fix conflicts

microsoft · Oct 25, 2024 · 3c51449 · 3c51449
1 parent 563fd27
commit 3c51449
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 66 deletions.
diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch
@@ -41,7 +41,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/rsa/rsa_test.go                   |   2 +-
  src/crypto/sha1/sha1.go                      |   2 +-
  src/crypto/sha1/sha1_test.go                 |   2 +-
- src/crypto/sha256/sha256.go                  |  14 +-
+ src/crypto/sha256/sha256.go                  |   6 +-
  src/crypto/sha256/sha256_test.go             |   2 +-
  src/crypto/sha512/sha512.go                  |   2 +-
  src/crypto/sha512/sha512_test.go             |   2 +-
@@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/go/build/deps_test.go                    |   4 +
  src/net/smtp/smtp_test.go                    |  72 ++++---
  src/runtime/runtime_boring.go                |   5 +
- 52 files changed, 808 insertions(+), 108 deletions(-)
+ 52 files changed, 802 insertions(+), 106 deletions(-)
  create mode 100644 src/crypto/ed25519/boring.go
  create mode 100644 src/crypto/ed25519/notboring.go
  create mode 100644 src/crypto/internal/backend/backend_test.go
@@ -452,7 +452,7 @@ index 00000000000000..b0cdd44d81c753
 +	panic("boringcrypto: not available")
 +}
 diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go
-index 46ec81b8c58bc9..1563eedf6f78d1 100644
+index b8c909cf015aa7..9f517e8e527363 100644
 --- a/src/crypto/hmac/hmac.go
 +++ b/src/crypto/hmac/hmac.go
 @@ -22,7 +22,7 @@ timing side-channels:
@@ -461,9 +461,9 @@ index 46ec81b8c58bc9..1563eedf6f78d1 100644
  import (
 -	"crypto/internal/boring"
 +	boring "crypto/internal/backend"
+ 	"crypto/internal/fips/hmac"
  	"crypto/subtle"
  	"hash"
- )
 diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go
 index 7accad763244a1..dd3211f2c37af3 100644
 --- a/src/crypto/hmac/hmac_test.go
@@ -538,7 +538,7 @@ index 00000000000000..85bd3ed083f5b2
 +}
 diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
 new file mode 100644
-index 00000000000000..f83ff4abacc1dc
+index 00000000000000..bc595e91024f11
 --- /dev/null
 +++ b/src/crypto/internal/backend/common.go
 @@ -0,0 +1,92 @@
@@ -1268,7 +1268,7 @@ index d03892c57d4e61..d44f70b92661b4 100644
  	"crypto/rand"
  	"encoding"
 diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go
-index 7844f191e16b57..5c04e4bb83f2f2 100644
+index d87c689c9001ad..7584c380af0cec 100644
 --- a/src/crypto/sha256/sha256.go
 +++ b/src/crypto/sha256/sha256.go
 @@ -8,7 +8,7 @@ package sha256
@@ -1277,51 +1277,29 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644
  	"crypto"
 -	"crypto/internal/boring"
 +	boring "crypto/internal/backend"
- 	"errors"
+ 	"crypto/internal/fips/sha256"
  	"hash"
- 	"internal/byteorder"
-@@ -159,7 +159,7 @@ func New() hash.Hash {
+ )
+@@ -43,7 +43,7 @@ func New() hash.Hash {
  // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal
  // state of the hash.
  func New224() hash.Hash {
 -	if boring.Enabled {
 +	if boring.Enabled && boring.SupportsHash(crypto.SHA224) {
  		return boring.NewSHA224()
  	}
- 	d := new(digest)
-@@ -178,7 +178,9 @@ func (d *digest) Size() int {
- func (d *digest) BlockSize() int { return BlockSize }
-
- func (d *digest) Write(p []byte) (nn int, err error) {
--	boring.Unreachable()
-+	if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) {
-+		boring.Unreachable()
-+	}
- 	nn = len(p)
- 	d.len += uint64(nn)
- 	if d.nx > 0 {
-@@ -202,7 +204,9 @@ func (d *digest) Write(p []byte) (nn int, err error) {
- }
-
- func (d *digest) Sum(in []byte) []byte {
--	boring.Unreachable()
-+	if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) {
-+		boring.Unreachable()
-+	}
- 	// Make a copy of d so that caller can keep writing and summing.
- 	d0 := *d
- 	hash := d0.checkSum()
-@@ -263,7 +267,7 @@ func Sum256(data []byte) [Size]byte {
+ 	return sha256.New224()
+@@ -63,7 +63,7 @@ func Sum256(data []byte) [Size]byte {
 
