From 50de8760671adc37641930a933d64d98a2830b72 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sun, 23 Oct 2022 06:20:04 +0000 Subject: [PATCH] import golang-1.19.2-3.module+el8.8.0+16972+3559a6f8 --- .gitignore | 2 +- .golang.metadata | 2 +- SOURCES/000-initial-setup.patch | 422 ++++++++++++++++++++- SOURCES/001-initial-openssl-for-fips.patch | 333 +++++++++++++--- SOURCES/disable_static_tests_part1.patch | 19 +- SOURCES/openssl_cgo_build_tag.patch | 15 - SPECS/golang.spec | 20 +- 7 files changed, 720 insertions(+), 93 deletions(-) delete mode 100644 SOURCES/openssl_cgo_build_tag.patch diff --git a/.gitignore b/.gitignore index 8eb3ac9..2aa713c 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/go1.19.1.tar.gz +SOURCES/go1.19.2.tar.gz diff --git a/.golang.metadata b/.golang.metadata index cab0e2b..e917f29 100644 --- a/.golang.metadata +++ b/.golang.metadata @@ -1 +1 @@ -564d4664e5fafb4da637a01aa62501336d79135f SOURCES/go1.19.1.tar.gz +1324ae800bf3b78c8cfda83fb9d69d7d46c51bf1 SOURCES/go1.19.2.tar.gz diff --git a/SOURCES/000-initial-setup.patch b/SOURCES/000-initial-setup.patch index 53e2200..4f23333 100644 --- a/SOURCES/000-initial-setup.patch +++ b/SOURCES/000-initial-setup.patch @@ -1,3 +1,13 @@ +diff --git a/api/go1.19.txt b/api/go1.19.txt +index 523f752..778e1d5 100644 +--- a/api/go1.19.txt ++++ b/api/go1.19.txt +@@ -290,3 +290,5 @@ pkg sync/atomic, type Uint64 struct #50860 + pkg sync/atomic, type Uintptr struct #50860 + pkg time, method (Duration) Abs() Duration #51414 + pkg time, method (Time) ZoneBounds() (Time, Time) #50062 ++pkg crypto/ecdsa, func HashSign(io.Reader, *PrivateKey, []uint8, crypto.Hash) (*big.Int, *big.Int, error) #000000 ++pkg crypto/ecdsa, func HashVerify(*PublicKey, []uint8, *big.Int, *big.Int, crypto.Hash) bool #000000 diff --git a/src/cmd/go/testdata/script/gopath_std_vendor.txt b/src/cmd/go/testdata/script/gopath_std_vendor.txt index a0a41a5..208aa70 100644 --- a/src/cmd/go/testdata/script/gopath_std_vendor.txt @@ -16,6 +26,105 @@ index a0a41a5..208aa70 100644 -- issue16333/issue16333.go -- package vendoring17 +diff --git a/src/crypto/ecdsa/ecdsa_hashsignverify.go b/src/crypto/ecdsa/ecdsa_hashsignverify.go +new file mode 100644 +index 0000000..37f3a18 +--- /dev/null ++++ b/src/crypto/ecdsa/ecdsa_hashsignverify.go +@@ -0,0 +1,45 @@ ++package ecdsa ++ ++import ( ++ "crypto" ++ "crypto/internal/boring" ++ "crypto/internal/randutil" ++ "math/big" ++ "io" ++) ++ ++func HashSign(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) (*big.Int, *big.Int, error) { ++ randutil.MaybeReadByte(rand) ++ ++ if boring.Enabled { ++ b, err := boringPrivateKey(priv) ++ if err != nil { ++ return nil, nil, err ++ } ++ return boring.HashSignECDSA(b, msg, h) ++ } ++ boring.UnreachableExceptTests() ++ ++ hash := h.New() ++ hash.Write(msg) ++ d := hash.Sum(nil) ++ ++ return Sign(rand, priv, d) ++} ++ ++func HashVerify(pub *PublicKey, msg []byte, r, s *big.Int, h crypto.Hash) bool { ++ if boring.Enabled { ++ bpk, err := boringPublicKey(pub) ++ if err != nil { ++ return false ++ } ++ return boring.HashVerifyECDSA(bpk, msg, r, s, h) ++ } ++ boring.UnreachableExceptTests() ++ ++ hash := h.New() ++ hash.Write(msg) ++ d := hash.Sum(nil) ++ ++ return Verify(pub, d, r, s) ++} +diff --git a/src/crypto/ecdsa/ecdsa_hashsignverify_test.go b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go +new file mode 100644 +index 0000000..d12ba2f +--- /dev/null ++++ b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go +@@ -0,0 +1,42 @@ ++package ecdsa ++ ++import ( ++ "crypto" ++ "crypto/internal/boring" ++ "crypto/elliptic" ++ "crypto/rand" ++ "testing" ++) ++ ++func testHashSignAndHashVerify(t *testing.T, c elliptic.Curve, tag string) { ++ priv, err := GenerateKey(c, rand.Reader) ++ if priv == nil { ++ t.Fatal(err) ++ } ++ ++ msg := []byte("testing") ++ h := crypto.SHA256 ++ r, s, err := HashSign(rand.Reader, priv, msg, h) ++ if err != nil { ++ t.Errorf("%s: error signing: %s", tag, err) ++ return ++ } ++ ++ if !HashVerify(&priv.PublicKey, msg, r, s, h) { ++ t.Errorf("%s: Verify failed", tag) ++ } ++ ++ msg[0] ^= 0xff ++ if HashVerify(&priv.PublicKey, msg, r, s, h) { ++ t.Errorf("%s: Verify should not have succeeded", tag) ++ } ++} ++func TestHashSignAndHashVerify(t *testing.T) { ++ testHashSignAndHashVerify(t, elliptic.P256(), "p256") ++ ++ if testing.Short() && !boring.Enabled { ++ return ++ } ++ testHashSignAndHashVerify(t, elliptic.P384(), "p384") ++ testHashSignAndHashVerify(t, elliptic.P521(), "p521") ++} diff --git a/src/crypto/ed25519/ed25519_test.go b/src/crypto/ed25519/ed25519_test.go index 7c51817..102c4e5 100644 --- a/src/crypto/ed25519/ed25519_test.go @@ -89,10 +198,10 @@ new file mode 100644 index 0000000..e69de29 diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go new file mode 100644 -index 0000000..1d75287 +index 0000000..482ed6f --- /dev/null +++ b/src/crypto/internal/backend/nobackend.go -@@ -0,0 +1,140 @@ +@@ -0,0 +1,155 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -106,8 +215,10 @@ index 0000000..1d75287 + "crypto" + "crypto/cipher" + "crypto/internal/boring/sig" ++ "math/big" + "github.com/golang-fips/openssl-fips/openssl" + "hash" ++ "io" +) + +var enabled = false @@ -233,18 +344,31 @@ index 0000000..1d75287 +func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error { + panic("boringcrypto: not