remove unused crypto, use OpenSSL if FIPS mode is enabled

Resolves: rhbz#1956384

008-remove-unused-frontend-crypto.patch

@@ -0,0 +1,26 @@
+diff --git a/package.json b/package.json
+index 280e171804..13468e56bd 100644
+--- a/package.json
++++ b/package.json
+@@ -295,7 +295,8 @@
+   },
+   "resolutions": {
+     "caniuse-db": "1.0.30000772",
+-    "react-use-measure": "https://github.com/mckn/react-use-measure.git#remove-cjs-export"
++    "react-use-measure": "https://github.com/mckn/react-use-measure.git#remove-cjs-export",
++    "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz"
+   },
+   "workspaces": {
+     "packages": [
+diff --git a/scripts/webpack/webpack.common.js b/scripts/webpack/webpack.common.js
+index 3e56d31c37..a03ed1a67a 100644
+--- a/scripts/webpack/webpack.common.js
++++ b/scripts/webpack/webpack.common.js
+@@ -66,6 +66,7 @@ module.exports = {
+   },
+   node: {
+     fs: 'empty',
++    crypto: false,
+   },
+   plugins: [
+     new MonacoWebpackPlugin({

009-patch-unused-backend-crypto.patch

@@ -0,0 +1,168 @@
+diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+new file mode 100644
+index 0000000..871e612
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+@@ -0,0 +1,25 @@
++package elgamal
++
++import (
++	"io"
++	"math/big"
++)
++
++// PublicKey represents an ElGamal public key.
++type PublicKey struct {
++	G, P, Y *big.Int
++}
++
++// PrivateKey represents an ElGamal private key.
++type PrivateKey struct {
++	PublicKey
++	X *big.Int
++}
++
++func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
++	panic("ElGamal encryption not available")
++}
++
++func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
++	panic("ElGamal encryption not available")
++}
+diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+index 9728d61..9f04c2d 100644
+--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
++++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+@@ -16,7 +16,6 @@ import (
+ 	"math/big"
+ 	"math/bits"
+ 
+-	"golang.org/x/crypto/cast5"
+ 	"golang.org/x/crypto/openpgp/errors"
+ )
+ 
+@@ -487,7 +486,7 @@ func (cipher CipherFunction) KeySize() int {
+ 	case Cipher3DES:
+ 		return 24
+ 	case CipherCAST5:
+-		return cast5.KeySize
++		panic("cast5 cipher not available")
+ 	case CipherAES128:
+ 		return 16
+ 	case CipherAES192:
+@@ -517,7 +516,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
+ 	case Cipher3DES:
+ 		block, _ = des.NewTripleDESCipher(key)
+ 	case CipherCAST5:
+-		block, _ = cast5.NewCipher(key)
++		panic("cast5 cipher not available")
+ 	case CipherAES128, CipherAES192, CipherAES256:
+ 		block, _ = aes.NewCipher(key)
+ 	}
+diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
+index 6126030..3a54c5f 100644
+--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
++++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
+@@ -5,13 +5,12 @@
+ package packet
+ 
+ import (
+-	"crypto/cipher"
+ 	"crypto/sha1"
+ 	"crypto/subtle"
+-	"golang.org/x/crypto/openpgp/errors"
+ 	"hash"
+ 	"io"
+-	"strconv"
++
++	"golang.org/x/crypto/openpgp/errors"
+ )
+ 
+ // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
+@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
+ // packet can be read. An incorrect key can, with high probability, be detected
+ // immediately and this will result in a KeyIncorrect error being returned.
+ func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
+-	keySize := c.KeySize()
+-	if keySize == 0 {
+-		return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
+-	}
+-	if len(key) != keySize {
+-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
+-	}
+-
+-	if se.prefix == nil {
+-		se.prefix = make([]byte, c.blockSize()+2)
+-		_, err := readFull(se.contents, se.prefix)
+-		if err != nil {
+-			return nil, err
+-		}
+-	} else if len(se.prefix) != c.blockSize()+2 {
+-		return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
+-	}
+-
+-	ocfbResync := OCFBResync
+-	if se.MDC {
+-		// MDC packets use a different form of OCFB mode.
+-		ocfbResync = OCFBNoResync
+-	}
+-
+-	s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
+-	if s == nil {
+-		return nil, errors.ErrKeyIncorrect
+-	}
+-
+-	plaintext := cipher.StreamReader{S: s, R: se.contents}
+-
+-	if se.MDC {
+-		// MDC packets have an embedded hash that we need to check.
+-		h := sha1.New()
+-		h.Write(se.prefix)
+-		return &seMDCReader{in: plaintext, h: h}, nil
+-	}
+-
+-	// Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
+-	return seReader{plaintext}, nil
++	panic("OCFB cipher not available")
+ }
+ 
+ // seReader wraps an io.Reader with a no-op Close method.
+@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
+ // written.
+ // If config is nil, sensible defaults will be used.
+ func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
+-	if c.KeySize() != len(key) {
+-		return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
+-	}
+-	writeCloser := noOpCloser{w}
+-	ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
+-	if err != nil {
+-		return
+-	}
+-
+-	_, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
+-	if err != nil {
+-		return
+-	}
+-
+-	block := c.new(key)
+-	blockSize := block.BlockSize()
+-	iv := make([]byte, blockSize)
+-	_, err = config.Random().Read(iv)
+-	if err != nil {
+-		return
+-	}
+-	s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
+-	_, err = ciphertext.Write(prefix)
+-	if err != nil {
+-		return
+-	}
+-	plaintext := cipher.StreamWriter{S: s, W: ciphertext}
+-
+-	h := sha1.New()
+-	h.Write(iv)
+-	h.Write(iv[blockSize-2:])
+-	contents = &seMDCWriter{w: plaintext, h: h}
+-	return
++	panic("OCFB cipher not available")
+ }

