From 07e4fd05bb4c3deb46641f055a573d7f8a729d49 Mon Sep 17 00:00:00 2001 From: qmuntal Date: Fri, 27 Sep 2024 14:09:13 +0200 Subject: [PATCH] resolve conflicts --- .../0002-Add-crypto-backend-foundation.patch | 16 +- .../0003-Add-BoringSSL-crypto-backend.patch | 2 +- ...0010-Support-TLS-1.3-in-fipstls-mode.patch | 281 ------------------ ...OFIPS-when-running-the-Go-toolchain.patch} | 0 ...pport-for-logging-used-Windows-APIs.patch} | 0 ... 0012-remove-long-path-support-hack.patch} | 0 ...ernal-go.mod-files-used-for-codegen.patch} | 0 7 files changed, 9 insertions(+), 290 deletions(-) delete mode 100644 patches/0010-Support-TLS-1.3-in-fipstls-mode.patch rename patches/{0011-unset-GOFIPS-when-running-the-Go-toolchain.patch => 0010-unset-GOFIPS-when-running-the-Go-toolchain.patch} (100%) rename patches/{0012-add-support-for-logging-used-Windows-APIs.patch => 0011-add-support-for-logging-used-Windows-APIs.patch} (100%) rename patches/{0013-remove-long-path-support-hack.patch => 0012-remove-long-path-support-hack.patch} (100%) rename patches/{0014-Omit-internal-go.mod-files-used-for-codegen.patch => 0013-Omit-internal-go.mod-files-used-for-codegen.patch} (100%) diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch index 6507170b41a..a9494e5bb94 100644 --- a/patches/0002-Add-crypto-backend-foundation.patch +++ b/patches/0002-Add-crypto-backend-foundation.patch @@ -877,8 +877,8 @@ index 843678702bf93f..28f4ae5621921d 100644 "hash" "internal/byteorder" @@ -99,6 +100,9 @@ func consumeUint32(b []byte) ([]byte, uint32) { - // implements [encoding.BinaryMarshaler] and [encoding.BinaryUnmarshaler] to - // marshal and unmarshal the internal state of the hash. + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. func New() hash.Hash { + if boring.Enabled && boring.SupportsHash(crypto.MD5) { + return boring.NewMD5() @@ -1217,8 +1217,8 @@ index 68244fd63b0c1e..2297c2aa71c288 100644 "hash" "internal/byteorder" @@ -153,7 +153,7 @@ func New() hash.Hash { - - // New224 returns a new hash.Hash computing the SHA224 checksum. + // [encoding.BinaryUnmarshaler] to marshal and unmarshal the internal + // state of the hash. func New224() hash.Hash { - if boring.Enabled { + if boring.Enabled && boring.SupportsHash(crypto.SHA224) { @@ -1308,9 +1308,9 @@ index be10b71bd2269b..d879139773d1d7 100644 + fipstls.Abandon() +} + - func TestBoringServerProtocolVersion(t *testing.T) { - test := func(t *testing.T, name string, v uint16, msg string) { - t.Run(name, func(t *testing.T) { + func allCipherSuitesIncludingTLS13() []uint16 { + s := allCipherSuites() + for _, suite := range cipherSuitesTLS13 { diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go index eebc66880d631f..42a26005ff31f2 100644 --- a/src/crypto/tls/cipher_suites.go @@ -1708,8 +1708,8 @@ index 33fd0ed52b1ff6..ffc3eeca9dbf95 100644 +} + func boringRSAKey(t *testing.T, size int) *rsa.PrivateKey { + t.Helper() k, err := rsa.GenerateKey(rand.Reader, size) - if err != nil { diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go index 441cf8d051c934..ca6a512bf95c7e 100644 --- a/src/go/build/deps_test.go diff --git a/patches/0003-Add-BoringSSL-crypto-backend.patch b/patches/0003-Add-BoringSSL-crypto-backend.patch index 75a7a08b4f0..430b91187d5 100644 --- a/patches/0003-Add-BoringSSL-crypto-backend.patch +++ b/patches/0003-Add-BoringSSL-crypto-backend.patch @@ -84,7 +84,7 @@ index 00000000000000..7c5fbeea717618 + +func NewAESCipher(key []byte) (cipher.Block, error) { return boring.NewAESCipher(key) } +func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS(c) } -+func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { panic("cryptobackend: not available") } ++func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) { return