Merge branch 'microsoft/main' into dev/auto-sync/microsoft/main

microsoft · Oct 17, 2024 · a15731f · a15731f
2 parents 6590cd5 + bd161c0
commit a15731f
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 106 deletions.
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -23,16 +23,16 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           working-directory: eng/_util
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11
+        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           category: /language:go
diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch
@@ -21,7 +21,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/hmac/hmac_test.go                 |   2 +-
  src/crypto/internal/backend/backend_test.go  |  30 +++
  src/crypto/internal/backend/bbig/big.go      |  17 ++
- src/crypto/internal/backend/common.go        |  78 ++++++++
+ src/crypto/internal/backend/common.go        |  92 +++++++++
  src/crypto/internal/backend/isrequirefips.go |   9 +
  src/crypto/internal/backend/nobackend.go     | 193 +++++++++++++++++++
  src/crypto/internal/backend/norequirefips.go |   9 +
@@ -34,9 +34,9 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/rc4/rc4.go                        |  18 ++
  src/crypto/rsa/boring.go                     |   4 +-
  src/crypto/rsa/notboring.go                  |   2 +-
- src/crypto/rsa/pkcs1v15.go                   |   6 +-
+ src/crypto/rsa/pkcs1v15.go                   |  10 +-
  src/crypto/rsa/pkcs1v15_test.go              |   5 +
- src/crypto/rsa/pss.go                        |   6 +-
+ src/crypto/rsa/pss.go                        |   8 +-
  src/crypto/rsa/rsa.go                        |  21 +-
  src/crypto/rsa/rsa_test.go                   |   2 +-
  src/crypto/sha1/sha1.go                      |   2 +-
@@ -56,7 +56,7 @@ Subject: [PATCH] Add crypto backend foundation
  src/go/build/deps_test.go                    |   4 +
  src/net/smtp/smtp_test.go                    |  72 ++++---
  src/runtime/runtime_boring.go                |   5 +
- 52 files changed, 791 insertions(+), 105 deletions(-)
+ 52 files changed, 808 insertions(+), 108 deletions(-)
  create mode 100644 src/crypto/ed25519/boring.go
  create mode 100644 src/crypto/ed25519/notboring.go
  create mode 100644 src/crypto/internal/backend/backend_test.go
@@ -538,10 +538,10 @@ index 00000000000000..85bd3ed083f5b2
 +}
 diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
 new file mode 100644
-index 00000000000000..efdd080a1b7708
+index 00000000000000..f83ff4abacc1dc
 --- /dev/null
 +++ b/src/crypto/internal/backend/common.go
-@@ -0,0 +1,78 @@
+@@ -0,0 +1,92 @@
 +// Copyright 2022 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -550,6 +550,7 @@ index 00000000000000..efdd080a1b7708
 +
 +import (
 +	"crypto/internal/boring/sig"
++	"internal/goexperiment"
 +	"runtime"
 +	"syscall"
 +)
@@ -620,6 +621,19 @@ index 00000000000000..efdd080a1b7708
 +		}
 +	}
 +}
++
++func IsRSAKeySupported(primes int) bool {
++	if goexperiment.BoringCrypto {
++		return true
++	}
++	// CNG only supports 2-prime RSA keys.
++	// The built-in OpenSSL 3 providers and OpenSSL 1 do support n-prime RSA keys,
++	// but the SymCrypt provider for OpenSSL only supports 2-prime RSA keys.
++	// Only 2-prime RSA keys are FIPS compliant, other n having compatibility
++	// and security issues. Even crypto/rsa deprecated rsa.GenerateMultiPrimeKey as of Go 1.21.
++	// Given the above reasons, we only support 2-prime RSA keys.
++	return primes == 2
++}
 diff --git a/src/crypto/internal/backend/isrequirefips.go b/src/crypto/internal/backend/isrequirefips.go
 new file mode 100644
 index 00000000000000..e5d7570d6d4363
@@ -1044,7 +1058,7 @@ index 2abc0436405f8a..34c22c8fbba7da 100644
  func boringPublicKey(*PublicKey) (*boring.PublicKeyRSA, error) {
  	panic("boringcrypto: not available")
 diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go
-index 2f958022f98584..552c6886813f46 100644
+index 2f958022f98584..790d9cef5d3563 100644
 --- a/src/crypto/rsa/pkcs1v15.go
 +++ b/src/crypto/rsa/pkcs1v15.go
 @@ -7,7 +7,7 @@ package rsa
@@ -1056,12 +1070,30 @@ index 2f958022f98584..552c6886813f46 100644
  	"crypto/internal/randutil"
  	"crypto/subtle"
  	"errors"
+@@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b
+ 		return nil, err
+ 	}
+
+-	if boring.Enabled {
++	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) {
+ 		bkey, err := boringPrivateKey(priv)
+ 		if err != nil {
+ 			return nil, err
+@@ -189,7 +189,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte,
+ 		return
+ 	}
+
+-	if boring.Enabled {
++	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) {
+ 		var bkey *boring.PrivateKeyRSA
+ 		bkey, err = boringPrivateKey(priv)
+ 		if err != nil {
 @@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [
  		return nil, err
  	}
 