available") +} ++ ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { ++ panic("boringcrypto: not available") ++} ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { ++ panic("boringcrypto: not available") ++} ++func HashVerifyECDSA(pub *PublicKeyECDSA, msg []byte, r, s *big.Int, h crypto.Hash) bool { ++ panic("boringcrypto: not available") ++} ++func HashSignECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) (*big.Int, *big.Int, error) { ++ panic("boringcrypto: not available") ++} diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go new file mode 100644 -index 0000000..4c327e0 +index 0000000..4040c77 --- /dev/null +++ b/src/crypto/internal/backend/openssl.go -@@ -0,0 +1,92 @@ +@@ -0,0 +1,105 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + -+//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl -+// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl ++//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl ++// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl + +// Package openssl provides access to OpenSSLCrypto implementation functions. +// Check the variable Enabled to find out whether OpenSSLCrypto is available. @@ -314,6 +438,16 @@ index 0000000..4c327e0 +var NewPublicKeyECDSA = openssl.NewPublicKeyECDSA +var SignMarshalECDSA = openssl.SignMarshalECDSA +var VerifyECDSA = openssl.VerifyECDSA ++var HashVerifyECDSA = openssl.HashVerifyECDSA ++var HashSignECDSA = openssl.HashSignECDSA ++ ++type PublicKeyECDH = openssl.PublicKeyECDH ++type PrivateKeyECDH = openssl.PrivateKeyECDH ++ ++var GenerateKeyECDH = openssl.GenerateKeyECDH ++var NewPrivateKeyECDH = openssl.NewPrivateKeyECDH ++var NewPublicKeyECDH = openssl.NewPublicKeyECDH ++var SharedKeyECDH = openssl.SharedKeyECDH + +type PublicKeyRSA = openssl.PublicKeyRSA +type PrivateKeyRSA = openssl.PrivateKeyRSA @@ -331,8 +465,11 @@ index 0000000..4c327e0 +var SignRSAPSS = openssl.SignRSAPSS +var VerifyRSAPKCS1v15 = openssl.VerifyRSAPKCS1v15 +var VerifyRSAPSS = openssl.VerifyRSAPSS ++ ++var ExtractHKDF = openssl.ExtractHKDF ++var ExpandHKDF = openssl.ExpandHKDF diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go -index 1827f76..239e6a2 100644 +index 1827f76..4c5c352 100644 --- a/src/crypto/tls/boring.go +++ b/src/crypto/tls/boring.go @@ -8,8 +8,15 @@ package tls @@ -351,6 +488,93 @@ index 1827f76..239e6a2 100644 // needFIPS returns fipstls.Required(); it avoids a new import in common.go. func needFIPS() bool { return fipstls.Required() +@@ -17,14 +24,14 @@ func needFIPS() bool { + + // fipsMinVersion replaces c.minVersion in FIPS-only mode. + func fipsMinVersion(c *Config) uint16 { +- // FIPS requires TLS 1.2. ++ // FIPS requires TLS 1.2 or later. + return VersionTLS12 + } + + // fipsMaxVersion replaces c.maxVersion in FIPS-only mode. + func fipsMaxVersion(c *Config) uint16 { +- // FIPS requires TLS 1.2. +- return VersionTLS12 ++ // FIPS requires TLS 1.2 or later. ++ return VersionTLS13 + } + + // default defaultFIPSCurvePreferences is the FIPS-allowed curves, +diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go +index f743fc8..9fec2c8 100644 +--- a/src/crypto/tls/boring_test.go ++++ b/src/crypto/tls/boring_test.go +@@ -51,11 +51,11 @@ func TestBoringServerProtocolVersion(t *testing.T) { + test("VersionTLS10", VersionTLS10, "client offered only unsupported versions") + test("VersionTLS11", VersionTLS11, "client offered only unsupported versions") + test("VersionTLS12", VersionTLS12, "") +- test("VersionTLS13", VersionTLS13, "client offered only unsupported versions") ++ test("VersionTLS13", VersionTLS13, "") + } + + func isBoringVersion(v uint16) bool { +- return v == VersionTLS12 ++ return v == VersionTLS12 || v == VersionTLS13 + } + + func isBoringCipherSuite(id uint16) bool { +@@ -65,7 +65,9 @@ func isBoringCipherSuite(id uint16) bool { + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_GCM_SHA256, +- TLS_RSA_WITH_AES_256_GCM_SHA384: ++ TLS_RSA_WITH_AES_256_GCM_SHA384, ++ TLS_AES_128_GCM_SHA256, ++ TLS_AES_256_GCM_SHA384: + return true + } + return false +@@ -311,7 +313,7 @@ func TestBoringCertAlgs(t *testing.T) { + // Set up some roots, intermediate CAs, and leaf certs with various algorithms. + // X_Y is X signed by Y. + R1 := boringCert(t, "R1", boringRSAKey(t, 2048), nil, boringCertCA|boringCertFIPSOK) +- R2 := boringCert(t, "R2", boringRSAKey(t, 4096), nil, boringCertCA) ++ R2 := boringCert(t, "R2", boringRSAKey(t, 4096), nil, boringCertCA|boringCertFIPSOK) + + M1_R1 := boringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK) + M2_R1 := boringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA) +diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go +index 9a1fa31..f7c64db 100644 +--- a/src/crypto/tls/cipher_suites.go ++++ b/src/crypto/tls/cipher_suites.go +@@ -354,6 +354,11 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ + TLS_AES_256_GCM_SHA384, + } + ++var defaultFIPSCipherSuitesTLS13 = []uint16{ ++ TLS_AES_128_GCM_SHA256, ++ TLS_AES_256_GCM_SHA384, ++} ++ + var ( + hasGCMAsmAMD64 = cpu.X86.HasAES && cpu.X86.HasPCLMULQDQ + hasGCMAsmARM64 = cpu.ARM64.HasAES && cpu.ARM64.HasPMULL +diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go +index e61e3eb..7031ab8 100644 +--- a/src/crypto/tls/handshake_client.go ++++ b/src/crypto/tls/handshake_client.go +@@ -127,7 +127,9 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, ecdheParameters, error) { + + var