010-fips.patch

@@ -0,0 +1,140 @@
+diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
+new file mode 100644
+index 0000000..a9c550e
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/internal/boring/boring.go
+@@ -0,0 +1,74 @@
++// Copyright 2017 The Go Authors. All rights reserved.
++// Copyright 2021 Red Hat.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// +build linux
++// +build !android
++// +build !no_openssl
++// +build !cmd_go_bootstrap
++// +build !msan
++
++package boring
++
++// #include "openssl_pbkdf2.h"
++// #cgo LDFLAGS: -ldl
++import "C"
++import (
++	"bytes"
++	"crypto/sha1"
++	"crypto/sha256"
++	"hash"
++	"unsafe"
++)
++
++var (
++	emptySha1   = sha1.Sum([]byte{})
++	emptySha256 = sha256.Sum256([]byte{})
++)
++
++func hashToMD(h hash.Hash) *C.GO_EVP_MD {
++	emptyHash := h.Sum([]byte{})
++
++	switch {
++	case bytes.Equal(emptyHash, emptySha1[:]):
++		return C._goboringcrypto_EVP_sha1()
++	case bytes.Equal(emptyHash, emptySha256[:]):
++		return C._goboringcrypto_EVP_sha256()
++	}
++	return nil
++}
++
++// charptr returns the address of the underlying array in b,
++// being careful not to panic when b has zero length.
++func charptr(b []byte) *C.char {
++	if len(b) == 0 {
++		return nil
++	}
++	return (*C.char)(unsafe.Pointer(&b[0]))
++}
++
++// ucharptr returns the address of the underlying array in b,
++// being careful not to panic when b has zero length.
++func ucharptr(b []byte) *C.uchar {
++	if len(b) == 0 {
++		return nil
++	}
++	return (*C.uchar)(unsafe.Pointer(&b[0]))
++}
++
++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
++	// println("[debug] using pbkdf2 from OpenSSL")
++	ch := h()
++	md := hashToMD(ch)
++	if md == nil {
++		return nil
++	}
++
++	out := make([]byte, keyLen)
++	ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
++	if ok != 1 {
++		panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
++	}
++	return out
++}
+diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go
+new file mode 100644
+index 0000000..e244fb5
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go
+@@ -0,0 +1,16 @@
++// Copyright 2017 The Go Authors. All rights reserved.
++// Copyright 2021 Red Hat.
++// Use of this source code is governed by a BSD-style
++// license that can be found in the LICENSE file.
++
++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
++
++package boring
++
++import (
++	"hash"
++)
++
++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
++	panic("boringcrypto: not available")
++}
+diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
+new file mode 100644
+index 0000000..6dfdf10
+--- /dev/null
++++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
+@@ -0,0 +1,5 @@
++#include "/usr/lib/golang/src/crypto/internal/boring/goboringcrypto.h"
++
++DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
++    (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
++    (pass, passlen, salt, saltlen, iter, digest, keylen, out))
+diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+index 593f653..799a611 100644
+--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
++++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+@@ -19,8 +19,11 @@ pbkdf2.Key.
+ package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
+ 
+ import (
++	"crypto/boring"
+ 	"crypto/hmac"
+ 	"hash"
++
++	xboring "golang.org/x/crypto/internal/boring"
+ )
+ 
+ // Key derives a key from the password, salt and iteration count, returning a
+@@ -40,6 +43,10 @@ import (
+ // Using a higher iteration count will increase the cost of an exhaustive
+ // search but will also make derivation proportionally slower.
+ func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
++	if boring.Enabled() {
++		return xboring.Pbkdf2Key(password, salt, iter, keyLen, h)
++	}
++
+ 	prf := hmac.New(h, password)
+ 	hashLen := prf.Size()
+ 	numBlocks := (keyLen + hashLen - 1) / hashLen

