index 1c5e4c742d..2fa4a38e44 100644 +index 361dec9672..2fa4a38e44 100644 --- a/src/crypto/internal/boring/notboring.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go @@ -2,32 +2,34 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. --//go:build !(boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan && cgo) +-//go:build !(boringcrypto && linux && (amd64 || arm64) && !android && !msan && cgo) +//go:build !linux || !cgo || android || cmd_go_bootstrap || msan || no_openssl +// +build !linux !cgo android cmd_go_bootstrap msan no_openssl @@ -6387,14 +6381,14 @@ diff --git a/src/crypto/internal/boring/rand.go b/src/vendor/github.com/golang-f similarity index 71% rename from src/crypto/internal/boring/rand.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go -index 7639c01909..b3668b8823 100644 +index 556b98a112..b3668b8823 100644 --- a/src/crypto/internal/boring/rand.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rand.go @@ -2,11 +2,12 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl @@ -6419,14 +6413,14 @@ diff --git a/src/crypto/internal/boring/rsa.go b/src/vendor/github.com/golang-fi similarity index 52% rename from src/crypto/internal/boring/rsa.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go -index fa693ea319..75ba7a8a59 100644 +index e3baa44549..75ba7a8a59 100644 --- a/src/crypto/internal/boring/rsa.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/rsa.go @@ -2,15 +2,15 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl @@ -6907,14 +6901,14 @@ diff --git a/src/crypto/internal/boring/sha.go b/src/vendor/github.com/golang-fi similarity index 78% rename from src/crypto/internal/boring/sha.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go -index cf82f3f64f..0b55cedc91 100644 +index a49c119738..0b55cedc91 100644 --- a/src/crypto/internal/boring/sha.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/sha.go @@ -2,12 +2,13 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. --//go:build boringcrypto && linux && (amd64 || arm64) && !android && !cmd_go_bootstrap && !msan +-//go:build boringcrypto && linux && (amd64 || arm64) && !android && !msan +//go:build linux && !android && !cmd_go_bootstrap && !msan && !no_openssl +// +build linux,!android,!cmd_go_bootstrap,!msan,!no_openssl @@ -7164,13 +7158,13 @@ index cf82f3f64f..0b55cedc91 100644 type sha512Ctx struct { diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 4de656b0e8..273a9d49d6 100644 +index 6d61189796..993a3cae92 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,6 @@ +# github.com/golang-fips/openssl-fips v0.0.0-20230801192317-b175be2ccd46 +## explicit; go 1.18 +github.com/golang-fips/openssl-fips/openssl - # golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d - ## explicit; go 1.17 + # golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995 + ## explicit; go 1.18 golang.org/x/crypto/chacha20 diff --git a/patches/002-strict-fips-runtime-detection.patch b/patches/002-strict-fips-runtime-detection.patch index ad4c22fe4c..9334d92bc3 100644 --- a/patches/002-strict-fips-runtime-detection.patch +++ b/patches/002-strict-fips-runtime-detection.patch @@ -1,3 +1,24 @@ +From a4a9ee8d5ce1aea773715adccc10a8a90f0e17dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alejandro=20S=C3=A1ez?= +Date: Mon, 27 Nov 2023 10:54:39 +0100 +Subject: [PATCH] strict fips runtime detection + +--- + src/crypto/internal/backend/hostfips.go | 21 +++++++++++++++++ + src/crypto/internal/backend/nobackend.go | 9 ++++++-- + .../internal/backend/not_strict_fips.go | 10 ++++++++ + src/crypto/internal/backend/openssl.go | 4 ++++ + src/crypto/internal/backend/strict_fips.go | 23 +++++++++++++++++++ + .../goexperiment/exp_strictfipsruntime_off.go | 9 ++++++++ + .../goexperiment/exp_strictfipsruntime_on.go | 9 ++++++++ + src/internal/goexperiment/flags.go | 2 ++ + 8 files changed, 85 insertions(+), 2 deletions(-) + create mode 100644 src/crypto/internal/backend/hostfips.go + create mode 100644 src/crypto/internal/backend/not_strict_fips.go + create mode 100644 src/crypto/internal/backend/strict_fips.go + create mode 100644 src/internal/goexperiment/exp_strictfipsruntime_off.go + create mode 100644 src/internal/goexperiment/exp_strictfipsruntime_on.go + diff --git a/src/crypto/internal/backend/hostfips.go b/src/crypto/internal/backend/hostfips.go new file mode 100644 index 0000000000..6fcd7139c6 @@ -140,13 +161,18 @@ index 0000000000..0983612732 +const StrictFIPSRuntime = true +const StrictFIPSRuntimeInt = 1 diff --git a/src/internal/goexperiment/flags.go b/src/internal/goexperiment/flags.go -index 02e744362c..4ac7f480cf 100644 +index dacc4c3b13..b665d1f9a3 100644 --- a/src/internal/goexperiment/flags.go +++ b/src/internal/goexperiment/flags.go -@@ -100,4 +100,6 @@ type Flags struct { - // CacheProg adds support to cmd/go to use a child process to implement +@@ -110,6 +110,8 @@ type Flags struct { // the build cache; see https://github.com/golang/go/issues/59719. CacheProg bool -+ + + StrictFIPSRuntime bool - } ++ + // NewInliner enables a new+improved version of the function + // inlining phase within the Go compiler. + NewInliner bool +-- +2.43.0 +