 -	if boring.Enabled {
-+	if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) {
++	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) && (hash == 0 || boring.SupportsHash(hash)) {
  		bkey, err := boringPrivateKey(priv)
  		if err != nil {
  			return nil, err
@@ -1098,7 +1130,7 @@ index dfa1eddc886ff3..849dafacf93d0f 100644
  	_, err := DecryptPKCS1v15(nil, rsaPrivateKey, ciphertext)
  	if err == nil {
 diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go
-index 5716c464ca0a33..63f1100cabab64 100644
+index 5716c464ca0a33..4aac87d7952081 100644
 --- a/src/crypto/rsa/pss.go
 +++ b/src/crypto/rsa/pss.go
 @@ -9,7 +9,7 @@ package rsa
@@ -1110,12 +1142,21 @@ index 5716c464ca0a33..63f1100cabab64 100644
  	"errors"
  	"hash"
  	"io"
+@@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([
+ 		return nil, err
+ 	}
+
+-	if boring.Enabled {
++	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) {
+ 		bkey, err := boringPrivateKey(priv)
+ 		if err != nil {
+ 			return nil, err
 @@ -300,7 +300,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
  		hash = opts.Hash
  	}
 
 -	if boring.Enabled && rand == boring.RandReader {
-+	if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) {
++	if boring.Enabled && rand == boring.RandReader && boring.IsRSAKeySupported(len(priv.Primes)) && boring.SupportsHash(hash) {
  		bkey, err := boringPrivateKey(priv)
  		if err != nil {
  			return nil, err
@@ -1129,7 +1170,7 @@ index 5716c464ca0a33..63f1100cabab64 100644
  		if err != nil {
  			return err
 diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
-index 4d78d1eaaa6be0..72a06ac902a252 100644
+index 4d78d1eaaa6be0..a016c4f8362cf5 100644
 --- a/src/crypto/rsa/rsa.go
 +++ b/src/crypto/rsa/rsa.go
 @@ -26,14 +26,15 @@ package rsa
@@ -1183,7 +1224,7 @@ index 4d78d1eaaa6be0..72a06ac902a252 100644
  	}
 
 -	if boring.Enabled {
-+	if boring.Enabled && hash == mgfHash {
++	if boring.Enabled && hash == mgfHash && boring.IsRSAKeySupported(len(priv.Primes)) {
  		bkey, err := boringPrivateKey(priv)
  		if err != nil {
  			return nil, err

diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch
@@ -14,17 +14,15 @@ Subject: [PATCH] Add CNG crypto backend
  src/crypto/internal/backend/bbig/big.go       |   2 +-
  src/crypto/internal/backend/bbig/big_cng.go   |  12 +
  src/crypto/internal/backend/cng_windows.go    | 280 ++++++++++++++++++
- src/crypto/internal/backend/common.go         |  21 +-
+ src/crypto/internal/backend/common.go         |  13 +-
  src/crypto/internal/boring/fipstls/stub.s     |   2 +-
  src/crypto/internal/boring/fipstls/tls.go     |   2 +-
  src/crypto/md5/md5_test.go                    |   7 +
  src/crypto/rsa/boring.go                      |   2 +-
  src/crypto/rsa/boring_test.go                 |   2 +-
  src/crypto/rsa/notboring.go                   |   2 +-
- src/crypto/rsa/pkcs1v15.go                    |   6 +-
- src/crypto/rsa/pss.go                         |   8 +-
+ src/crypto/rsa/pss.go                         |   2 +-
  src/crypto/rsa/pss_test.go                    |   2 +-
- src/crypto/rsa/rsa.go                         |   2 +-
  src/crypto/rsa/rsa_test.go                    |   8 +-
  src/crypto/sha1/sha1_test.go                  |   7 +
  src/crypto/sha256/sha256_test.go              |  10 +
@@ -47,7 +45,7 @@ Subject: [PATCH] Add CNG crypto backend
  .../goexperiment/exp_cngcrypto_off.go         |   9 +
  src/internal/goexperiment/exp_cngcrypto_on.go |   9 +
  src/internal/goexperiment/flags.go            |   1 +
- 43 files changed, 444 insertions(+), 32 deletions(-)
+ 41 files changed, 428 insertions(+), 26 deletions(-)
  create mode 100644 src/crypto/ecdsa/badlinkname.go
  create mode 100644 src/crypto/internal/backend/bbig/big_cng.go
  create mode 100644 src/crypto/internal/backend/cng_windows.go
@@ -475,18 +473,10 @@ index 00000000000000..3d3d13709de5ac
 +	panic("cryptobackend: not available")
 +}
 diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
-index efdd080a1b7708..41e1e0cc69ec57 100644
+index f83ff4abacc1dc..b05374a9d62a97 100644
 --- a/src/crypto/internal/backend/common.go
 +++ b/src/crypto/internal/backend/common.go
-@@ -6,6 +6,7 @@ package backend
-
- import (
- 	"crypto/internal/boring/sig"
-+	"internal/goexperiment"
- 	"runtime"
- 	"syscall"
- )
-@@ -67,7 +68,11 @@ func hasSuffix(s, t string) bool {
+@@ -68,7 +68,11 @@ func hasSuffix(s, t string) bool {
  // UnreachableExceptTests marks code that should be unreachable
  // when backend is in use. It panics.
  func UnreachableExceptTests() {
@@ -499,18 +489,11 @@ index efdd080a1b7708..41e1e0cc69ec57 100644
  		name := runtime_arg0()
  		// If ran on Windows we'd need to allow _test.exe and .test.exe as well.
  		if !hasSuffix(name, "_test") && !hasSuffix(name, ".test") {
-@@ -76,3 +81,17 @@ func UnreachableExceptTests() {
- 		}
- 	}
+@@ -90,3 +94,10 @@ func IsRSAKeySupported(primes int) bool {
+ 	// Given the above reasons, we only support 2-prime RSA keys.
+ 	return primes == 2
  }
 +
-+func IsRSAKeySupported(primes int) bool {
-+	if goexperiment.CNGCrypto {
-+		return primes == 2
-+	}
-+	return true
-+}
-+
 +func IsSaltSupported(salt int) bool {
 +	if goexperiment.CNGCrypto {
 +		return salt != 0 // rsa.PSSSaltLengthAuto
@@ -614,62 +597,11 @@ index 933ac569e034a8..0f152b210fdd84 100644
 