Makefile

@@ -5,16 +5,25 @@ all: grafana-$(VER).tar.gz \
 grafana-$(VER).tar.gz:
 	wget https://github.com/grafana/grafana/archive/v$(VER)/grafana-$(VER).tar.gz
 
+ALL_PATCHES := $(wildcard *.patch)
+PATCHES_TO_APPLY := $(filter-out 009-patch-unused-backend-crypto.patch 010-fips.patch,$(ALL_PATCHES))
+
 grafana-vendor-$(VER).tar.xz: grafana-$(VER).tar.gz
 	rm -rf grafana-$(VER)
 	tar xfz grafana-$(VER).tar.gz
 
-	# patches can affect Go or Node.js dependencies
-	cd grafana-$(VER) && shopt -s nullglob && \
-		for patch in ../*.patch; do patch -p1 --fuzz=0 < $$patch; done
+	# patches can affect Go or Node.js dependencies, or the webpack
+	for patch in $(PATCHES_TO_APPLY); do patch -d grafana-$(VER) -p1 --fuzz=0 < $$patch; done
 
 	# Go
 	cd grafana-$(VER) && go mod vendor -v
+	# Remove unused crypto
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/cast5/cast5.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/ed25519.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+	rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
 	awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-$(VER)/go.mod | \
 		sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest
 
@@ -22,7 +31,7 @@ grafana-vendor-$(VER).tar.xz: grafana-$(VER).tar.gz
 	cd grafana-$(VER) && yarn install --pure-lockfile
 	# Remove files with licensing issues
 	find grafana-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \;
-	find grafana-$(VER) -name '*.exe' -delete
+	find grafana-$(VER) -type f -name '*.exe' -delete
 	./list_bundled_nodejs_packages.py grafana-$(VER)/ >> $@.manifest
 
 	# Create tarball

grafana.spec

@@ -22,9 +22,15 @@ end}
 # is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system)
 %define compile_frontend 0
 