params ecdheParameters + if hello.supportedVersions[0] == VersionTLS13 { +- if hasAESGCMHardwareSupport { ++ if needFIPS() { ++ hello.cipherSuites = append(hello.cipherSuites, defaultFIPSCipherSuitesTLS13...) ++ } else if hasAESGCMHardwareSupport { + hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...) + } else { + hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...) diff --git a/src/crypto/tls/handshake_client_test.go b/src/crypto/tls/handshake_client_test.go index 380de9f..02b4ac8 100644 --- a/src/crypto/tls/handshake_client_test.go @@ -363,8 +587,178 @@ index 380de9f..02b4ac8 100644 c, s := localPipe(t) done := make(chan bool) +diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go +index c798986..7a60702 100644 +--- a/src/crypto/tls/handshake_client_tls13.go ++++ b/src/crypto/tls/handshake_client_tls13.go +@@ -41,10 +41,6 @@ type clientHandshakeStateTLS13 struct { + func (hs *clientHandshakeStateTLS13) handshake() error { + c := hs.c + +- if needFIPS() { +- return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") +- } +- + // The server must not select TLS 1.3 in a renegotiation. See RFC 8446, + // sections 4.1.2 and 4.1.3. + if c.handshakes > 0 { +diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go +index 03a477f..1ef6afc 100644 +--- a/src/crypto/tls/handshake_server_tls13.go ++++ b/src/crypto/tls/handshake_server_tls13.go +@@ -45,10 +45,6 @@ type serverHandshakeStateTLS13 struct { + func (hs *serverHandshakeStateTLS13) handshake() error { + c := hs.c + +- if needFIPS() { +- return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") +- } +- + // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2. + if err := hs.processClientHello(); err != nil { + return err +diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go +index 3140169..323d683 100644 +--- a/src/crypto/tls/key_schedule.go ++++ b/src/crypto/tls/key_schedule.go +@@ -7,6 +7,8 @@ package tls + import ( + "crypto/elliptic" + "crypto/hmac" ++ "crypto/internal/boring" ++ "crypto/internal/boring/bbig" + "errors" + "hash" + "io" +@@ -43,9 +45,20 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by + b.AddBytes(context) + }) + out := make([]byte, length) +- n, err := hkdf.Expand(c.hash.New, secret, hkdfLabel.BytesOrPanic()).Read(out) +- if err != nil || n != length { +- panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ if boring.Enabled { ++ reader, err := boring.ExpandHKDF(c.hash.New, secret, hkdfLabel.BytesOrPanic()) ++ if err != nil { ++ panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ } ++ n, err := reader.Read(out) ++ if err != nil || n != length { ++ panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ } ++ } else { ++ n, err := hkdf.Expand(c.hash.New, secret, hkdfLabel.BytesOrPanic()).Read(out) ++ if err != nil || n != length { ++ panic("tls: HKDF-Expand-Label invocation failed unexpectedly") ++ } + } + return out + } +@@ -63,7 +76,15 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { + if newSecret == nil { + newSecret = make([]byte, c.hash.Size()) + } +- return hkdf.Extract(c.hash.New, newSecret, currentSecret) ++ if boring.Enabled { ++ ikm, err := boring.ExtractHKDF(c.hash.New, newSecret, currentSecret) ++ if err != nil { ++ panic("tls: HKDF-Extract invocation failed unexpectedly") ++ } ++ return ikm ++ } else { ++ return hkdf.Extract(c.hash.New, newSecret, currentSecret) ++ } + } + + // nextTrafficSecret generates the next traffic secret, given the current one, +@@ -129,9 +150,19 @@ func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, + + p := &nistParameters{curveID: curveID} + var err error +- p.privateKey, p.x, p.y, err = elliptic.GenerateKey(curve, rand) +- if err != nil { +- return nil, err ++ if boring.Enabled { ++ x, y, d, err := boring.GenerateKeyECDH(curve.Params().Name) ++ if err != nil { ++ return nil, err ++ } ++ p.x = bbig.Dec(x) ++ p.y = bbig.Dec(y) ++ p.privateKey = bbig.Dec(d).Bytes() ++ } else { ++ p.privateKey, p.x, p.y, err = elliptic.GenerateKey(curve, rand) ++ if err != nil { ++ return nil, err ++ } + } + return p, nil + } +@@ -166,15 +197,28 @@ func (p *nistParameters) PublicKey() []byte { + + func (p *nistParameters) SharedKey(peerPublicKey []byte) []byte { + curve, _ := curveForCurveID(p.curveID) +- // Unmarshal also checks whether the given point is on the curve. +- x, y := elliptic.Unmarshal(curve, peerPublicKey) +- if x == nil { +- return nil +- } ++ if boring.Enabled { ++ k := new(big.Int).SetBytes(p.privateKey) ++ priv, err := boring.NewPrivateKeyECDH(curve.Params().Name, bbig.Enc(p.x), bbig.Enc(p.y), bbig.Enc(k)) ++ if err != nil { ++ return nil ++ } ++ sharedKey, err := boring.SharedKeyECDH(priv, peerPublicKey) ++ if err != nil { ++ return nil ++ } ++ return sharedKey ++ } else { ++ // Unmarshal also checks whether the given point is on the curve. ++ x, y := elliptic.Unmarshal(curve, peerPublicKey) ++ if x == nil { ++ return nil ++ } + +- xShared, _ := curve.ScalarMult(x, y, p.privateKey) +- sharedKey := make([]byte, (curve.Params().BitSize+7)/8) +- return xShared.FillBytes(sharedKey) ++ xShared, _ := curve.ScalarMult(x, y, p.privateKey) ++ sharedKey := make([]byte, (curve.Params().BitSize+7)/8) ++ return xShared.FillBytes(sharedKey) ++ } + } + + type x25519Parameters struct { +diff --git a/src/crypto/x509/boring.go b/src/crypto/x509/boring.go +index 4aae905..42706f9 100644 +--- a/src/crypto/x509/boring.go ++++ b/src/crypto/x509/boring.go +@@ -26,7 +26,7 @@ func boringAllowCert(c *Certificate) bool { + default: + return false + case *rsa.PublicKey: +- if size := k.N.BitLen(); size != 2048 && size != 3072 { ++ if size := k.N.BitLen(); size != 2048 && size != 3072 && size != 4096 { + return false + } + case *ecdsa.PublicKey: +diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go +index 7010f44..70021f3 100644 +--- a/src/crypto/x509/boring_test.go ++++ b/src/crypto/x509/boring_test.go +@@ -54,7 +54,7 @@ type boringCertificate struct { + + func TestBoringAllowCert(t *testing.T) { + R1 := testBoringCert(t, "R1", boringRSAKey(t, 2048), nil, boringCertCA|boringCertFIPSOK) +- R2 := testBoringCert(t, "R2", boringRSAKey(t, 4096), nil, boringCertCA) ++ R2 := testBoringCert(t, "R2", boringRSAKey(t, 4096), nil, boringCertCA|boringCertFIPSOK) + + M1_R1 := testBoringCert(t, "M1_R1", boringECDSAKey(t, elliptic.P256()), R1, boringCertCA|boringCertFIPSOK) + M2_R1 := testBoringCert(t, "M2_R1", boringECDSAKey(t, elliptic.P224()), R1, boringCertCA) diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 141fdb9..71434f2 100644 +index 141fdb9..d8e81d9 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -414,19 +414,23 @@ var depsRules = ` @@ -393,7 +787,15 @@ index 141fdb9..71434f2 100644 < crypto/internal/randutil < crypto/rand < crypto/ed25519 -@@ -644,7 +648,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -601,6 +605,7 @@ func listStdPkgs(goroot string) ([]string, error) { + } + + func TestDependencies(t *testing.T) { ++ t.Skip("openssl-fips based toolchain has different dependencies than upstream") + if !testenv.HasSrc() { + // Tests run in a limited file system and we do not + // provide access to every source file. +@@ -644,7 +649,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -402,7 +804,7 @@ index 141fdb9..71434f2 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -654,7 +658,7 @@ func findImports(pkg string) ([]string, error) { +@@ -654,7 +659,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/SOURCES/001-initial-openssl-for-fips.patch b/SOURCES/001-initial-openssl-for-fips.patch index 81da4f0..2cfec4f 100644 --- a/SOURCES/001-initial-openssl-for-fips.patch +++ b/SOURCES/001-initial-openssl-for-fips.patch @@ -199,6 +199,59 @@ index d0e52ad..9b76595 100644 key, err := boringPublicKey(pub) if err != nil { return false +diff --git a/src/crypto/ecdsa/ecdsa_hashsignverify.go b/src/crypto/ecdsa/ecdsa_hashsignverify.go +index 37f3a18..51e3b49 100644 +--- a/src/crypto/ecdsa/ecdsa_hashsignverify.go ++++ b/src/crypto/ecdsa/ecdsa_hashsignverify.go +@@ -2,7 +2,7 @@ package ecdsa + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/internal/randutil" + "math/big" + "io" +@@ -11,7 +11,7 @@ import ( + func HashSign(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) (*big.Int, *big.Int, error) { + randutil.MaybeReadByte(rand) + +- if boring.Enabled { ++ if boring.Enabled() { + b, err := boringPrivateKey(priv) + if err != nil { + return nil, nil, err +@@ -28,7 +28,7 @@ func HashSign(rand io.Reader, priv *PrivateKey, msg []byte, h crypto.Hash) (*big + } + + func HashVerify(pub *PublicKey, msg []byte, r, s *big.Int, h crypto.Hash) bool { +- if boring.Enabled { ++ if boring.Enabled() { + bpk, err := boringPublicKey(pub) + if err != nil { + return false +diff --git a/src/crypto/ecdsa/ecdsa_hashsignverify_test.go b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go +index d12ba2f..6334a56 100644 +--- a/src/crypto/ecdsa/ecdsa_hashsignverify_test.go ++++ b/src/crypto/ecdsa/ecdsa_hashsignverify_test.go +@@ -2,7 +2,7 @@ package ecdsa + + import ( + "crypto" +- "crypto/internal/boring" ++ boring "crypto/internal/backend" + "crypto/elliptic" + "crypto/rand" + "testing" +@@ -34,7 +34,7 @@ func testHashSignAndHashVerify(t *testing.T, c elliptic.Curve, tag string) { + func TestHashSignAndHashVerify(t *testing.T) { + testHashSignAndHashVerify(t, elliptic.P256(), "p256") + +- if testing.Short() && !boring.Enabled { ++ if testing.Short() && !boring.Enabled() { + return + } + testHashSignAndHashVerify(t, elliptic.P384(), "p384") diff --git a/src/crypto/ecdsa/notboring.go b/src/crypto/ecdsa/notboring.go index 039bd82..21a35b7 100644 --- a/src/crypto/ecdsa/notboring.go @@ -1473,7 +1526,7 @@ index 921cdbb..a35165b 100644 } in := []byte("hello, world!") diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go -index 239e6a2..28462e0 100644 +index 4c5c352..76a0077 100644 --- a/src/crypto/tls/boring.go +++ b/src/crypto/tls/boring.go @@ -2,7 +2,7 @@ @@ -1495,7 +1548,7 @@ index 239e6a2..28462e0 100644 } } diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index f743fc8..e56d96d 100644 +index 9fec2c8..068b5c2 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -2,7 +2,7 @@ @@ -1508,7 +1561,7 @@ index f743fc8..e56d96d 100644 package tls diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 9a1fa31..b0b6052 100644 +index f7c64db..703d5c7 100644 --- a/src/crypto/tls/cipher_suites.go +++ b/src/crypto/tls/cipher_suites.go @@ -10,7 +10,7 @@ import ( @@ -1520,7 +1573,7 @@ index 9a1fa31..b0b6052 100644 "crypto/rc4" "crypto/sha1" "crypto/sha256" -@@ -425,7 +425,7 @@ func macSHA1(key []byte) hash.Hash { +@@ -430,7 +430,7 @@ func macSHA1(key []byte) hash.Hash { h := sha1.New // The BoringCrypto SHA1 