boring.NewGCMTLS13(c) } + +type PublicKeyECDSA = boring.PublicKeyECDSA +type PrivateKeyECDSA = boring.PrivateKeyECDSA diff --git a/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch b/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch deleted file mode 100644 index 83e36728eef..00000000000 --- a/patches/0010-Support-TLS-1.3-in-fipstls-mode.patch +++ /dev/null @@ -1,281 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: qmuntal -Date: Tue, 30 Jan 2024 11:40:31 +0100 -Subject: [PATCH] Support TLS 1.3 in fipstls mode - ---- - src/crypto/tls/boring_test.go | 54 +++++++++++++++++++----- - src/crypto/tls/cipher_suites.go | 15 +++++-- - src/crypto/tls/defaults.go | 3 +- - src/crypto/tls/handshake_client.go | 13 +++++- - src/crypto/tls/handshake_client_tls13.go | 4 -- - src/crypto/tls/handshake_server_test.go | 3 ++ - src/crypto/tls/handshake_server_tls13.go | 7 ++- - 7 files changed, 73 insertions(+), 26 deletions(-) - -diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 1b47fc8bffdf1d..eda147261bbc96 100644 ---- a/src/crypto/tls/boring_test.go -+++ b/src/crypto/tls/boring_test.go -@@ -30,6 +30,31 @@ func init() { - fipstls.Abandon() - } - -+func allCipherSuitesIncludingTLS13() []uint16 { -+ s := allCipherSuites() -+ for _, suite := range cipherSuitesTLS13 { -+ s = append(s, suite.id) -+ } -+ return s -+} -+ -+func isTLS13CipherSuite(id uint16) bool { -+ for _, suite := range cipherSuitesTLS13 { -+ if id == suite.id { -+ return true -+ } -+ } -+ return false -+} -+ -+func generateKeyShare(group CurveID) keyShare { -+ key, err := generateECDHEKey(rand.Reader, group) -+ if err != nil { -+ panic(err) -+ } -+ return keyShare{group: group, data: key.PublicKey().Bytes()} -+} -+ - func TestBoringServerProtocolVersion(t *testing.T) { - test := func(t *testing.T, name string, v uint16, msg string) { - t.Run(name, func(t *testing.T) { -@@ -65,22 +90,22 @@ func TestBoringServerProtocolVersion(t *testing.T) { - test(t, "VersionTLS10", VersionTLS10, "supported versions") - test(t, "VersionTLS11", VersionTLS11, "supported versions") - test(t, "VersionTLS12", VersionTLS12, "") -- test(t, "VersionTLS13", VersionTLS13, "supported versions") -+ test(t, "VersionTLS13", VersionTLS13, "") - }) - } - - func isBoringVersion(v uint16) bool { -- return v == VersionTLS12 -+ return v == VersionTLS12 || v == VersionTLS13 - } - - func isBoringCipherSuite(id uint16) bool { - switch id { -- case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -+ case TLS_AES_128_GCM_SHA256, -+ TLS_AES_256_GCM_SHA384, -+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, -- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -- TLS_RSA_WITH_AES_128_GCM_SHA256, -- TLS_RSA_WITH_AES_256_GCM_SHA384: -+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: - return true - } - return false -@@ -100,7 +125,7 @@ func isECDSA(id uint16) bool { - return suite.flags&suiteECSign == suiteECSign - } - } -- panic(fmt.Sprintf("unknown cipher suite %#x", id)) -+ return false // TLS 1.3 cipher suites are not tied to the signature algorithm. - } - - func isBoringSignatureScheme(alg SignatureScheme) bool { -@@ -123,10 +148,9 @@ func isBoringSignatureScheme(alg SignatureScheme) bool { - - func TestBoringServerCipherSuites(t *testing.T) { - serverConfig := testConfig.Clone() -- serverConfig.CipherSuites = allCipherSuites() - serverConfig.Certificates = make([]Certificate, 1) - -- for _, id := range allCipherSuites() { -+ for _, id := range allCipherSuitesIncludingTLS13() { - if isECDSA(id) { - serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} - serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey -@@ -135,14 +159,22 @@ func TestBoringServerCipherSuites(t *testing.T) { - serverConfig.Certificates[0].PrivateKey = testRSAPrivateKey - } - serverConfig.BuildNameToCertificate() -- t.Run(fmt.Sprintf("suite=%#x", id), func(t *testing.T) { -+ t.Run(fmt.Sprintf("suite=%#x", CipherSuiteName(id)), func(t *testing.T) { - clientHello := &clientHelloMsg{ - vers: VersionTLS12, - random: make([]byte, 32), - cipherSuites: []uint16{id}, - compressionMethods: []uint8{compressionNone}, - supportedCurves: defaultCurvePreferences(), -+ keyShares: []keyShare{generateKeyShare(CurveP256)}, - supportedPoints: []uint8{pointFormatUncompressed}, -+ supportedVersions: []uint16{VersionTLS12}, -+ } -+ // This test runs for both TLS 1.2 and 1.3. For TLS 1.3, we need to -+ // specify more about the supported versions/algorithms. -+ if isTLS13CipherSuite(id) { -+ clientHello.supportedVersions = []uint16{VersionTLS13} -+ clientHello.supportedSignatureAlgorithms = supportedSignatureAlgorithms() - } - - testClientHello(t, serverConfig, clientHello) -@@ -293,7 +325,7 @@ func TestBoringClientHello(t *testing.T) { - } - - if !isBoringVersion(hello.vers) { -- t.Errorf("client vers=%#x, want %#x (TLS 1.2)", hello.vers, VersionTLS12) -+ t.Errorf("client vers=%#x", hello.vers) - } - for _, v := range hello.supportedVersions { - if !isBoringVersion(v) { -diff --git a/src/crypto/tls/cipher_suites.go b/src/crypto/tls/cipher_suites.go -index 42a26005ff31f2..0c16bd8a884e14 100644 ---- a/src/crypto/tls/cipher_suites.go -+++ b/src/crypto/tls/cipher_suites.go -@@ -17,6 +17,7 @@ import ( - "fmt" - "hash" - "internal/cpu" -+ "internal/goexperiment" - "runtime" - _ "unsafe" // for linkname - -@@ -552,9 +553,17 @@ func aeadAESGCMTLS13(key, nonceMask []byte) aead { - if err != nil { - panic(err) - } -- aead, err := cipher.NewGCM(aes) -- if err != nil { -- panic(err) -+ var aead cipher.AEAD -+ if boring.Enabled { -+ if goexperiment.BoringCrypto { -+ // TODO: remove this once BoringCrypto supports TLS 1.3. -+ aead, err = cipher.NewGCM(aes) -+ } else { -+ aead, err = boring.NewGCMTLS13(aes) -+ } -+ } else { -+ boring.Unreachable() -+ aead, err = cipher.NewGCM(aes) - } - - ret := &xorNonceAEAD{aead: aead} -diff --git a/src/crypto/tls/defaults.go b/src/crypto/tls/defaults.go -index 9b28acdc2d866a..3e780f447b522b 100644 ---- a/src/crypto/tls/defaults.go -+++ b/src/crypto/tls/defaults.go -@@ -92,6 +92,7 @@ var defaultCipherSuitesTLS13NoAES = []uint16{ - - var defaultSupportedVersionsFIPS = []uint16{ - VersionTLS12, -+ VersionTLS13, - } - - // defaultCurvePreferencesFIPS are the FIPS-allowed curves, -@@ -118,8 +119,6 @@ var defaultCipherSuitesFIPS = []uint16{ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, -- TLS_RSA_WITH_AES_128_GCM_SHA256, -- TLS_RSA_WITH_AES_256_GCM_SHA384, - } - - // defaultCipherSuitesTLS13FIPS are the FIPS-allowed cipher suites for TLS 1.3. -diff --git a/src/crypto/tls/handshake_client.go b/src/crypto/tls/handshake_client.go -index 6873e8daf631a7..585640d4b1a4d5 100644 ---- a/src/crypto/tls/handshake_client.go -+++ b/src/crypto/tls/handshake_client.go -@@ -141,13 +141,22 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon - if len(hello.supportedVersions) == 1 { - hello.cipherSuites = nil - } -- if hasAESGCMHardwareSupport { -+ if needFIPS() { -+ hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13FIPS...) -+ } else if hasAESGCMHardwareSupport { - hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...) - } else { - hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...) - } - -- curveID := config.curvePreferences(maxVersion)[0] -+ curveIDs := config.curvePreferences(maxVersion) -+ if len(curveIDs) == 0 { -+ // If TLS 1.3 FIPS restrictions are enabled, the filter applied by -+ // curvePreferences() may exclude all curves specified by config. -+ // In this case, there are certainly no supported curves. -+ return