+%if 0%{?rhel}
+%define enable_fips_mode 1
+%else
+%define enable_fips_mode 0
+%endif
+
 Name:             grafana
 Version:          7.5.7
-Release:          1%{?dist}
+Release:          2%{?dist}
 Summary:          Metrics dashboard and graph editor
 License:          ASL 2.0
 URL:              https://grafana.org
@@ -72,6 +78,19 @@ Patch6:           006-fix-gtime-test-32bit.patch
 
 Patch7:           007-remove-duplicate-grafana-aws-sdk-dependency.patch
 
+Patch8:           008-remove-unused-frontend-crypto.patch
+
+# The Makefile removes a few files with crypto implementations
+# from the vendor tarball, which are not used in Grafana.
+# This patch removes all references to the deleted files.
+Patch9:           009-patch-unused-backend-crypto.patch
+
+%if %{enable_fips_mode}
+# This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
+# if FIPS mode is enabled.
+Patch10:          010-fips.patch
+%endif
+
 # Intersection of go_arches and nodejs_arches
 ExclusiveArch:    %{grafana_arches}
 
@@ -79,10 +98,15 @@ BuildRequires:    systemd, golang, go-srpm-macros
 %if 0%{?fedora} >= 31
 BuildRequires:    go-rpm-macros
 %endif
+
 %if %{compile_frontend}
 BuildRequires:    nodejs >= 1:14, yarnpkg
 %endif
 
+%if %{enable_fips_mode}
+BuildRequires:    openssl-devel
+%endif
+
 # omit golang debugsource, see BZ995136 and related
 %global           dwz_low_mem_die_limit 0
 %global           _debugsource_template %{nil}
@@ -461,6 +485,11 @@ rm -r plugins-bundled
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%if %{enable_fips_mode}
+%patch10 -p1
+%endif
 
 # Set up build subdirs and links
 mkdir -p %{_builddir}/src/github.com/grafana
@@ -590,6 +619,9 @@ export TZ=GMT
 
 %gotest ./pkg/...
 
+%if %{enable_fips_mode}
+GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption
+%endif
 
 %files
 # binaries and wrappers
@@ -636,6 +668,10 @@ export TZ=GMT
 
 
 %changelog
+* Fri Jun 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-2
+- remove unused cryptographic implementations
+- use cryptographic functions from OpenSSL if FIPS mode is enabled
+
 * Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1
 - update to 7.5.7 tagged upstream community sources, see CHANGELOG
 

list_bundled_nodejs_packages.py

@@ -1,4 +1,7 @@
 #!/usr/bin/env python3
+#
+# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json
+#
 import sys
 import json
 import re

sources

@@ -1,3 +1,3 @@
 SHA512 (grafana-7.5.7.tar.gz) = e8adbfffca91bfb43cf810b9e6b0fa6a0abe765ae4a45f6a1add09c35b1a5bc1f241dc91fad69669b437bfcd107b46f7a09bee9d3272670aaf6e4e501a84edec
-SHA512 (grafana-webpack-7.5.7.tar.gz) = 0a40019e859f5c658d6cc25df9504ca350bda48bd2641a87a5efdd9244b7644e19f84d035ca3b4c90263d16d39029b762bed0f3ac00496a27601255fa1437031
-SHA512 (grafana-vendor-7.5.7.tar.xz) = 19a90e6cc7442b7575a1de035441d3b0dd8a347cddd766ad161b4f5e409fdf20cdf68d0cf8dfcd377ea150e800bbe79f5012b161882b014fbb102a128399f3ea
+SHA512 (grafana-webpack-7.5.7.tar.gz) = 9a4fc0ff83ef607cf15529aa32b48178de4fdcc16deafd0409ffd6e21d284fe9f897986ba7b68ffdbf1984731cd040d789aa3246896b9da73d31d57b8a0b3389
+SHA512 (grafana-vendor-7.5.7.tar.xz) = 0b22e9d9bb3f6a9ab0dabdca76d2ec43e43f79ea2a3d34d09d1855d5c4aadf1fcc42ebd127d989b71a93bd527971ad7796fd48a99421df8f4376d9247d67d2ce