From 8fbc0e2c7bcf70e686c2875c666324a76377fd3e Mon Sep 17 00:00:00 2001 From: mertakman Date: Thu, 14 Nov 2024 16:53:16 +0000 Subject: [PATCH 1/2] add:crypto dsa support and generate patch files --- patches/0015-Add-crypto-dsa-support.patch | 37 +++++ patches/0016-Vendor-crypto-dsa-backends.patch | 149 ++++++++++++++++++ 2 files changed, 186 insertions(+) create mode 100644 patches/0015-Add-crypto-dsa-support.patch create mode 100644 patches/0016-Vendor-crypto-dsa-backends.patch diff --git a/patches/0015-Add-crypto-dsa-support.patch b/patches/0015-Add-crypto-dsa-support.patch new file mode 100644 index 0000000000..bc39e97c71 --- /dev/null +++ b/patches/0015-Add-crypto-dsa-support.patch @@ -0,0 +1,37 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: mertakman +Date: Thu, 14 Nov 2024 13:32:30 +0000 +Subject: [PATCH] Add crypto dsa support + +--- + src/go.mod | 2 +- + src/go.sum | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/go.mod b/src/go.mod +index 39d84e4165d654..8a95b6f65c63ef 100644 +--- a/src/go.mod ++++ b/src/go.mod +@@ -4,7 +4,7 @@ go 1.24 + + require ( + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 +- github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd + ) +diff --git a/src/go.sum b/src/go.sum +index 116a769b257e34..54c859b46edd1c 100644 +--- a/src/go.sum ++++ b/src/go.sum +@@ -1,7 +1,7 @@ + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= + github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= +-github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= +-github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= + golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= + golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0016-Vendor-crypto-dsa-backends.patch b/patches/0016-Vendor-crypto-dsa-backends.patch new file mode 100644 index 0000000000..335b285d67 --- /dev/null +++ b/patches/0016-Vendor-crypto-dsa-backends.patch @@ -0,0 +1,149 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: mertakman +Date: Thu, 14 Nov 2024 13:32:53 +0000 +Subject: [PATCH] Vendor crypto dsa backends + +--- + .../microsoft/go-crypto-winnative/cng/aes.go | 4 ++-- + .../microsoft/go-crypto-winnative/cng/des.go | 7 +++---- + .../microsoft/go-crypto-winnative/cng/hash.go | 16 +++------------- + .../microsoft/go-crypto-winnative/cng/hkdf.go | 13 +++++++++---- + src/vendor/modules.txt | 2 +- + 5 files changed, 18 insertions(+), 24 deletions(-) + +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go +index caac632894556e..097a0fc77f0adb 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go +@@ -7,6 +7,7 @@ + package cng + + import ( ++ "bytes" + "crypto/cipher" + "errors" + "runtime" +@@ -28,8 +29,7 @@ func NewAESCipher(key []byte) (cipher.Block, error) { + if err != nil { + return nil, err + } +- c := &aesCipher{kh: kh, key: make([]byte, len(key))} +- copy(c.key, key) ++ c := &aesCipher{kh: kh, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*aesCipher).finalize) + return c, nil + } +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go +index b0784affba0aa4..de3f05b84f1d82 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go +@@ -7,6 +7,7 @@ + package cng + + import ( ++ "bytes" + "crypto/cipher" + "runtime" + +@@ -27,8 +28,7 @@ func NewDESCipher(key []byte) (cipher.Block, error) { + if err != nil { + return nil, err + } +- c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))} +- copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil + } +@@ -38,8 +38,7 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { + if err != nil { + return nil, err + } +- c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))} +- copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil + } +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go +index c4f01e17dd4ca1..87b1c95dc7f911 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go +@@ -7,6 +7,7 @@ + package cng + + import ( ++ "bytes" + "crypto" + "hash" + "runtime" +@@ -194,12 +195,7 @@ func newHashX(id string, flag bcrypt.AlgorithmProviderFlags, key []byte) *hashX + if err != nil { + panic(err) + } +- h := new(hashX) +- h.alg = alg +- if len(key) > 0 { +- h.key = make([]byte, len(key)) +- copy(h.key, key) +- } ++ h := &hashX{alg: alg, key: bytes.Clone(key)} + // Don't allocate hx.buf nor call bcrypt.CreateHash yet, + // which would be wasteful if the caller only wants to know + // the hash type. This is a common pattern in this package, +@@ -227,13 +223,7 @@ func (h *hashX) withCtx(fn func(ctx bcrypt.HASH_HANDLE) error) error { + } + + func (h *hashX) Clone() (hash.Hash, error) { +- h2 := &hashX{ +- alg: h.alg, +- } +- if h.key != nil { +- h2.key = make([]byte, len(h.key)) +- copy(h2.key, h.key) +- } ++ h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} + err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { + return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) + }) +diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go +index 655926ef635224..5338fb5c7b187c 100644 +--- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go ++++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go +@@ -156,14 +156,19 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { + return nil, errors.New("cng: unknown key data blob version") + } + // KEY_DATA_BLOB_VERSION1 format is: +- // cbHash uint32 // Big-endian +- // hashName [cbHash]byte ++ // cbHashName uint32 // Big-endian ++ // pHashName [cbHash]byte + // key []byte // Rest of the blob + if len(blob) < 4 { + return nil, errors.New("cng: exported key is corrupted") + } +- hashLength := binary.BigEndian.Uint32(blob[:]) +- return blob[4+hashLength:], nil ++ cbHashName := binary.BigEndian.Uint32(blob) ++ blob = blob[4:] ++ if len(blob) < int(cbHashName) { ++ return nil, errors.New("cng: exported key is corrupted") ++ } ++ // Skip pHashName. ++ return blob[cbHashName:], nil + } + + func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { +diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt +index be1319fc942882..7c9bf41ea0bc87 100644 +--- a/src/vendor/modules.txt ++++ b/src/vendor/modules.txt +@@ -2,7 +2,7 @@ + ## explicit; go 1.22 + github.com/golang-fips/openssl/v2 + github.com/golang-fips/openssl/v2/bbig +-# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d + ## explicit; go 1.22 + github.com/microsoft/go-crypto-winnative/cng + github.com/microsoft/go-crypto-winnative/cng/bbig From 7dda3365540e36f431a5bb40ffb16d57c0d45d02 Mon Sep 17 00:00:00 2001 From: mertakman Date: Mon, 18 Nov 2024 11:29:25 +0000 Subject: [PATCH 2/2] fix:move go mod and go sum to patch 0005 --- patches/0005-Add-CNG-crypto-backend.patch | 10 +- patches/0006-Vendor-crypto-backends.patch | 66 ++++---- patches/0015-Add-crypto-dsa-support.patch | 37 ----- patches/0016-Vendor-crypto-dsa-backends.patch | 149 ------------------ 4 files changed, 35 insertions(+), 227 deletions(-) delete mode 100644 patches/0015-Add-crypto-dsa-support.patch delete mode 100644 patches/0016-Vendor-crypto-dsa-backends.patch diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 6d2c8dc7f2..adac4e6644 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -691,26 +691,26 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 12d8c8f4f97321..39d84e4165d654 100644 +index 12d8c8f4f97321..8a95b6f65c63ef 100644 --- a/src/go.mod +++ b/src/go.mod @@ -4,6 +4,7 @@ go 1.24 require ( github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd ) diff --git a/src/go.sum b/src/go.sum -index 4c3ca847c21cd2..116a769b257e34 100644 +index 4c3ca847c21cd2..54c859b46edd1c 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= -+github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= ++github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 836f665e30..43db9981ab 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -50,12 +50,12 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../microsoft/go-crypto-winnative/cng/big.go | 30 + .../go-crypto-winnative/cng/cipher.go | 52 + .../microsoft/go-crypto-winnative/cng/cng.go | 131 +++ - .../microsoft/go-crypto-winnative/cng/des.go | 107 ++ + .../microsoft/go-crypto-winnative/cng/des.go | 106 ++ .../microsoft/go-crypto-winnative/cng/dsa.go | 469 ++++++++ .../microsoft/go-crypto-winnative/cng/ecdh.go | 255 ++++ .../go-crypto-winnative/cng/ecdsa.go | 169 +++ - .../microsoft/go-crypto-winnative/cng/hash.go | 316 +++++ - .../microsoft/go-crypto-winnative/cng/hkdf.go | 175 +++ + .../microsoft/go-crypto-winnative/cng/hash.go | 306 +++++ + .../microsoft/go-crypto-winnative/cng/hkdf.go | 180 +++ .../microsoft/go-crypto-winnative/cng/hmac.go | 35 + .../microsoft/go-crypto-winnative/cng/keys.go | 220 ++++ .../go-crypto-winnative/cng/pbkdf2.go | 70 ++ @@ -68,7 +68,7 @@ To reproduce, run 'go mod vendor' in 'go/src'. .