nil, nil, nil, errors.New("tls: CurvePreferences includes no supported curves") -+ } -+ curveID := curveIDs[0] - keyShareKeys = &keySharePrivateKeys{curveID: curveID} - if curveID == x25519Kyber768Draft00 { - keyShareKeys.ecdhe, err = generateECDHEKey(config.rand(), X25519) -diff --git a/src/crypto/tls/handshake_client_tls13.go b/src/crypto/tls/handshake_client_tls13.go -index 6744e713c9ffa8..5b4c4568555d3d 100644 ---- a/src/crypto/tls/handshake_client_tls13.go -+++ b/src/crypto/tls/handshake_client_tls13.go -@@ -45,10 +45,6 @@ type clientHandshakeStateTLS13 struct { - func (hs *clientHandshakeStateTLS13) handshake() error { - c := hs.c - -- if needFIPS() { -- return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") -- } -- - // The server must not select TLS 1.3 in a renegotiation. See RFC 8446, - // sections 4.1.2 and 4.1.3. - if c.handshakes > 0 { -diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go -index bc45a289c1ed70..47e2ce17bb9e8e 100644 ---- a/src/crypto/tls/handshake_server_test.go -+++ b/src/crypto/tls/handshake_server_test.go -@@ -27,6 +27,7 @@ import ( - ) - - func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) { -+ t.Helper() - testClientHelloFailure(t, serverConfig, m, "") - } - -@@ -84,9 +85,11 @@ func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessa - t.Helper() - if len(expectedSubStr) == 0 { - if err != nil && err != io.EOF { -+ t.Helper() - t.Errorf("Got error: %s; expected to succeed", err) - } - } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) { -+ t.Helper() - t.Errorf("Got error: %v; expected to match substring '%s'", err, expectedSubStr) - } - } -diff --git a/src/crypto/tls/handshake_server_tls13.go b/src/crypto/tls/handshake_server_tls13.go -index f88fcad4e78f0d..b95299a44c8fc1 100644 ---- a/src/crypto/tls/handshake_server_tls13.go -+++ b/src/crypto/tls/handshake_server_tls13.go -@@ -48,10 +48,6 @@ type serverHandshakeStateTLS13 struct { - func (hs *serverHandshakeStateTLS13) handshake() error { - c := hs.c - -- if needFIPS() { -- return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode") -- } -- - // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2. - if err := hs.processClientHello(); err != nil { - return err -@@ -166,6 +162,9 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error { - if !hasAESGCMHardwareSupport || !aesgcmPreferred(hs.clientHello.cipherSuites) { - preferenceList = defaultCipherSuitesTLS13NoAES - } -+ if needFIPS() { -+ preferenceList = defaultCipherSuitesTLS13FIPS -+ } - for _, suiteID := range preferenceList { - hs.suite = mutualCipherSuiteTLS13(hs.clientHello.cipherSuites, suiteID) - if hs.suite != nil { diff --git a/patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch similarity index 100% rename from patches/0011-unset-GOFIPS-when-running-the-Go-toolchain.patch rename to patches/0010-unset-GOFIPS-when-running-the-Go-toolchain.patch diff --git a/patches/0012-add-support-for-logging-used-Windows-APIs.patch b/patches/0011-add-support-for-logging-used-Windows-APIs.patch similarity index 100% rename from patches/0012-add-support-for-logging-used-Windows-APIs.patch rename to patches/0011-add-support-for-logging-used-Windows-APIs.patch diff --git a/patches/0013-remove-long-path-support-hack.patch b/patches/0012-remove-long-path-support-hack.patch similarity index 100% rename from patches/0013-remove-long-path-support-hack.patch rename to patches/0012-remove-long-path-support-hack.patch diff --git a/patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch b/patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch similarity index 100% rename from patches/0014-Omit-internal-go.mod-files-used-for-codegen.patch rename to patches/0013-Omit-internal-go.mod-files-used-for-codegen.patch