diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 80ad7e31bc..4326b3e6bb 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -506,24 +506,24 @@ index f9543d9cc89e7b..f07c75821aab13 100644 msg := []byte{0xed, 0x36, 0x90, 0x8d, 0xbe, 0xfc, 0x35, 0x40, 0x70, 0x4f, 0xf5, 0x9d, 0x6e, 0xc2, 0xeb, 0xf5, 0x27, 0xae, 0x65, 0xb0, 0x59, 0x29, 0x45, 0x25, 0x8c, 0xc1, 0x91, 0x22} diff --git a/src/go.mod b/src/go.mod -index 7a1318dcac32ba..a506e2f736c10e 100644 +index 7a1318dcac32ba..1d413ae209cb31 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std go 1.24 require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec golang.org/x/crypto v0.30.0 golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) diff --git a/src/go.sum b/src/go.sum -index 9e661352f16e0b..210e6c90b572d6 100644 +index 9e661352f16e0b..a47f298fb2a668 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f h1:dKnIgZyXDis/KEKCsIfF+w84kwSJVj2aaedyaf74ywo= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec h1:izqCt+k+GQnVUIzgFmnP/dBCKbIyqxH2tsSA4n+eB0s= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 h1:+Yk1FZ5E+/ewA0nOO/HRYs9E4yeqpGOShuSAdzCNNoQ= diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 7b95bb60da..6e4a3ff3ed 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -11,14 +11,14 @@ Subject: [PATCH] Add CNG crypto backend src/crypto/internal/backend/common.go | 9 +- src/crypto/internal/backend/fips140/cng.go | 33 ++ src/crypto/rsa/pss_test.go | 2 +- - src/go.mod | 1 + + src/go.mod | 3 +- src/go.sum | 2 + src/go/build/deps_test.go | 5 + src/go/build/vendor_test.go | 1 + .../goexperiment/exp_cngcrypto_off.go | 9 + src/internal/goexperiment/exp_cngcrypto_on.go | 9 + src/internal/goexperiment/flags.go | 1 + - 14 files changed, 420 insertions(+), 5 deletions(-) + 14 files changed, 421 insertions(+), 6 deletions(-) create mode 100644 src/crypto/ecdsa/badlinkname.go create mode 100644 src/crypto/internal/backend/bbig/big_cng.go create mode 100644 src/crypto/internal/backend/cng_windows.go @@ -487,24 +487,26 @@ index a4af0a2144870a..7d7115cff81cea 100644 t.Fatal(err) } diff --git a/src/go.mod b/src/go.mod -index a506e2f736c10e..08dd96c6d38698 100644 +index 1d413ae209cb31..ba9552622805d4 100644 --- a/src/go.mod +++ b/src/go.mod -@@ -4,6 +4,7 @@ go 1.24 +@@ -3,7 +3,8 @@ module std + go 1.24 require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f +- github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec + github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 golang.org/x/crypto v0.30.0 golang.org/x/net v0.32.1-0.20241206180132-552d8ac903a1 ) diff --git a/src/go.sum b/src/go.sum -index 210e6c90b572d6..0ae5510ff66fa8 100644 +index a47f298fb2a668..20656cc8f05ee0 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f h1:dKnIgZyXDis/KEKCsIfF+w84kwSJVj2aaedyaf74ywo= - github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= + github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec h1:izqCt+k+GQnVUIzgFmnP/dBCKbIyqxH2tsSA4n+eB0s= + github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37 h1:KB8xmJcFSPlZFMg2mxz5b6DCE8k1qpHy2HFevAJLELI= +github.com/microsoft/go-crypto-winnative v0.0.0-20250108090702-b49854c00e37/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 3dbce54298..cf4d3f5761 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -19,7 +19,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../github.com/golang-fips/openssl/v2/ec.go | 68 ++ .../github.com/golang-fips/openssl/v2/ecdh.go | 303 ++++++++ .../golang-fips/openssl/v2/ecdsa.go | 208 ++++++ - .../golang-fips/openssl/v2/ed25519.go | 218 ++++++ + .../golang-fips/openssl/v2/ed25519.go | 228 ++++++ .../github.com/golang-fips/openssl/v2/evp.go | 580 +++++++++++++++ .../golang-fips/openssl/v2/goopenssl.c | 248 +++++++ .../golang-fips/openssl/v2/goopenssl.h | 261 +++++++ @@ -69,7 +69,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 ++ src/vendor/modules.txt | 11 + - 64 files changed, 10924 insertions(+) + 64 files changed, 10934 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -2115,10 +2115,10 @@ index 00000000000000..bc5f1117fd4355 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go new file mode 100644 -index 00000000000000..cd237025109997 +index 00000000000000..f96db2cd5efcad --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/ed25519.go -@@ -0,0 +1,218 @@ +@@ -0,0 +1,228 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -2211,7 +2211,7 @@ index 00000000000000..cd237025109997 + if err := extractPKEYPubEd25519(k._pkey, pub); err != nil { + return nil, err + } -+ pubk, err := NewPublicKeyEd25119(pub) ++ pubk, err := NewPublicKeyEd25519(pub) + if err != nil { + return nil, err + } @@ -2229,14 +2229,24 @@ index 00000000000000..cd237025109997 + return priv, nil +} + ++// Deprecated: use NewPrivateKeyEd25519 instead. +func NewPrivateKeyEd25119(priv []byte) (*PrivateKeyEd25519, error) { ++ return NewPrivateKeyEd25519(priv) ++} ++ ++func NewPrivateKeyEd25519(priv []byte) (*PrivateKeyEd25519, error) { + if len(priv) != privateKeySizeEd25519 { + panic("ed25519: bad private key length: " + strconv.Itoa(len(priv))) + } + return NewPrivateKeyEd25519FromSeed(priv[:seedSizeEd25519]) +} + ++// Deprecated: use NewPublicKeyEd25519 instead. +func NewPublicKeyEd25119(pub []byte) (*PublicKeyEd25519, error) { ++ return NewPublicKeyEd25519(pub) ++} ++ ++func NewPublicKeyEd25519(pub []byte) (*PublicKeyEd25519, error) { + if len(pub) != publicKeySizeEd25519 { + panic("ed25519: bad public key length: " + strconv.Itoa(len(pub))) + } @@ -11429,11 +11439,11 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 1c8de570cc2f1f..50d06b2f265cd4 100644 +index 1c8de570cc2f1f..df0e85b6c2d0ee 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20241225091133-9c8cba847a2f ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20250101202634-d9e21e31a3ec +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig