Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update submodule to latest master in microsoft/main #1367

Merged
merged 4 commits into from
Oct 25, 2024
Merged

Update submodule to latest master in microsoft/main #1367

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
563fd27
Update submodule to latest master (87a89fa4): runtime: add the checkP…
microsoft-golang-bot Oct 23, 2024
3c51449
fix conflicts
qmuntal Oct 25, 2024
9ec611b
Update remote
qmuntal Oct 25, 2024
49cbccb
fix conflict
qmuntal Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion go
Open in desktop
Submodule go updated 200 files
70 changes: 24 additions & 46 deletions patches/0002-Add-crypto-backend-foundation.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ Subject: [PATCH] Add crypto backend foundation
src/crypto/rsa/rsa_test.go | 2 +-
src/crypto/sha1/sha1.go | 2 +-
src/crypto/sha1/sha1_test.go | 2 +-
src/crypto/sha256/sha256.go | 14 +-
src/crypto/sha256/sha256.go | 6 +-
src/crypto/sha256/sha256_test.go | 2 +-
src/crypto/sha512/sha512.go | 2 +-
src/crypto/sha512/sha512_test.go | 2 +-
Expand All @@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation
src/go/build/deps_test.go | 4 +
src/net/smtp/smtp_test.go | 72 ++++---
src/runtime/runtime_boring.go | 5 +
52 files changed, 808 insertions(+), 108 deletions(-)
52 files changed, 802 insertions(+), 106 deletions(-)
create mode 100644 src/crypto/ed25519/boring.go
create mode 100644 src/crypto/ed25519/notboring.go
create mode 100644 src/crypto/internal/backend/backend_test.go
Expand Down Expand Up @@ -452,7 +452,7 @@ index 00000000000000..b0cdd44d81c753
+ panic("boringcrypto: not available")
+}
diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go
index 46ec81b8c58bc9..1563eedf6f78d1 100644
index b8c909cf015aa7..9f517e8e527363 100644
--- a/src/crypto/hmac/hmac.go
+++ b/src/crypto/hmac/hmac.go
@@ -22,7 +22,7 @@ timing side-channels:
Expand All @@ -461,9 +461,9 @@ index 46ec81b8c58bc9..1563eedf6f78d1 100644
import (
- "crypto/internal/boring"
+ boring "crypto/internal/backend"
"crypto/internal/fips/hmac"
"crypto/subtle"
"hash"
)
diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go
index 7accad763244a1..dd3211f2c37af3 100644
--- a/src/crypto/hmac/hmac_test.go
Expand Down Expand Up @@ -538,7 +538,7 @@ index 00000000000000..85bd3ed083f5b2
+}
diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
new file mode 100644
index 00000000000000..f83ff4abacc1dc
index 00000000000000..bc595e91024f11
--- /dev/null
+++ b/src/crypto/internal/backend/common.go
@@ -0,0 +1,92 @@
Expand Down Expand Up @@ -1268,7 +1268,7 @@ index d03892c57d4e61..d44f70b92661b4 100644
"crypto/rand"
"encoding"
diff --git a/src/crypto/sha256/sha256.go b/src/crypto/sha256/sha256.go
index 7844f191e16b57..5c04e4bb83f2f2 100644
index d87c689c9001ad..7584c380af0cec 100644
--- a/src/crypto/sha256/sha256.go
+++ b/src/crypto/sha256/sha256.go
@@ -8,7 +8,7 @@ package sha256
Expand All @@ -1277,51 +1277,29 @@ index 7844f191e16b57..5c04e4bb83f2f2 100644
"crypto"
- "crypto/internal/boring"
+ boring "crypto/internal/backend"
"errors"
"crypto/internal/fips/sha256"
"hash"
"internal/byteorder"
@@ -159,7 +159,7 @@ func New() hash.Hash {
)
@@ -43,7 +43,7 @@ func New() hash.Hash {
// [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal
// state of the hash.
func New224() hash.Hash {
- if boring.Enabled {
+ if boring.Enabled && boring.SupportsHash(crypto.SHA224) {
return boring.NewSHA224()
}
d := new(digest)
@@ -178,7 +178,9 @@ func (d *digest) Size() int {
func (d *digest) BlockSize() int { return BlockSize }

func (d *digest) Write(p []byte) (nn int, err error) {
- boring.Unreachable()
+ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) {
+ boring.Unreachable()
+ }
nn = len(p)
d.len += uint64(nn)
if d.nx > 0 {
@@ -202,7 +204,9 @@ func (d *digest) Write(p []byte) (nn int, err error) {
}

func (d *digest) Sum(in []byte) []byte {
- boring.Unreachable()
+ if boring.Enabled && (!d.is224 || boring.SupportsHash(crypto.SHA224)) {
+ boring.Unreachable()
+ }
// Make a copy of d so that caller can keep writing and summing.
d0 := *d
hash := d0.checkSum()
@@ -263,7 +267,7 @@ func Sum256(data []byte) [Size]byte {
return sha256.New224()
@@ -63,7 +63,7 @@ func Sum256(data []byte) [Size]byte {