does not have a constant-time // checksum function, so don't try to use it. @@ -1529,7 +1582,7 @@ index 9a1fa31..b0b6052 100644 h = newConstantTimeHash(h) } return hmac.New(h, key) -@@ -517,7 +517,7 @@ func aeadAESGCM(key, noncePrefix []byte) aead { +@@ -522,7 +522,7 @@ func aeadAESGCM(key, noncePrefix []byte) aead { panic(err) } var aead cipher.AEAD @@ -1538,6 +1591,57 @@ index 9a1fa31..b0b6052 100644 aead, err = boring.NewGCMTLS(aes) } else { boring.Unreachable() +diff --git a/src/crypto/tls/key_schedule.go b/src/crypto/tls/key_schedule.go +index 323d683..8bcee17 100644 +--- a/src/crypto/tls/key_schedule.go ++++ b/src/crypto/tls/key_schedule.go +@@ -7,8 +7,8 @@ package tls + import ( + "crypto/elliptic" + "crypto/hmac" +- "crypto/internal/boring" +- "crypto/internal/boring/bbig" ++ boring "crypto/internal/backend" ++ "crypto/internal/backend/bbig" + "errors" + "hash" + "io" +@@ -45,7 +45,7 @@ func (c *cipherSuiteTLS13) expandLabel(secret []byte, label string, context []by + b.AddBytes(context) + }) + out := make([]byte, length) +- if boring.Enabled { ++ if boring.Enabled() { + reader, err := boring.ExpandHKDF(c.hash.New, secret, hkdfLabel.BytesOrPanic()) + if err != nil { + panic("tls: HKDF-Expand-Label invocation failed unexpectedly") +@@ -76,7 +76,7 @@ func (c *cipherSuiteTLS13) extract(newSecret, currentSecret []byte) []byte { + if newSecret == nil { + newSecret = make([]byte, c.hash.Size()) + } +- if boring.Enabled { ++ if boring.Enabled() { + ikm, err := boring.ExtractHKDF(c.hash.New, newSecret, currentSecret) + if err != nil { + panic("tls: HKDF-Extract invocation failed unexpectedly") +@@ -150,7 +150,7 @@ func generateECDHEParameters(rand io.Reader, curveID CurveID) (ecdheParameters, + + p := &nistParameters{curveID: curveID} + var err error +- if boring.Enabled { ++ if boring.Enabled() { + x, y, d, err := boring.GenerateKeyECDH(curve.Params().Name) + if err != nil { + return nil, err +@@ -197,7 +197,7 @@ func (p *nistParameters) PublicKey() []byte { + + func (p *nistParameters) SharedKey(peerPublicKey []byte) []byte { + curve, _ := curveForCurveID(p.curveID) +- if boring.Enabled { ++ if boring.Enabled() { + k := new(big.Int).SetBytes(p.privateKey) + priv, err := boring.NewPrivateKeyECDH(curve.Params().Name, bbig.Enc(p.x), bbig.Enc(p.y), bbig.Enc(k)) + if err != nil { diff --git a/src/crypto/tls/notboring.go b/src/crypto/tls/notboring.go index 7d85b39..fe27194 100644 --- a/src/crypto/tls/notboring.go @@ -1552,7 +1656,7 @@ index 7d85b39..fe27194 100644 package tls diff --git a/src/crypto/x509/boring.go b/src/crypto/x509/boring.go -index 4aae905..4f7c0ad 100644 +index 42706f9..de4442e 100644 --- a/src/crypto/x509/boring.go +++ b/src/crypto/x509/boring.go @@ -2,7 +2,7 @@ @@ -1565,7 +1669,7 @@ index 4aae905..4f7c0ad 100644 package x509 diff --git a/src/crypto/x509/boring_test.go b/src/crypto/x509/boring_test.go -index 7010f44..22efb08 100644 +index 70021f3..7607c33 100644 --- a/src/crypto/x509/boring_test.go +++ b/src/crypto/x509/boring_test.go @@ -2,7 +2,7 @@ @@ -1591,27 +1695,27 @@ index c83a727..0c7dea2 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 94380d6..0768c57 100644 +index 6c31631..181ce9b 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std go 1.19 require ( -+ github.com/golang-fips/openssl-fips v0.0.0-20220914203141-60f04d7f65e2 ++ github.com/golang-fips/openssl-fips v0.0.0-20221018135344-eeda1baae76c golang.org/x/crypto v0.0.0-20220516162934-403b01795ae8 - golang.org/x/net v0.0.0-20220517181318-183a9ca12b87 + golang.org/x/net v0.0.0-20220907013720-d52c520e3766 ) diff --git a/src/go.sum b/src/go.sum -index a54b056..ddd5d69 100644 +index 2f90a33..7871ac3 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl-fips v0.0.0-20220914203141-60f04d7f65e2 h1:ZnpZRmIMhfs/ubxzWizPBAGhdHBkjb9DCDmtiWUGV84= -+github.com/golang-fips/openssl-fips v0.0.0-20220914203141-60f04d7f65e2/go.mod h1:V2IU8imz/VkScnIbTOrdYsZ5R88ZFypCE0LzhRJ3HsI= ++github.com/golang-fips/openssl-fips v0.0.0-20221018135344-eeda1baae76c h1:JAKv3y5+79PdvH8+aqBN9sGow464W4Iegvdx6qtqJJc= ++github.com/golang-fips/openssl-fips v0.0.0-20221018135344-eeda1baae76c/go.mod h1:V2IU8imz/VkScnIbTOrdYsZ5R88ZFypCE0LzhRJ3HsI= golang.org/x/crypto v0.0.0-20220516162934-403b01795ae8 h1:y+mHpWoQJNAHt26Nhh6JP7hvM71IRZureyvZhoVALIs= golang.org/x/crypto v0.0.0-20220516162934-403b01795ae8/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= - golang.org/x/net v0.0.0-20220517181318-183a9ca12b87 h1:cCR+9mKLOGyX4Zx+uBZDXEDAQsvKQ/XbW4vreG5v1jU= + golang.org/x/net v0.0.0-20220907013720-d52c520e3766 h1:D02YdIT3M6OQkZXTQiO761u/SmR3DDDiDXLN2oZIUac= diff --git a/src/vendor/github.com/golang-fips/openssl-fips/LICENSE b/src/vendor/github.com/golang-fips/openssl-fips/LICENSE new file mode 100644 index 0000000..093267e @@ -2299,13 +2403,13 @@ index 0000000..0b61e79 + return out[:outLen], nil +} diff --git a/src/crypto/internal/boring/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -similarity index 73% +similarity index 60% rename from src/crypto/internal/boring/ecdsa.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -index 884c4b7..eb63507 100644 +index 884c4b7..b350140 100644 --- a/src/crypto/internal/boring/ecdsa.