From 563fd270ac8e2e5c30b989c514c47597d1a15e88 Mon Sep 17 00:00:00 2001 From: microsoft-golang-bot Date: Wed, 23 Oct 2024 18:17:06 +0000 Subject: [PATCH 1/4] Update submodule to latest master (87a89fa4): runtime: add the checkPtraceScope to skip certain tests --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index acd072a078..87a89fa451 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit acd072a0784863dfbdf32da9d770753722270a26 +Subproject commit 87a89fa45130d4406fa4d9f0882b9c5014240d03 From 3c51449ebd45869f9726420e66325a1b823f9357 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 12:45:52 +0200 Subject: [PATCH 2/4] fix conflicts --- .../0002-Add-crypto-backend-foundation.patch | 70 +++++++------------ patches/0005-Add-CNG-crypto-backend.patch | 40 +++++------ 2 files changed, 44 insertions(+), 66 deletions(-) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index ca80ce31c2..e1c890378a 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -41,7 +41,7 @@ Subject: [PATCH] Add crypto backend foundation src/crypto/rsa/rsa_test.go | 2 +- src/crypto/sha1/sha1.go | 2 +- src/crypto/sha1/sha1_test.go | 2 +- - src/crypto/sha256/sha256.go | 14 +- + src/crypto/sha256/sha256.go | 6 +- src/crypto/sha256/sha256_test.go | 2 +- src/crypto/sha512/sha512.go | 2 +- src/crypto/sha512/sha512_test.go | 2 +- @@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation src/go/build/deps_test.go | 4 + src/net/smtp/smtp_test.go | 72 ++++--- src/runtime/runtime_boring.go | 5 + - 52 files changed, 808 insertions(+), 108 deletions(-) + 52 files changed, 802 insertions(+), 106 deletions(-) create mode 100644 src/crypto/ed25519/boring.go create mode 100644 src/crypto/ed25519/notboring.go create mode 100644 src/crypto/internal/backend/backend_test.go @@ -452,7 +452,7 @@ index 00000000000000..b0cdd44d81c753 + panic("boringcrypto: not available") +} diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go -index 46ec81b8c58bc9..1563eedf6f78d1 100644 +index b8c909cf015aa7..9f517e8e527363 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -22,7 +22,7 @@ timing side-channels: @@ -461,9 +461,9 @@ index 46ec81b8c58bc9..1563eedf6f78d1 100644 import ( - "crypto/internal/boring" + boring "crypto/internal/backend" + "crypto/internal/fips/hmac" "crypto/subtle" "hash" - ) diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go index 7accad763244a1..dd3211f2c37af3 100644 --- a/src/crypto/hmac/hmac_test.go @@ -538,7 +538,7 @@ index 00000000000000..85bd3ed083f5b2 +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go new file mode 100644 -index 00000000000000..f83ff4abacc1dc +index 00000000000000..bc595e91024f11 --- /dev/null +++ b/src/crypto/internal/backend/common.go @@ -0,0 +1,92 @@ @@ -1268,7 +1268,7 @@ index d03892c57d4e61..d44f70b92661b4 100644 "crypto/rand" "encoding" diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go -index 7844f191e16b57..5c04e4bb83f2f2 100644 +index d87c689c9001ad..7584c380af0cec 100644 --- a/src/crypto/sha256/sha256.go +++ b/src/crypto/sha256/sha256.go @@ -8,7 +8,7 @@ package sha256 @@ -1277,10 +1277,10 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" - "errors" + "crypto/internal/fips/sha256" "hash" - "internal/byteorder" -@@ -159,7 +159,7 @@ func New() hash.Hash { + ) +@@ -43,7 +43,7 @@ func New() hash.Hash { // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal // state of the hash. func New224() hash.Hash { @@ -1288,30 +1288,8 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644 + if boring.Enabled && boring.SupportsHash(crypto.SHA224) { return boring.NewSHA224() } - d := new(digest) -@@ -178,7 +178,9 @@ func (d *digest) Size() int { - func (d *digest) BlockSize() int { return BlockSize } - - func (d *digest) Write(p []byte) (nn int, err error) { -- boring.Unreachable() -+ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) { -+ boring.Unreachable() -+ } - nn = len(p) - d.len += uint64(nn) - if d.nx > 0 { -@@ -202,7 +204,9 @@ func (d *digest) Write(p []byte) (nn int, err error) { - } - - func (d *digest) Sum(in []byte) []byte { -- boring.Unreachable() -+ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) { -+ boring.Unreachable() -+ } - // Make a copy of d so that caller can keep writing and summing. - d0 := *d - hash := d0.checkSum() -@@ -263,7 +267,7 @@ func Sum256(data []byte) [Size]byte { + return sha256.New224() +@@ -63,7 +63,7 @@ func Sum256(data []byte) [Size]byte { // Sum224 returns the SHA224 checksum of the data. func Sum224(data []byte) [Size224]byte { @@ -1319,9 +1297,9 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644 + if boring.Enabled && boring.SupportsHash(crypto.SHA224) { return boring.SHA224(data) } - var d digest + h := New224() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 3237c6a73e6a1e..5a8f4901451018 100644 +index 40be1480dd51d1..0426ce6aebd681 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -8,7 +8,7 @@ package sha256 @@ -1331,10 +1309,10 @@ index 3237c6a73e6a1e..5a8f4901451018 100644 - "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/cryptotest" - "crypto/rand" "encoding" + "fmt" diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go -index 0e2a34a1e347cf..132b9495e38644 100644 +index 0a12fde7bc060b..ca752598e4343a 100644 --- a/src/crypto/sha512/sha512.go +++ b/src/crypto/sha512/sha512.go @@ -12,7 +12,7 @@ package sha512 @@ -1343,11 +1321,11 @@ index 0e2a34a1e347cf..132b9495e38644 100644 "crypto" - "crypto/internal/boring" + boring "crypto/internal/backend" - "errors" + "crypto/internal/fips/sha512" "hash" - "internal/byteorder" + ) diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index cfe6b571975b27..de28aa927044a6 100644 +index 6e3d9bce1cf095..df96879c02d234 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -8,7 +8,7 @@ package sha512 @@ -1357,8 +1335,8 @@ index cfe6b571975b27..de28aa927044a6 100644 - "crypto/internal/boring" + boring "crypto/internal/backend" "crypto/internal/cryptotest" - "crypto/rand" "encoding" + "encoding/hex" diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go index 56050421985927..dcbd33167e4499 100644 --- a/src/crypto/tls/boring_test.go @@ -1775,12 +1753,12 @@ index 319ac61f49c994..1b2454dbaab264 100644 t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 3adc26ae2b6e29..f05cec9d7c3253 100644 +index cc9d304bc62820..6509d58264aae0 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -447,7 +447,9 @@ var depsRules = ` - +@@ -463,7 +463,9 @@ var depsRules = ` # CRYPTO is core crypto algorithms - no cgo, fmt, net. + FIPS, crypto/internal/boring/sig, + crypto/internal/boring/fipstls, crypto/internal/boring/syso, @@ -1788,7 +1766,7 @@ index 3adc26ae2b6e29..f05cec9d7c3253 100644 golang.org/x/sys/cpu, hash, embed < crypto -@@ -458,6 +460,7 @@ var depsRules = ` +@@ -474,6 +476,7 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache < crypto/internal/boring @@ -1796,7 +1774,7 @@ index 3adc26ae2b6e29..f05cec9d7c3253 100644 < crypto/boring; crypto/internal/alias, math/rand/v2 -@@ -495,6 +498,7 @@ var depsRules = ` +@@ -511,6 +514,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big < crypto/internal/boring/bbig diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index a6e5cac6b2..e6e535c73b 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -473,7 +473,7 @@ index 00000000000000..3d3d13709de5ac + panic("cryptobackend: not available") +} diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go -index f83ff4abacc1dc..b05374a9d62a97 100644 +index bc595e91024f11..7766d674f5cfaf 100644 --- a/src/crypto/internal/backend/common.go +++ b/src/crypto/internal/backend/common.go @@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool { @@ -689,10 +689,10 @@ index d44f70b92661b4..76726556f80fbd 100644 h := New() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 5a8f4901451018..f9549bba2dee59 100644 +index 0426ce6aebd681..bdb55a70a4847c 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go -@@ -14,6 +14,7 @@ import ( +@@ -13,6 +13,7 @@ import ( "encoding" "fmt" "hash" @@ -700,17 +700,17 @@ index 5a8f4901451018..f9549bba2dee59 100644 "io" "testing" ) -@@ -140,6 +141,9 @@ func TestGolden(t *testing.T) { +@@ -141,6 +142,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { + if goexperiment.CNGCrypto { + t.Skip("CNGCrypto does not support hash marshalling") + } - tests := []struct { - name string - newHash func() hash.Hash -@@ -197,6 +201,9 @@ func TestGoldenMarshal(t *testing.T) { + cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal) + } + +@@ -202,6 +206,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalTypeMismatch(t *testing.T) { @@ -720,7 +720,7 @@ index 5a8f4901451018..f9549bba2dee59 100644 h1 := New() h2 := New224() -@@ -286,6 +293,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -276,6 +283,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -731,10 +731,10 @@ index 5a8f4901451018..f9549bba2dee59 100644 h := New() diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index de28aa927044a6..dedebd20e6a2ed 100644 +index df96879c02d234..99451e26a13d79 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go -@@ -15,6 +15,7 @@ import ( +@@ -14,6 +14,7 @@ import ( "encoding/hex" "fmt" "hash" @@ -742,17 +742,17 @@ index de28aa927044a6..dedebd20e6a2ed 100644 "io" "testing" ) -@@ -720,6 +721,9 @@ func TestGolden(t *testing.T) { +@@ -725,6 +726,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { + if goexperiment.CNGCrypto { + t.Skip("CNGCrypto does not support hash marshalling") + } - tests := []struct { - name string - newHash func() hash.Hash -@@ -779,6 +783,9 @@ func TestGoldenMarshal(t *testing.T) { + cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) { + testGoldenMarshal(t) + }) +@@ -790,6 +794,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalMismatch(t *testing.T) { @@ -762,7 +762,7 @@ index de28aa927044a6..dedebd20e6a2ed 100644 h := []func() hash.Hash{ New, New384, -@@ -885,6 +892,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -881,6 +888,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) { @@ -929,10 +929,10 @@ index 8ec2c59f2c63e5..87b5f8e316f388 100644 golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 03005f247513cf..c77db5a856b7f6 100644 +index e7e967659de213..83dcaed4cb82ec 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go -@@ -459,6 +459,10 @@ var depsRules = ` +@@ -475,6 +475,10 @@ var depsRules = ` crypto/cipher, crypto/internal/boring/bcache @@ -943,7 +943,7 @@ index 03005f247513cf..c77db5a856b7f6 100644 < github.com/golang-fips/openssl/v2/internal/subtle < github.com/golang-fips/openssl/v2 < crypto/internal/boring -@@ -499,6 +503,7 @@ var depsRules = ` +@@ -515,6 +519,7 @@ var depsRules = ` # CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok. CRYPTO, FMT, math/big From 9ec611ba35384787d726b5cdc87e6839dd95991b Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 14:54:17 +0200 Subject: [PATCH 3/4] Update remote --- go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go b/go index 87a89fa451..e5e552b816 160000 --- a/go +++ b/go @@ -1 +1 @@ -Subproject commit 87a89fa45130d4406fa4d9f0882b9c5014240d03 +Subproject commit e5e552b816793f2b5729744c27995cce12baf52e From 49cbccb092580a18912f1b641c35f7f2650e4681 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 25 Oct 2024 14:59:53 +0200 Subject: [PATCH 4/4] fix conflict --- patches/0005-Add-CNG-crypto-backend.patch | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index e6e535c73b..fcf4cb2611 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -689,7 +689,7 @@ index d44f70b92661b4..76726556f80fbd 100644 h := New() diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go -index 0426ce6aebd681..bdb55a70a4847c 100644 +index d2fa4369d068bf..027b705e96113f 100644 --- a/src/crypto/sha256/sha256_test.go +++ b/src/crypto/sha256/sha256_test.go @@ -13,6 +13,7 @@ import ( @@ -697,10 +697,10 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 "fmt" "hash" + "internal/goexperiment" + "internal/testenv" "io" "testing" - ) -@@ -141,6 +142,9 @@ func testGolden(t *testing.T) { +@@ -142,6 +143,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -710,7 +710,7 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal) } -@@ -202,6 +206,9 @@ func testGoldenMarshal(t *testing.T) { +@@ -203,6 +207,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalTypeMismatch(t *testing.T) { @@ -720,7 +720,7 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 h1 := New() h2 := New224() -@@ -276,6 +283,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -277,6 +284,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { return h.Sum(nil), nil } func TestLargeHashes(t *testing.T) { @@ -731,7 +731,7 @@ index 0426ce6aebd681..bdb55a70a4847c 100644 h := New() diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go -index df96879c02d234..99451e26a13d79 100644 +index 736504b8fc85a5..582ed2ae870e23 100644 --- a/src/crypto/sha512/sha512_test.go +++ b/src/crypto/sha512/sha512_test.go @@ -14,6 +14,7 @@ import ( @@ -739,10 +739,10 @@ index df96879c02d234..99451e26a13d79 100644 "fmt" "hash" + "internal/goexperiment" + "internal/testenv" "io" "testing" - ) -@@ -725,6 +726,9 @@ func testGolden(t *testing.T) { +@@ -726,6 +727,9 @@ func testGolden(t *testing.T) { } func TestGoldenMarshal(t *testing.T) { @@ -752,7 +752,7 @@ index df96879c02d234..99451e26a13d79 100644 cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) { testGoldenMarshal(t) }) -@@ -790,6 +794,9 @@ func testGoldenMarshal(t *testing.T) { +@@ -791,6 +795,9 @@ func testGoldenMarshal(t *testing.T) { } func TestMarshalMismatch(t *testing.T) { @@ -762,7 +762,7 @@ index df96879c02d234..99451e26a13d79 100644 h := []func() hash.Hash{ New, New384, -@@ -881,6 +888,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { +@@ -882,6 +889,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) { } func TestLargeHashes(t *testing.T) {