  package rsa
 
-diff --git a/src/crypto/rsa/pkcs1v15.go b/src/crypto/rsa/pkcs1v15.go
-index 552c6886813f46..7b3c9211992f6b 100644
---- a/src/crypto/rsa/pkcs1v15.go
-+++ b/src/crypto/rsa/pkcs1v15.go
-@@ -95,7 +95,7 @@ func DecryptPKCS1v15(random io.Reader, priv *PrivateKey, ciphertext []byte) ([]b
- 		return nil, err
- 	}
-
--	if boring.Enabled {
-+	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) {
- 		bkey, err := boringPrivateKey(priv)
- 		if err != nil {
- 			return nil, err
-@@ -189,7 +189,7 @@ func decryptPKCS1v15(priv *PrivateKey, ciphertext []byte) (valid int, em []byte,
- 		return
- 	}
-
--	if boring.Enabled {
-+	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) {
- 		var bkey *boring.PrivateKeyRSA
- 		bkey, err = boringPrivateKey(priv)
- 		if err != nil {
-@@ -293,7 +293,7 @@ func SignPKCS1v15(random io.Reader, priv *PrivateKey, hash crypto.Hash, hashed [
- 		return nil, err
- 	}
-
--	if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) {
-+	if boring.Enabled && (hash == 0 || boring.SupportsHash(hash)) && boring.IsRSAKeySupported(len(priv.Primes)) {
- 		bkey, err := boringPrivateKey(priv)
- 		if err != nil {
- 			return nil, err
 diff --git a/src/crypto/rsa/pss.go b/src/crypto/rsa/pss.go
-index 63f1100cabab64..94fac3f1a1ce55 100644
+index 4aac87d7952081..010ee1467501c3 100644
 --- a/src/crypto/rsa/pss.go
 +++ b/src/crypto/rsa/pss.go
-@@ -214,7 +214,7 @@ func signPSSWithSalt(priv *PrivateKey, hash crypto.Hash, hashed, salt []byte) ([
- 		return nil, err
- 	}
-
--	if boring.Enabled {
-+	if boring.Enabled && boring.IsRSAKeySupported(len(priv.Primes)) {
- 		bkey, err := boringPrivateKey(priv)
- 		if err != nil {
- 			return nil, err
-@@ -300,7 +300,9 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
- 		hash = opts.Hash
- 	}
-
--	if boring.Enabled && rand == boring.RandReader && boring.SupportsHash(hash) {
-+	if boring.Enabled && rand == boring.RandReader &&
-+		boring.SupportsHash(hash) && boring.IsRSAKeySupported(len(priv.Primes)) {
-+
- 		bkey, err := boringPrivateKey(priv)
- 		if err != nil {
- 			return nil, err
-@@ -342,7 +344,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
+@@ -342,7 +342,7 @@ func SignPSS(rand io.Reader, priv *PrivateKey, hash crypto.Hash, digest []byte,
  // The inputs are not considered confidential, and may leak through timing side
  // channels, or if an attacker has control of part of the inputs.
  func VerifyPSS(pub *PublicKey, hash crypto.Hash, digest []byte, sig []byte, opts *PSSOptions) error {
@@ -691,19 +623,6 @@ index 637d07e18cff2e..21435b86b52dad 100644
  	if err != nil {
  		t.Fatal(err)
  	}
-diff --git a/src/crypto/rsa/rsa.go b/src/crypto/rsa/rsa.go
-index 72a06ac902a252..a016c4f8362cf5 100644
---- a/src/crypto/rsa/rsa.go
-+++ b/src/crypto/rsa/rsa.go
-@@ -729,7 +729,7 @@ func decryptOAEP(hash, mgfHash hash.Hash, random io.Reader, priv *PrivateKey, ci
- 		return nil, ErrDecryption
- 	}
-
--	if boring.Enabled && hash == mgfHash {
-+	if boring.Enabled && hash == mgfHash && boring.IsRSAKeySupported(len(priv.Primes)) {
- 		bkey, err := boringPrivateKey(priv)
- 		if err != nil {
- 			return nil, err
 diff --git a/src/crypto/rsa/rsa_test.go b/src/crypto/rsa/rsa_test.go
 index dbcc1bec58bd46..b1e9d8e94c2c9e 100644
 --- a/src/crypto/rsa/rsa_test.go