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -@@ -2,12 +2,12 @@ +@@ -2,21 +2,24 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. @@ -2321,8 +2425,21 @@ index 884c4b7..eb63507 100644 +// #include "goopenssl.h" import "C" import ( ++ "crypto" ++ "encoding/asn1" "errors" -@@ -36,11 +36,15 @@ func (k *PublicKeyECDSA) finalize() { ++ "math/big" + "runtime" + "unsafe" + ) + + type ecdsaSignature struct { +- R, S BigInt ++ R, S *big.Int + } + + type PrivateKeyECDSA struct { +@@ -36,11 +39,15 @@ func (k *PublicKeyECDSA) finalize() { } var errUnknownCurve = errors.New("boringcrypto: unknown elliptic curve") @@ -2339,7 +2456,7 @@ index 884c4b7..eb63507 100644 case "P-256": return C.GO_NID_X9_62_prime256v1, nil case "P-384": -@@ -72,13 +76,13 @@ func newECKey(curve string, X, Y BigInt) (*C.GO_EC_KEY, error) { +@@ -72,13 +79,13 @@ func newECKey(curve string, X, Y BigInt) (*C.GO_EC_KEY, error) { } key := C._goboringcrypto_EC_KEY_new_by_curve_name(nid) if key == nil { @@ -2355,7 +2472,7 @@ index 884c4b7..eb63507 100644 } bx := bigToBN(X) by := bigToBN(Y) -@@ -93,7 +97,7 @@ func newECKey(curve string, X, Y BigInt) (*C.GO_EC_KEY, error) { +@@ -93,7 +100,7 @@ func newECKey(curve string, X, Y BigInt) (*C.GO_EC_KEY, error) { C._goboringcrypto_EC_POINT_free(pt) if !ok { C._goboringcrypto_EC_KEY_free(key) @@ -2364,7 +2481,7 @@ index 884c4b7..eb63507 100644 } return key, nil } -@@ -110,7 +114,7 @@ func NewPrivateKeyECDSA(curve string, X, Y BigInt, D BigInt) (*PrivateKeyECDSA, +@@ -110,7 +117,7 @@ func NewPrivateKeyECDSA(curve string, X, Y BigInt, D BigInt) (*PrivateKeyECDSA, } if !ok { C._goboringcrypto_EC_KEY_free(key) @@ -2373,7 +2490,31 @@ index 884c4b7..eb63507 100644 } k := &PrivateKeyECDSA{key} // Note: Because of the finalizer, any time k.key is passed to cgo, -@@ -125,15 +129,16 @@ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { +@@ -121,19 +128,55 @@ func NewPrivateKeyECDSA(curve string, X, Y BigInt, D BigInt) (*PrivateKeyECDSA, + return k, nil + } + ++func HashSignECDSA(priv *PrivateKeyECDSA, hash []byte, h crypto.Hash) (*big.Int, *big.Int, error) { ++ size := C._goboringcrypto_ECDSA_size(priv.key) ++ sig := make([]byte, size) ++ var sigLen C.uint ++ md := cryptoHashToMD(h) ++ if md == nil { ++ panic("boring: invalid hash") ++ } ++ if C._goboringcrypto_ECDSA_sign(md, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), &sigLen, priv.key) == 0 { ++ return nil, nil, NewOpenSSLError("ECDSA_sign failed") ++ } ++ runtime.KeepAlive(priv) ++ sig = sig[:sigLen] ++ var esig ecdsaSignature ++ if _, err := asn1.Unmarshal(sig, &esig); err != nil { ++ return nil, nil, err ++ } ++ return esig.R, esig.S, nil ++} ++ + func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) { size := C._goboringcrypto_ECDSA_size(priv.key) sig := make([]byte, size) var sigLen C.uint @@ -2387,14 +2528,28 @@ index 884c4b7..eb63507 100644 runtime.KeepAlive(priv) return sig[:sigLen], nil } -- + func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool { - ok := C._goboringcrypto_ECDSA_verify(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), C.size_t(len(sig)), pub.key) != 0 + ok := C._goboringcrypto_internal_ECDSA_verify(0, base(hash), C.size_t(len(hash)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), C.uint(len(sig)), pub.key) > 0 ++ runtime.KeepAlive(pub) ++ return ok ++} ++ ++func HashVerifyECDSA(pub *PublicKeyECDSA, msg []byte, r, s *big.Int, h crypto.Hash) bool { ++ md := cryptoHashToMD(h) ++ if md == nil { ++ panic("boring: invalid hash") ++ } ++ sig, err := asn1.Marshal(ecdsaSignature{r, s}) ++ if err != nil { ++ return false ++ } ++ ok := C._goboringcrypto_ECDSA_verify(md, base(msg), C.size_t(len(msg)), (*C.uint8_t)(unsafe.Pointer(&sig[0])), C.uint(len(sig)), pub.key) > 0 runtime.KeepAlive(pub) return ok } -@@ -145,30 +150,30 @@ func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) { +@@ -145,30 +188,30 @@ func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) { } key := C._goboringcrypto_EC_KEY_new_by_curve_name(nid) if key == nil { @@ -2434,10 +2589,10 @@ index 884c4b7..eb63507 100644 } diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h new file mode 100644 -index 0000000..6d6a562 +index 0000000..411fefd --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h -@@ -0,0 +1,869 @@ +@@ -0,0 +1,954 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -2704,7 +2859,7 @@ index 0000000..6d6a562 +static inline void +_goboringcrypto_HMAC_CTX_free(HMAC_CTX *ctx) { + if (ctx != NULL) { -+ _goboringcrypto_HMAC_CTX_cleanup(ctx); ++ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx); + free(ctx); + } +} @@ -2753,8 +2908,8 @@ index 0000000..6d6a562 +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static inline int +_goboringcrypto_HMAC_CTX_reset(GO_HMAC_CTX* ctx) { -+ _goboringcrypto_HMAC_CTX_cleanup(ctx); -+ _goboringcrypto_HMAC_CTX_init(ctx); ++ _goboringcrypto_internal_HMAC_CTX_cleanup(ctx); ++ _goboringcrypto_internal_HMAC_CTX_init(ctx); + return 0; +} +#else @@ -2922,12 +3077,12 @@ index 0000000..6d6a562 + GO_RSA *key); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L -+DEFINEFUNC(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx)) -+#else -+DEFINEFUNCINTERNAL(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx)) ++DEFINEFUNCINTERNAL(void, EVP_MD_CTX_destroy, (EVP_MD_CTX *ctx), (ctx)) +static inline void _goboringcrypto_EVP_MD_CTX_free(EVP_MD_CTX *ctx) { -+ return _goboringcrypto_internal_EVP_MD_CTX_free(ctx); ++ return _goboringcrypto_internal_EVP_MD_CTX_destroy(ctx); +} ++#else ++DEFINEFUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx)) +#endif + +int _goboringcrypto_ECDSA_sign(EVP_MD *md, const uint8_t *arg1, size_t arg2, uint8_t *arg3, unsigned int *arg4, GO_EC_KEY *arg5); @@ -3183,6 +3338,7 @@ index 0000000..6d6a562 +typedef EVP_PKEY_CTX GO_EVP_PKEY_CTX; + +DEFINEFUNC(GO_EVP_PKEY_CTX *, EVP_PKEY_CTX_new, (GO_EVP_PKEY * arg0, ENGINE *arg1), (arg0, arg1)) ++DEFINEFUNC(GO_EVP_PKEY_CTX *, EVP_PKEY_CTX_new_id, (int arg0, ENGINE *arg1), (arg0, arg1)) +DEFINEFUNC(void, EVP_PKEY_CTX_free, (GO_EVP_PKEY_CTX * arg0), (arg0)) +DEFINEFUNC(int, EVP_PKEY_CTX_ctrl, + (EVP_PKEY_CTX * ctx, int keytype, int optype, int cmd, int p1, void *p2), @@ -3294,25 +3450,109 @@ index 0000000..6d6a562 + GO_EVP_PKEY_HKDF = EVP_PKEY_HKDF, +}; + -+DEFINEFUNC(GO_EVP_PKEY_CTX *, EVP_PKEY_CTX_new_id, (int arg0, ENGINE *arg1), (arg0, arg1)) -+ +enum { + GO_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY, + GO_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY, +}; + ++#if OPENSSL_VERSION_NUMBER >= 0x30000000 +DEFINEFUNC(int, EVP_PKEY_CTX_set_hkdf_mode, (GO_EVP_PKEY_CTX *arg0, int arg1), (arg0, arg1)) +DEFINEFUNC(int, EVP_PKEY_CTX_set_hkdf_md, (GO_EVP_PKEY_CTX *arg0, const GO_EVP_MD *arg1), (arg0, arg1)) +DEFINEFUNC(int, EVP_PKEY_CTX_set1_hkdf_salt, (GO_EVP_PKEY_CTX *arg0, unsigned char *arg1, int arg2), (arg0, arg1, arg2)) +DEFINEFUNC(int, EVP_PKEY_CTX_set1_hkdf_key, (GO_EVP_PKEY_CTX *arg0, unsigned char *arg1, int arg2), (arg0, arg1, arg2)) +DEFINEFUNC(int, EVP_PKEY_CTX_add1_hkdf_info, (GO_EVP_PKEY_CTX *arg0, unsigned char *arg1, int arg2), (arg0, arg1, arg2)) ++#else ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set_hkdf_mode(GO_EVP_PKEY_CTX *pctx, int mode) ++{ ++ return _goboringcrypto_EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, ++ EVP_PKEY_CTRL_HKDF_MODE, mode, NULL); ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set_hkdf_md(GO_EVP_PKEY_CTX *pctx, const GO_EVP_MD *md) ++{ ++ return _goboringcrypto_EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, ++ EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md)); ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set1_hkdf_salt(GO_EVP_PKEY_CTX *pctx, unsigned char *salt, int saltlen) ++{ ++ return _goboringcrypto_EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, ++ EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt)); ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set1_hkdf_key(GO_EVP_PKEY_CTX *pctx, unsigned char *key, int keylen) ++{ ++ return _goboringcrypto_EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, ++ EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key)); ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_add1_hkdf_info(GO_EVP_PKEY_CTX *pctx, unsigned char *info, int infolen) ++{ ++ return _goboringcrypto_EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, ++ EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info)); ++} ++#endif ++ ++ ++#else ++ ++/* As HKDF is not supported in earlier OpenSSL versions than 1.1.1 and ++ * fallback implementation cannot be provided in a FIPS compliant ++ * manner, we only provide stub definitions of the above symbols. At ++ * run-time, HKDF operations in hkdf.go (see newHKDF) will return an ++ * error depending on the OpenSSL version. ++ */ ++ ++enum { ++ GO_EVP_PKEY_HKDF, ++}; ++ ++enum { ++ GO_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY, ++ GO_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY, ++}; ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set_hkdf_mode(GO_EVP_PKEY_CTX *arg0, int arg1) ++{ ++ return -1; ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set_hkdf_md(GO_EVP_PKEY_CTX *arg0, const GO_EVP_MD *arg1) ++{ ++ return -1; ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set1_hkdf_salt(GO_EVP_PKEY_CTX *arg0, unsigned char *arg1, int arg2) ++{ ++ return -1; ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_set1_hkdf_key(GO_EVP_PKEY_CTX *arg0, unsigned char *arg1, int arg2) ++{ ++ return -1; ++} ++ ++static inline int ++_goboringcrypto_EVP_PKEY_CTX_add1_hkdf_info(GO_EVP_PKEY_CTX *arg0, unsigned char *arg1, int arg2) ++{ ++ return -1; ++} +#endif diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go new file mode 100644 -index 0000000..ae40b93 +index 0000000..4328a5c --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/hkdf.go -@@ -0,0 +1,100 @@ +@@ -0,0 +1,104 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -3335,6 +3575,10 @@ index 0000000..ae40b93 +} + +func newHKDF(h func() hash.Hash, mode C.int) (*hkdf, error) { ++ if openSSLVersion() < OPENSSL_VERSION_1_1_1 { ++ return nil, NewOpenSSLError("HKDF is not supported") ++ } ++ + ch := h() + md := hashToMD(ch) + if md == nil { @@ -3541,7 +3785,7 @@ diff --git a/src/crypto/internal/boring/notboring.go b/src/vendor/github.com/gol similarity index 69% rename from src/crypto/internal/boring/notboring.go rename to src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go -index 53096a6..7c0b5d6 100644 +index 53096a6..4a45e95 100644 --- a/src/crypto/internal/boring/notboring.