// Sum224 returns the SHA224 checksum of the data.
func Sum224(data []byte) [Size224]byte {
- if boring.Enabled {
+ if boring.Enabled && boring.SupportsHash(crypto.SHA224) {
return boring.SHA224(data)
}
var d digest
h := New224()
diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go
index 3237c6a73e6a1e..5a8f4901451018 100644
index 40be1480dd51d1..0426ce6aebd681 100644
--- a/src/crypto/sha256/sha256_test.go
+++ b/src/crypto/sha256/sha256_test.go
@@ -8,7 +8,7 @@ package sha256
Expand All @@ -1331,10 +1309,10 @@ index 3237c6a73e6a1e..5a8f4901451018 100644
- "crypto/internal/boring"
+ boring "crypto/internal/backend"
"crypto/internal/cryptotest"
"crypto/rand"
"encoding"
"fmt"
diff --git a/src/crypto/sha512/sha512.go b/src/crypto/sha512/sha512.go
index 0e2a34a1e347cf..132b9495e38644 100644
index 0a12fde7bc060b..ca752598e4343a 100644
--- a/src/crypto/sha512/sha512.go
+++ b/src/crypto/sha512/sha512.go
@@ -12,7 +12,7 @@ package sha512
Expand All @@ -1343,11 +1321,11 @@ index 0e2a34a1e347cf..132b9495e38644 100644
"crypto"
- "crypto/internal/boring"
+ boring "crypto/internal/backend"
"errors"
"crypto/internal/fips/sha512"
"hash"
"internal/byteorder"
)
diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go
index cfe6b571975b27..de28aa927044a6 100644
index 6e3d9bce1cf095..df96879c02d234 100644
--- a/src/crypto/sha512/sha512_test.go
+++ b/src/crypto/sha512/sha512_test.go
@@ -8,7 +8,7 @@ package sha512
Expand All @@ -1357,8 +1335,8 @@ index cfe6b571975b27..de28aa927044a6 100644
- "crypto/internal/boring"
+ boring "crypto/internal/backend"
"crypto/internal/cryptotest"
"crypto/rand"
"encoding"
"encoding/hex"
diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go
index 56050421985927..dcbd33167e4499 100644
--- a/src/crypto/tls/boring_test.go
Expand Down Expand Up @@ -1775,28 +1753,28 @@ index 319ac61f49c994..1b2454dbaab264 100644
t.Helper()
k, err := rsa.GenerateKey(rand.Reader, size)
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 3adc26ae2b6e29..f05cec9d7c3253 100644
index cc9d304bc62820..6509d58264aae0 100644
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -447,7 +447,9 @@ var depsRules = `

@@ -463,7 +463,9 @@ var depsRules = `
# CRYPTO is core crypto algorithms - no cgo, fmt, net.
FIPS,
crypto/internal/boring/sig,
+ crypto/internal/boring/fipstls,
crypto/internal/boring/syso,
+ encoding/binary,
golang.org/x/sys/cpu,
hash, embed
< crypto
@@ -458,6 +460,7 @@ var depsRules = `
@@ -474,6 +476,7 @@ var depsRules = `
crypto/cipher,
crypto/internal/boring/bcache
< crypto/internal/boring
+ < crypto/internal/backend
< crypto/boring;

crypto/internal/alias, math/rand/v2
@@ -495,6 +498,7 @@ var depsRules = `
@@ -511,6 +514,7 @@ var depsRules = `
# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
CRYPTO, FMT, math/big
< crypto/internal/boring/bbig
Expand Down
44 changes: 22 additions & 22 deletions patches/0005-Add-CNG-crypto-backend.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -473,7 +473,7 @@ index 00000000000000..3d3d13709de5ac
+ panic("cryptobackend: not available")
+}
diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
index f83ff4abacc1dc..b05374a9d62a97 100644
index bc595e91024f11..7766d674f5cfaf 100644
--- a/src/crypto/internal/backend/common.go
+++ b/src/crypto/internal/backend/common.go
@@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool {
Expand Down Expand Up @@ -689,28 +689,28 @@ index d44f70b92661b4..76726556f80fbd 100644

