-
Notifications
You must be signed in to change notification settings - Fork 28
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Gavin Inglis <giinglis@amazon.com>
- Loading branch information
Showing
6 changed files
with
66 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
# https://go.dev/dl/go1.23.0.src.tar.gz | ||
SHA512 (go1.23.0.src.tar.gz) = 5822124ca570662ac8dcec32a79196520ce355fe421d83372f8b8a97b3811de0739edcd7080a23f845cf700a6a26f3af6c93278f6ce485b93120afdd4f6c4f47 |
38 changes: 0 additions & 38 deletions
38
patches/go-1.21/0002-Always-restrict-boringcrypto-crypto-tls-to-FIPS.patch
This file was deleted.
Oops, something went wrong.
File renamed without changes.
44 changes: 44 additions & 0 deletions
44
patches/go-1.23/0002-Always-restrict-boringcrypto-crypto-tls-to-FIPS.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
From 5256a813afbb9c0f7d7ae00544ae1cbaeafb7f1e Mon Sep 17 00:00:00 2001 | ||
From: Gavin Inglis <giinglis@amazon.com> | ||
Date: Tue, 13 Aug 2024 22:00:50 +0000 | ||
Subject: [PATCH] Always restrict boringcrypto crypto/tls to FIPS | ||
|
||
Signed-off-by: Ben Cressey <bcressey@amazon.com> | ||
[giinglis: update for Go 1.23] | ||
Signed-off-by: Gavin Inglis <giinglis@amazon.com> | ||
--- | ||
src/crypto/tls/boring.go | 5 ++++- | ||
src/go/build/deps_test.go | 1 + | ||
2 files changed, 5 insertions(+), 1 deletion(-) | ||
|
||
diff --git a/src/crypto/tls/boring.go b/src/crypto/tls/boring.go | ||
index c44ae92f25..dae77b8f2e 100644 | ||
--- a/src/crypto/tls/boring.go | ||
+++ b/src/crypto/tls/boring.go | ||
@@ -6,7 +6,10 @@ | ||
|
||
package tls | ||
|
||
-import "crypto/internal/boring/fipstls" | ||
+import ( | ||
+ "crypto/internal/boring/fipstls" | ||
+ _ "crypto/tls/fipsonly" | ||
+) | ||
|
||
// needFIPS returns fipstls.Required(), which is not available without the | ||
// boringcrypto build tag. | ||
diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go | ||
index 441cf8d051..01aa89ff04 100644 | ||
--- a/src/go/build/deps_test.go | ||
+++ b/src/go/build/deps_test.go | ||
@@ -521,6 +521,7 @@ var depsRules = ` | ||
< crypto/x509/internal/macos | ||
< crypto/x509/pkix; | ||
|
||
+ crypto/tls/fipsonly, | ||
crypto/internal/boring/fipstls, crypto/x509/pkix | ||
< crypto/x509 | ||
< crypto/tls; | ||
-- | ||
2.43.0 | ||
|