  // Sum224 returns the SHA224 checksum of the data.
  func Sum224(data []byte) [Size224]byte {
 -	if boring.Enabled {
 +	if boring.Enabled && boring.SupportsHash(crypto.SHA224) {
  		return boring.SHA224(data)
  	}
- 	var d digest
+ 	h := New224()
 diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go
-index 3237c6a73e6a1e..5a8f4901451018 100644
+index 40be1480dd51d1..0426ce6aebd681 100644
 --- a/src/crypto/sha256/sha256_test.go
 +++ b/src/crypto/sha256/sha256_test.go
 @@ -8,7 +8,7 @@ package sha256
@@ -1331,10 +1309,10 @@ index 3237c6a73e6a1e..5a8f4901451018 100644
 -	"crypto/internal/boring"
 +	boring "crypto/internal/backend"
  	"crypto/internal/cryptotest"
- 	"crypto/rand"
  	"encoding"
+ 	"fmt"
 diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go
-index 0e2a34a1e347cf..132b9495e38644 100644
+index 0a12fde7bc060b..ca752598e4343a 100644
 --- a/src/crypto/sha512/sha512.go
 +++ b/src/crypto/sha512/sha512.go
 @@ -12,7 +12,7 @@ package sha512
@@ -1343,11 +1321,11 @@ index 0e2a34a1e347cf..132b9495e38644 100644
  	"crypto"
 -	"crypto/internal/boring"
 +	boring "crypto/internal/backend"
- 	"errors"
+ 	"crypto/internal/fips/sha512"
  	"hash"
- 	"internal/byteorder"
+ )
 diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go
-index cfe6b571975b27..de28aa927044a6 100644
+index 6e3d9bce1cf095..df96879c02d234 100644
 --- a/src/crypto/sha512/sha512_test.go
 +++ b/src/crypto/sha512/sha512_test.go
 @@ -8,7 +8,7 @@ package sha512
@@ -1357,8 +1335,8 @@ index cfe6b571975b27..de28aa927044a6 100644
 -	"crypto/internal/boring"
 +	boring "crypto/internal/backend"
  	"crypto/internal/cryptotest"
- 	"crypto/rand"
  	"encoding"
+ 	"encoding/hex"
 diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
 index 56050421985927..dcbd33167e4499 100644
 --- a/src/crypto/tls/boring_test.go
@@ -1775,28 +1753,28 @@ index 319ac61f49c994..1b2454dbaab264 100644
  	t.Helper()
  	k, err := rsa.GenerateKey(rand.Reader, size)
 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
-index 3adc26ae2b6e29..f05cec9d7c3253 100644
+index cc9d304bc62820..6509d58264aae0 100644
 --- a/src/go/build/deps_test.go
 +++ b/src/go/build/deps_test.go
-@@ -447,7 +447,9 @@ var depsRules = `
-
+@@ -463,7 +463,9 @@ var depsRules = `
  	# CRYPTO is core crypto algorithms - no cgo, fmt, net.
+ 	FIPS,
  	crypto/internal/boring/sig,
 +	crypto/internal/boring/fipstls,
  	crypto/internal/boring/syso,
 +	encoding/binary,
  	golang.org/x/sys/cpu,
  	hash, embed
  	< crypto
-@@ -458,6 +460,7 @@ var depsRules = `
+@@ -474,6 +476,7 @@ var depsRules = `
  	crypto/cipher,
  	crypto/internal/boring/bcache
  	< crypto/internal/boring
 +	< crypto/internal/backend
  	< crypto/boring;
 
  	crypto/internal/alias, math/rand/v2
-@@ -495,6 +498,7 @@ var depsRules = `
+@@ -511,6 +514,7 @@ var depsRules = `
  	# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
  	CRYPTO, FMT, math/big
  	< crypto/internal/boring/bbig

diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch
@@ -473,7 +473,7 @@ index 00000000000000..3d3d13709de5ac
 +	panic("cryptobackend: not available")
 +}
 diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
-index f83ff4abacc1dc..b05374a9d62a97 100644
+index bc595e91024f11..7766d674f5cfaf 100644
 --- a/src/crypto/internal/backend/common.go
 +++ b/src/crypto/internal/backend/common.go
 @@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool {
@@ -689,28 +689,28 @@ index d44f70b92661b4..76726556f80fbd 100644
 