h := New()
diff --git a/src/crypto/sha256/sha256_test.go b/src/crypto/sha256/sha256_test.go
index 5a8f4901451018..f9549bba2dee59 100644
index d2fa4369d068bf..027b705e96113f 100644
--- a/src/crypto/sha256/sha256_test.go
+++ b/src/crypto/sha256/sha256_test.go
@@ -14,6 +14,7 @@ import (
@@ -13,6 +13,7 @@ import (
"encoding"
"fmt"
"hash"
+ "internal/goexperiment"
"internal/testenv"
"io"
"testing"
)
@@ -140,6 +141,9 @@ func TestGolden(t *testing.T) {
@@ -142,6 +143,9 @@ func testGolden(t *testing.T) {
}

func TestGoldenMarshal(t *testing.T) {
+ if goexperiment.CNGCrypto {
+ t.Skip("CNGCrypto does not support hash marshalling")
+ }
tests := []struct {
name string
newHash func() hash.Hash
@@ -197,6 +201,9 @@ func TestGoldenMarshal(t *testing.T) {
cryptotest.TestAllImplementations(t, "crypto/sha256", testGoldenMarshal)
}

@@ -203,6 +207,9 @@ func testGoldenMarshal(t *testing.T) {
}

func TestMarshalTypeMismatch(t *testing.T) {
Expand All @@ -720,7 +720,7 @@ index 5a8f4901451018..f9549bba2dee59 100644
h1 := New()
h2 := New224()

@@ -286,6 +293,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
@@ -277,6 +284,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
return h.Sum(nil), nil
}
func TestLargeHashes(t *testing.T) {
Expand All @@ -731,28 +731,28 @@ index 5a8f4901451018..f9549bba2dee59 100644

h := New()
diff --git a/src/crypto/sha512/sha512_test.go b/src/crypto/sha512/sha512_test.go
index de28aa927044a6..dedebd20e6a2ed 100644
index 736504b8fc85a5..582ed2ae870e23 100644
--- a/src/crypto/sha512/sha512_test.go
+++ b/src/crypto/sha512/sha512_test.go
@@ -15,6 +15,7 @@ import (
@@ -14,6 +14,7 @@ import (
"encoding/hex"
"fmt"
"hash"
+ "internal/goexperiment"
"internal/testenv"
"io"
"testing"
)
@@ -720,6 +721,9 @@ func TestGolden(t *testing.T) {
@@ -726,6 +727,9 @@ func testGolden(t *testing.T) {
}

func TestGoldenMarshal(t *testing.T) {
+ if goexperiment.CNGCrypto {
+ t.Skip("CNGCrypto does not support hash marshalling")
+ }
tests := []struct {
name string
newHash func() hash.Hash
@@ -779,6 +783,9 @@ func TestGoldenMarshal(t *testing.T) {
cryptotest.TestAllImplementations(t, "crypto/sha512", func(t *testing.T) {
testGoldenMarshal(t)
})
@@ -791,6 +795,9 @@ func testGoldenMarshal(t *testing.T) {
}

func TestMarshalMismatch(t *testing.T) {
Expand All @@ -762,7 +762,7 @@ index de28aa927044a6..dedebd20e6a2ed 100644
h := []func() hash.Hash{
New,
New384,
@@ -885,6 +892,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
@@ -882,6 +889,9 @@ func safeSum(h hash.Hash) (sum []byte, err error) {
}

func TestLargeHashes(t *testing.T) {
Expand Down Expand Up @@ -929,10 +929,10 @@ index 8ec2c59f2c63e5..87b5f8e316f388 100644
golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro=
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
index 03005f247513cf..c77db5a856b7f6 100644
index e7e967659de213..83dcaed4cb82ec 100644
--- a/src/go/build/deps_test.go
+++ b/src/go/build/deps_test.go
@@ -459,6 +459,10 @@ var depsRules = `
@@ -475,6 +475,10 @@ var depsRules = `

crypto/cipher,
crypto/internal/boring/bcache
Expand All @@ -943,7 +943,7 @@ index 03005f247513cf..c77db5a856b7f6 100644
< github.com/golang-fips/openssl/v2/internal/subtle
< github.com/golang-fips/openssl/v2
< crypto/internal/boring
@@ -499,6 +503,7 @@ var depsRules = `
@@ -515,6 +519,7 @@ var depsRules = `

# CRYPTO-MATH is core bignum-based crypto - no cgo, net; fmt now ok.
CRYPTO, FMT, math/big
Expand Down