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/notboring.go @@ -2,33 +2,34 @@ @@ -3656,19 +3900,19 @@ index 53096a6..7c0b5d6 100644 panic("boringcrypto: not available") } + -+func ExtractHKDF(h func() hash.Hash, secret, salt []byte) []byte { ++func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { + panic("boringcrypto: not available") +} + -+func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) io.Reader { ++func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { + panic("boringcrypto: not available") +} diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go new file mode 100644 -index 0000000..d49194d +index 0000000..86d7c6c --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/openssl.go -@@ -0,0 +1,247 @@ +@@ -0,0 +1,248 @@ +// Copyright 2017 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. @@ -3702,6 +3946,7 @@ index 0000000..d49194d + +const ( + OPENSSL_VERSION_1_1_0 = uint64(C.ulong(0x10100000)) ++ OPENSSL_VERSION_1_1_1 = uint64(C.ulong(0x10101000)) + OPENSSL_VERSION_3_0_0 = uint64(C.ulong(0x30000000)) +) + @@ -5433,11 +5678,11 @@ index 15b50c9..0b55ced 100644 type sha512Ctx struct { diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index dfb87ab..70df081 100644 +index 35c0208..f44bcb1 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,6 @@ -+# github.com/golang-fips/openssl-fips v0.0.0-20220914203141-60f04d7f65e2 ++# github.com/golang-fips/openssl-fips v0.0.0-20221018135344-eeda1baae76c +## explicit; go 1.18 +github.com/golang-fips/openssl-fips/openssl # golang.org/x/crypto v0.0.0-20220516162934-403b01795ae8 diff --git a/SOURCES/disable_static_tests_part1.patch b/SOURCES/disable_static_tests_part1.patch index 5dd3001..5b99e48 100644 --- a/SOURCES/disable_static_tests_part1.patch +++ b/SOURCES/disable_static_tests_part1.patch @@ -1,5 +1,5 @@ diff --git a/src/crypto/internal/backend/nobackend.go b/src/crypto/internal/backend/nobackend.go -index 1d75287..2b99ea2 100644 +index 5f258a2..5dbbc42 100644 --- a/src/crypto/internal/backend/nobackend.go +++ b/src/crypto/internal/backend/nobackend.go @@ -2,8 +2,8 @@ @@ -13,21 +13,6 @@ index 1d75287..2b99ea2 100644 package backend -diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go -index 4c327e0..6786c1f 100644 ---- a/src/crypto/internal/backend/openssl.go -+++ b/src/crypto/internal/backend/openssl.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl --// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl -+//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static - - // Package openssl provides access to OpenSSLCrypto implementation functions. - // Check the variable Enabled to find out whether OpenSSLCrypto is available. diff --git a/src/crypto/internal/boring/goboringcrypto.h b/src/crypto/internal/boring/goboringcrypto.h index d6d99b1..f2fe332 100644 --- a/src/crypto/internal/boring/goboringcrypto.h @@ -82,7 +67,7 @@ index 0b61e79..94d0c98 100644 package openssl diff --git a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go -index eb63507..a3aeed1 100644 +index afec529..d822152 100644 --- a/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go +++ b/src/vendor/github.com/golang-fips/openssl-fips/openssl/ecdsa.go @@ -2,8 +2,8 @@ diff --git a/SOURCES/openssl_cgo_build_tag.patch b/SOURCES/openssl_cgo_build_tag.patch deleted file mode 100644 index 36d8733..0000000 --- a/SOURCES/openssl_cgo_build_tag.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/crypto/internal/backend/openssl.go b/src/crypto/internal/backend/openssl.go -index 6786c1f..5a330cf 100644 ---- a/src/crypto/internal/backend/openssl.go -+++ b/src/crypto/internal/backend/openssl.go -@@ -2,8 +2,8 @@ - // Use of this source code is governed by a BSD-style - // license that can be found in the LICENSE file. - --//go:build linux && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static --// +build linux,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static -+//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan && !no_openssl && !static -+// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan,!no_openssl,!static - - // Package openssl provides access to OpenSSLCrypto implementation functions. - // Check the variable Enabled to find out whether OpenSSLCrypto is available. diff --git a/SPECS/golang.spec b/SPECS/golang.spec index 2e54e0a..1c834b7 100644 --- a/SPECS/golang.spec +++ b/SPECS/golang.spec @@ -96,12 +96,12 @@ %endif %global go_api 1.19 -%global version 1.19.1 +%global version 1.19.2 %global pkg_release 1 Name: golang Version: %{version} -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Go Programming Language # source tree includes several copies of Mark.Twain-Tom.Sawyer.txt under Public Domain License: BSD and Public Domain @@ -143,7 +143,6 @@ Patch0: 000-initial-setup.patch Patch1: 001-initial-openssl-for-fips.patch Patch2: disable_static_tests_part1.patch Patch3: disable_static_tests_part2.patch -Patch4: openssl_cgo_build_tag.patch Patch227: cmd-link-use-correct-path-for-dynamic-loader-on-ppc6.patch @@ -234,13 +233,12 @@ Requires: %{name} = %{version}-%{release} %endif %prep -%setup -q -n go-go1.19.1 +%setup -q -n go-go%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 %patch221 -p1 @@ -519,6 +517,18 @@ cd .. %endif %changelog +* Mon Oct 17 2022 David Benoit - 1.19.2-3 +- Restore old HashSign/HashVerify API +- Resolves: rhbz#2132730 + +* Mon Oct 17 2022 David Benoit - 1.19.2-2 +- Add support for 4096 bit keys in x509 +- Resolves: rhbz#2132694 + +* Thu Oct 13 2022 David Benoit - 1.19.2-1 +- Rebase to Go 1.19.2 +- Resolves: rhbz#2132730 + * Wed Sep 14 2022 David Benoit - 1.19.1-2 - Rebase to Go 1.19.1 - Resolves: rhbz#2131026