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 11 + - 63 files changed, 10964 insertions(+) + 63 files changed, 10958 insertions(+) create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitignore create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/.gitleaks.toml create mode 100644 src/vendor/github.com/golang-fips/openssl/v2/LICENSE @@ -7491,7 +7491,7 @@ index 00000000000000..9e841e7a26e4eb + SOFTWARE diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go new file mode 100644 -index 00000000000000..caac632894556e +index 00000000000000..097a0fc77f0adb --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go @@ -0,0 +1,393 @@ @@ -7504,6 +7504,7 @@ index 00000000000000..caac632894556e +package cng + +import ( ++ "bytes" + "crypto/cipher" + "errors" + "runtime" @@ -7525,8 +7526,7 @@ index 00000000000000..caac632894556e + if err != nil { + return nil, err + } -+ c := &aesCipher{kh: kh, key: make([]byte, len(key))} -+ copy(c.key, key) ++ c := &aesCipher{kh: kh, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*aesCipher).finalize) + return c, nil +} @@ -8158,10 +8158,10 @@ index 00000000000000..d1916f94a0a76d +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go new file mode 100644 -index 00000000000000..b0784affba0aa4 +index 00000000000000..de3f05b84f1d82 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -@@ -0,0 +1,107 @@ +@@ -0,0 +1,106 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -8171,6 +8171,7 @@ index 00000000000000..b0784affba0aa4 +package cng + +import ( ++ "bytes" + "crypto/cipher" + "runtime" + @@ -8191,8 +8192,7 @@ index 00000000000000..b0784affba0aa4 + if err != nil { + return nil, err + } -+ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))} -+ copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil +} @@ -8202,8 +8202,7 @@ index 00000000000000..b0784affba0aa4 + if err != nil { + return nil, err + } -+ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))} -+ copy(c.key, key) ++ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)} + runtime.SetFinalizer(c, (*desCipher).finalize) + return c, nil +} @@ -9182,10 +9181,10 @@ index 00000000000000..586e9ae2ebb0c9 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go new file mode 100644 -index 00000000000000..c4f01e17dd4ca1 +index 00000000000000..87b1c95dc7f911 --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -0,0 +1,316 @@ +@@ -0,0 +1,306 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9195,6 +9194,7 @@ index 00000000000000..c4f01e17dd4ca1 +package cng + +import ( ++ "bytes" + "crypto" + "hash" + "runtime" @@ -9382,12 +9382,7 @@ index 00000000000000..c4f01e17dd4ca1 + if err != nil { + panic(err) + } -+ h := new(hashX) -+ h.alg = alg -+ if len(key) > 0 { -+ h.key = make([]byte, len(key)) -+ copy(h.key, key) -+ } ++ h := &hashX{alg: alg, key: bytes.Clone(key)} + // Don't allocate hx.buf nor call bcrypt.CreateHash yet, + // which would be wasteful if the caller only wants to know + // the hash type. This is a common pattern in this package, @@ -9415,13 +9410,7 @@ index 00000000000000..c4f01e17dd4ca1 +} + +func (h *hashX) Clone() (hash.Hash, error) { -+ h2 := &hashX{ -+ alg: h.alg, -+ } -+ if h.key != nil { -+ h2.key = make([]byte, len(h.key)) -+ copy(h2.key, h.key) -+ } ++ h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} + err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { + return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) + }) @@ -9504,10 +9493,10 @@ index 00000000000000..c4f01e17dd4ca1 +} diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go new file mode 100644 -index 00000000000000..655926ef635224 +index 00000000000000..5338fb5c7b187c --- /dev/null +++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -@@ -0,0 +1,175 @@ +@@ -0,0 +1,180 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + @@ -9666,14 +9655,19 @@ index 00000000000000..655926ef635224 + return nil, errors.New("cng: unknown key data blob version") + } + // KEY_DATA_BLOB_VERSION1 format is: -+ // cbHash uint32 // Big-endian -+ // hashName [cbHash]byte ++ // cbHashName uint32 // Big-endian ++ // pHashName [cbHash]byte + // key []byte // Rest of the blob + if len(blob) < 4 { + return nil, errors.New("cng: exported key is corrupted") + } -+ hashLength := binary.BigEndian.Uint32(blob[:]) -+ return blob[4+hashLength:], nil ++ cbHashName := binary.BigEndian.Uint32(blob) ++ blob = blob[4:] ++ if len(blob) < int(cbHashName) { ++ return nil, errors.New("cng: exported key is corrupted") ++ } ++ // Skip pHashName. ++ return blob[cbHashName:], nil +} + +func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { @@ -11461,7 +11455,7 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index cf5c0b83c9eeef..be1319fc942882 100644 +index cf5c0b83c9eeef..7c9bf41ea0bc87 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ @@ -11469,7 +11463,7 @@ index cf5c0b83c9eeef..be1319fc942882 100644 +## explicit; go 1.22 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig -+# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 ++# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d +## explicit; go 1.22 +github.com/microsoft/go-crypto-winnative/cng +github.com/microsoft/go-crypto-winnative/cng/bbig diff --git a/patches/0015-Add-crypto-dsa-support.patch b/patches/0015-Add-crypto-dsa-support.patch deleted file mode 100644 index bc39e97c71..0000000000 --- a/patches/0015-Add-crypto-dsa-support.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: mertakman -Date: Thu, 14 Nov 2024 13:32:30 +0000 -Subject: [PATCH] Add crypto dsa support - ---- - src/go.mod | 2 +- - src/go.sum | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/go.mod b/src/go.mod -index 39d84e4165d654..8a95b6f65c63ef 100644 ---- a/src/go.mod -+++ b/src/go.mod -@@ -4,7 +4,7 @@ go 1.24 - - require ( - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 -- github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 -+ github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd - ) -diff --git a/src/go.sum b/src/go.sum -index 116a769b257e34..54c859b46edd1c 100644 ---- a/src/go.sum -+++ b/src/go.sum -@@ -1,7 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3 h1:5QU8ZbOJ8pUBEhxIOm6+teyQMgeBFu3Gos5ue7Rvlgg= - github.com/golang-fips/openssl/v2 v2.0.4-0.20241031074328-c51a090851d3/go.mod h1:OYUBsoxLpFu8OFyhZHxfpN8lgcsw8JhTC3BQK7+XUc0= --github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 h1:Kno3m3hOXCrrJF9YphNJWNXm6MjIpflQrHWxAIRSIqA= --github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d h1:UKPx/2ug3daetm1rPOKyEHovWbh3hekPK8p1wygTcOI= -+github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d/go.mod h1:JkxQeL8dGcyCuKjn1Etz4NmQrOMImMy4BA9hptEfVFA= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0 h1:wxHbFWyu21uEPJJnYaSDaHSWbvnZ9gLSSOPwnEc3lLM= - golang.org/x/crypto v0.25.1-0.20240722173533-bb80217080b0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= - golang.org/x/net v0.27.1-0.20240722181819-765c7e89b3bd h1:pHzwejE8Zkb94bG4nA+fUeskKPFp1HPldrhv62dabro= diff --git a/patches/0016-Vendor-crypto-dsa-backends.patch b/patches/0016-Vendor-crypto-dsa-backends.patch deleted file mode 100644 index 335b285d67..0000000000 --- a/patches/0016-Vendor-crypto-dsa-backends.patch +++ /dev/null @@ -1,149 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: mertakman -Date: Thu, 14 Nov 2024 13:32:53 +0000 -Subject: [PATCH] Vendor crypto dsa backends - ---- - .../microsoft/go-crypto-winnative/cng/aes.go | 4 ++-- - .../microsoft/go-crypto-winnative/cng/des.go | 7 +++---- - .../microsoft/go-crypto-winnative/cng/hash.go | 16 +++------------- - .../microsoft/go-crypto-winnative/cng/hkdf.go | 13 +++++++++---- - src/vendor/modules.txt | 2 +- - 5 files changed, 18 insertions(+), 24 deletions(-) - -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -index caac632894556e..097a0fc77f0adb 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/aes.go -@@ -7,6 +7,7 @@ - package cng - - import ( -+ "bytes" - "crypto/cipher" - "errors" - "runtime" -@@ -28,8 +29,7 @@ func NewAESCipher(key []byte) (cipher.Block, error) { - if err != nil { - return nil, err - } -- c := &aesCipher{kh: kh, key: make([]byte, len(key))} -- copy(c.key, key) -+ c := &aesCipher{kh: kh, key: bytes.Clone(key)} - runtime.SetFinalizer(c, (*aesCipher).finalize) - return c, nil - } -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -index b0784affba0aa4..de3f05b84f1d82 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/des.go -@@ -7,6 +7,7 @@ - package cng - - import ( -+ "bytes" - "crypto/cipher" - "runtime" - -@@ -27,8 +28,7 @@ func NewDESCipher(key []byte) (cipher.Block, error) { - if err != nil { - return nil, err - } -- c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))} -- copy(c.key, key) -+ c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)} - runtime.SetFinalizer(c, (*desCipher).finalize) - return c, nil - } -@@ -38,8 +38,7 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) { - if err != nil { - return nil, err - } -- c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))} -- copy(c.key, key) -+ c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)} - runtime.SetFinalizer(c, (*desCipher).finalize) - return c, nil - } -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -index c4f01e17dd4ca1..87b1c95dc7f911 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hash.go -@@ -7,6 +7,7 @@ - package cng - - import ( -+ "bytes" - "crypto" - "hash" - "runtime" -@@ -194,12 +195,7 @@ func newHashX(id string, flag bcrypt.AlgorithmProviderFlags, key []byte) *hashX - if err != nil { - panic(err) - } -- h := new(hashX) -- h.alg = alg -- if len(key) > 0 { -- h.key = make([]byte, len(key)) -- copy(h.key, key) -- } -+ h := &hashX{alg: alg, key: bytes.Clone(key)} - // Don't allocate hx.buf nor call bcrypt.CreateHash yet, - // which would be wasteful if the caller only wants to know - // the hash type. This is a common pattern in this package, -@@ -227,13 +223,7 @@ func (h *hashX) withCtx(fn func(ctx bcrypt.HASH_HANDLE) error) error { - } - - func (h *hashX) Clone() (hash.Hash, error) { -- h2 := &hashX{ -- alg: h.alg, -- } -- if h.key != nil { -- h2.key = make([]byte, len(h.key)) -- copy(h2.key, h.key) -- } -+ h2 := &hashX{alg: h.alg, key: bytes.Clone(h.key)} - err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error { - return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0) - }) -diff --git a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -index 655926ef635224..5338fb5c7b187c 100644 ---- a/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -+++ b/src/vendor/github.com/microsoft/go-crypto-winnative/cng/hkdf.go -@@ -156,14 +156,19 @@ func ExtractHKDF(h func() hash.Hash, secret, salt []byte) ([]byte, error) { - return nil, errors.New("cng: unknown key data blob version") - } - // KEY_DATA_BLOB_VERSION1 format is: -- // cbHash uint32 // Big-endian -- // hashName [cbHash]byte -+ // cbHashName uint32 // Big-endian -+ // pHashName [cbHash]byte - // key []byte // Rest of the blob - if len(blob) < 4 { - return nil, errors.New("cng: exported key is corrupted") - } -- hashLength := binary.BigEndian.Uint32(blob[:]) -- return blob[4+hashLength:], nil -+ cbHashName := binary.BigEndian.Uint32(blob) -+ blob = blob[4:] -+ if len(blob) < int(cbHashName) { -+ return nil, errors.New("cng: exported key is corrupted") -+ } -+ // Skip pHashName. -+ return blob[cbHashName:], nil - } - - func ExpandHKDF(h func() hash.Hash, pseudorandomKey, info []byte) (io.Reader, error) { -diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index be1319fc942882..7c9bf41ea0bc87 100644 ---- a/src/vendor/modules.txt -+++ b/src/vendor/modules.txt -@@ -2,7 +2,7 @@ - ## explicit; go 1.22 - github.com/golang-fips/openssl/v2 - github.com/golang-fips/openssl/v2/bbig --# github.com/microsoft/go-crypto-winnative v0.0.0-20240929074641-3e2be6d20709 -+# github.com/microsoft/go-crypto-winnative v0.0.0-20241031174928-19f07bc6df3d - ## explicit; go 1.22 - github.com/microsoft/go-crypto-winnative/cng - github.com/microsoft/go-crypto-winnative/cng/bbig