  		h := New()
 diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go
-index 5a8f4901451018..f9549bba2dee59 100644
+index 0426ce6aebd681..bdb55a70a4847c 100644
 --- a/src/crypto/sha256/sha256_test.go
 +++ b/src/crypto/sha256/sha256_test.go
-@@ -14,6 +14,7 @@ import (
+@@ -13,6 +13,7 @@ import (
  	"encoding"
  	"fmt"
  	"hash"
 +	"internal/goexperiment"
  	"io"
  	"testing"
  )
-@@ -140,6 +141,9 @@ func TestGolden(t *testing.T) {
+@@ -141,6 +142,9 @@ func testGolden(t *testing.T) {
  }
 
  func TestGoldenMarshal(t *testing.T) {
 +	if goexperiment.CNGCrypto {
 +		t.Skip("CNGCrypto does not support hash marshalling")
 +	}
- 	tests := []struct {
- 		name    string
- 		newHash func() hash.Hash
-@@ -197,6 +201,9 @@ func TestGoldenMarshal(t *testing.T) {
+ 	cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal)
+ }
+
+@@ -202,6 +206,9 @@ func testGoldenMarshal(t *testing.T) {
  }
 
  func TestMarshalTypeMismatch(t *testing.T) {
@@ -720,7 +720,7 @@ index 5a8f4901451018..f9549bba2dee59 100644
  	h1 := New()
  	h2 := New224()
 
-@@ -286,6 +293,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
+@@ -276,6 +283,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
  	return h.Sum(nil), nil
  }
  func TestLargeHashes(t *testing.T) {
@@ -731,28 +731,28 @@ index 5a8f4901451018..f9549bba2dee59 100644
 
  		h := New()
 diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go
-index de28aa927044a6..dedebd20e6a2ed 100644
+index df96879c02d234..99451e26a13d79 100644
 --- a/src/crypto/sha512/sha512_test.go
 +++ b/src/crypto/sha512/sha512_test.go
-@@ -15,6 +15,7 @@ import (
+@@ -14,6 +14,7 @@ import (
  	"encoding/hex"
  	"fmt"
  	"hash"
 +	"internal/goexperiment"
  	"io"
  	"testing"
  )
-@@ -720,6 +721,9 @@ func TestGolden(t *testing.T) {
+@@ -725,6 +726,9 @@ func testGolden(t *testing.T) {
  }
 
  func TestGoldenMarshal(t *testing.T) {
 +	if goexperiment.CNGCrypto {
 +		t.Skip("CNGCrypto does not support hash marshalling")
 +	}
- 	tests := []struct {
- 		name    string
- 		newHash func() hash.Hash
-@@ -779,6 +783,9 @@ func TestGoldenMarshal(t *testing.T) {
+ 	cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) {
+ 		testGoldenMarshal(t)
+ 	})
+@@ -790,6 +794,9 @@ func testGoldenMarshal(t *testing.T) {
  }
 
  func TestMarshalMismatch(t *testing.T) {
@@ -762,7 +762,7 @@ index de28aa927044a6..dedebd20e6a2ed 100644
  	h := []func() hash.Hash{
  		New,
  		New384,
-@@ -885,6 +892,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
+@@ -881,6 +888,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
  }
 
  func TestLargeHashes(t *testing.T) {
@@ -929,10 +929,10 @@ index 8ec2c59f2c63e5..87b5f8e316f388 100644
  golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
  golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro=
 diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
-index 03005f247513cf..c77db5a856b7f6 100644
+index e7e967659de213..83dcaed4cb82ec 100644
 --- a/src/go/build/deps_test.go
 +++ b/src/go/build/deps_test.go
-@@ -459,6 +459,10 @@ var depsRules = `
+@@ -475,6 +475,10 @@ var depsRules = `
 
  	crypto/cipher,
  	crypto/internal/boring/bcache
@@ -943,7 +943,7 @@ index 03005f247513cf..c77db5a856b7f6 100644
  	< github.com/golang-fips/openssl/v2/internal/subtle
  	< github.com/golang-fips/openssl/v2
  	< crypto/internal/boring
-@@ -499,6 +503,7 @@ var depsRules = `
+@@ -515,6 +519,7 @@ var depsRules = `
 
  	# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
  	CRYPTO, FMT, math/big