Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update initial openssl patch #237

Merged
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 27 additions & 15 deletions patches/001-initial-openssl-for-fips.patch
Original file line number Diff line number Diff line change
Expand Up @@ -2348,24 +2348,24 @@ index 0c2cbf3182..e01c24292e 100644
} else {
testCurve = elliptic.P384()
diff --git a/src/go.mod b/src/go.mod
index 01d759c800..070c9e87ee 100644
index 01d759c800..f13af41b7a 100644
--- a/src/go.mod
+++ b/src/go.mod
@@ -3,6 +3,7 @@ module std
go 1.21

require (
+ github.com/golang-fips/openssl v0.0.0-20240418160119-bad1c00e6bbe
+ github.com/golang-fips/openssl v0.0.0-20240830121749-972af39412e2
golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d
golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5
)
diff --git a/src/go.sum b/src/go.sum
index f83343a0a1..c6294ac7bf 100644
index f83343a0a1..2d926818b8 100644
--- a/src/go.sum
+++ b/src/go.sum
@@ -1,3 +1,5 @@
+github.com/golang-fips/openssl v0.0.0-20240418160119-bad1c00e6bbe h1:JwklyCiwQZrO0NE0s3HnCk0KbPcY/Dg1FCuN53KkX+g=
+github.com/golang-fips/openssl v0.0.0-20240418160119-bad1c00e6bbe/go.mod h1:LBziBt5PA8FeliZ0KnhnWMrrHzvAsMWZUlYWOYKkpBI=
+github.com/golang-fips/openssl v0.0.0-20240830121749-972af39412e2 h1:YcC2OtDNGCcn2qTnNhGb2Zl4lUwOgTMVAc42hPaf7hk=
+github.com/golang-fips/openssl v0.0.0-20240830121749-972af39412e2/go.mod h1:LBziBt5PA8FeliZ0KnhnWMrrHzvAsMWZUlYWOYKkpBI=
golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d h1:LiA25/KWKuXfIq5pMIBq1s5hz3HQxhJJSu/SUGlD+SM=
golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
golang.org/x/net v0.12.1-0.20240412193743-ef58d90fdfc5 h1:BIx9jz/hjPE1CesqfHzRaf2JsOjDxZrKAVr//XXJh0U=
Expand Down Expand Up @@ -4703,10 +4703,10 @@ diff --git a/src/crypto/internal/boring/notboring.go b/src/vendor/github.com/gol
similarity index 63%
rename from src/crypto/internal/boring/notboring.go
rename to src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
index 1c5e4c742d..5093cdef43 100644
index 1c5e4c742d..11878e37a0 100644
--- a/src/crypto/internal/boring/notboring.go
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/notboring.go
@@ -2,32 +2,34 @@
@@ -2,32 +2,35 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

Expand All @@ -4723,6 +4723,7 @@ index 1c5e4c742d..5093cdef43 100644
- "crypto/internal/boring/sig"
"hash"
+ "io"
+ "math/big"
)

-const available = false
Expand All @@ -4749,7 +4750,7 @@ index 1c5e4c742d..5093cdef43 100644
type randReader int

func (randReader) Read(b []byte) (int, error) { panic("boringcrypto: not available") }
@@ -40,16 +42,9 @@ func NewSHA256() hash.Hash { panic("boringcrypto: not available") }
@@ -40,16 +43,9 @@ func NewSHA256() hash.Hash { panic("boringcrypto: not available") }
func NewSHA384() hash.Hash { panic("boringcrypto: not available") }
func NewSHA512() hash.Hash { panic("boringcrypto: not available") }

Expand All @@ -4766,7 +4767,7 @@ index 1c5e4c742d..5093cdef43 100644

type PublicKeyECDSA struct{ _ int }
type PrivateKeyECDSA struct{ _ int }
@@ -63,17 +58,42 @@ func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error)
@@ -63,17 +59,42 @@ func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error)
func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) {
panic("boringcrypto: not available")
}
Expand Down Expand Up @@ -4811,7 +4812,7 @@ index 1c5e4c742d..5093cdef43 100644
panic("boringcrypto: not available")
}
func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
@@ -82,7 +102,7 @@ func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
@@ -82,7 +103,7 @@ func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
panic("boringcrypto: not available")
}
Expand All @@ -4820,7 +4821,7 @@ index 1c5e4c742d..5093cdef43 100644
panic("boringcrypto: not available")
}
func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
@@ -98,25 +118,23 @@ func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error
@@ -98,25 +119,23 @@ func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error
panic("boringcrypto: not available")
}
func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) { panic("boringcrypto: not available") }
Expand Down Expand Up @@ -6146,10 +6147,10 @@ index 0000000000..2eedd5b8c6
+#endif
diff --git a/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
new file mode 100644
index 0000000000..a5996d66f2
index 0000000000..d26ce90c82
--- /dev/null
+++ b/src/vendor/github.com/golang-fips/openssl/openssl/openssl_port_hmac.c
@@ -0,0 +1,225 @@
@@ -0,0 +1,236 @@
+// This file contains HMAC portability wrappers.
+// +build linux
+// +build !android
Expand All @@ -6166,7 +6167,12 @@ index 0000000000..a5996d66f2
+ (int type, ENGINE *e, const unsigned char *key, int keylen),
+ (type, e, key, keylen))
+DEFINEFUNCINTERNAL(int, EVP_MD_CTX_reset, (EVP_MD_CTX *ctx), (ctx))
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+DEFINEFUNCINTERNAL(const EVP_MD *, EVP_MD_CTX_get0_md, (const EVP_MD_CTX *ctx), (ctx))
+#else
+DEFINEFUNCINTERNAL(const EVP_MD *, EVP_MD_CTX_md, (const EVP_MD_CTX *ctx), (ctx))
+#endif
+DEFINEFUNCINTERNAL(int, EVP_MD_CTX_copy_ex, (EVP_MD_CTX *out, const EVP_MD_CTX *in), (out, in))
+
+/* EVP_DigestSignUpdate is converted from a macro in 3.0 */
Expand Down Expand Up @@ -6231,7 +6237,13 @@ index 0000000000..a5996d66f2
+ int ret;
+ const EVP_MD *md;
+
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ md = _goboringcrypto_internal_EVP_MD_CTX_get0_md(ctx->mdctx);
+#else
+ md = _goboringcrypto_internal_EVP_MD_CTX_md(ctx->mdctx);
+#endif
+
+ if (!md)
+ return -1;
+
Expand Down Expand Up @@ -7544,11 +7556,11 @@ index cf82f3f64f..0b55cedc91 100644

type sha512Ctx struct {
diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
index 53ad662c63..8c6b162adf 100644
index 53ad662c63..8126524580 100644
--- a/src/vendor/modules.txt
+++ b/src/vendor/modules.txt
@@ -1,3 +1,6 @@
+# github.com/golang-fips/openssl v0.0.0-20240418160119-bad1c00e6bbe
+# github.com/golang-fips/openssl v0.0.0-20240830121749-972af39412e2
+## explicit; go 1.18
+github.com/golang-fips/openssl/openssl
# golang.org/x/crypto v0.11.1-0.20230711161743-2e82bdd1719d
Expand Down
Loading