remove sig.FIPSOnly call

microsoft · Feb 7, 2024 · dd7586b · dd7586b
1 parent 7de64ee
commit dd7586b
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 15 deletions.
diff --git a/patches/0002-Add-crypto-backend-foundation.patch b/patches/0002-Add-crypto-backend-foundation.patch
@@ -52,9 +52,9 @@ Subject: [PATCH] Add crypto backend foundation
  src/crypto/x509/boring_test.go               |   5 +
  src/go/build/deps_test.go                    |   3 +
  src/net/http/client_test.go                  |   6 +-
- src/net/smtp/smtp_test.go                    |  71 ++++---
+ src/net/smtp/smtp_test.go                    |  72 ++++---
  src/runtime/runtime_boring.go                |   5 +
- 50 files changed, 760 insertions(+), 94 deletions(-)
+ 50 files changed, 761 insertions(+), 94 deletions(-)
  create mode 100644 src/crypto/ed25519/boring.go
  create mode 100644 src/crypto/ed25519/notboring.go
  create mode 100644 src/crypto/internal/backend/backend_test.go
@@ -1616,14 +1616,15 @@ index 7459b9cb6ed1df..e0ca4f7cedad8a 100644
  	}
  }
 diff --git a/src/net/smtp/smtp_test.go b/src/net/smtp/smtp_test.go
-index 259b10b93d9e36..2ee46483954fcb 100644
+index 259b10b93d9e36..0d48576b358644 100644
 --- a/src/net/smtp/smtp_test.go
 +++ b/src/net/smtp/smtp_test.go
-@@ -1105,40 +1105,59 @@ func sendMail(hostPort string) error {
+@@ -1105,40 +1105,60 @@ func sendMail(hostPort string) error {
 
  // localhostCert is a PEM-encoded TLS cert generated from src/crypto/tls:
  //
 -//	go run generate_cert.go --rsa-bits 1024 --host 127.0.0.1,::1,example.com \
++//	Use a 2048-bits RSA key to make it FIPS-compliant.
 +//	go run generate_cert.go --rsa-bits 2048 --host 127.0.0.1,::1,example.com \
  //		--ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
  var localhostCert = []byte(`

diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch
@@ -14,7 +14,7 @@ Subject: [PATCH] Add OpenSSL crypto backend
  src/crypto/ecdsa/notboring.go                 |   2 +-
  src/crypto/internal/backend/bbig/big.go       |   2 +-
  .../internal/backend/bbig/big_openssl.go      |  12 +
- src/crypto/internal/backend/openssl_linux.go  | 322 ++++++++++++++++++
+ src/crypto/internal/backend/openssl_linux.go  | 323 ++++++++++++++++++
  src/crypto/internal/boring/fipstls/stub.s     |   2 +-
  src/crypto/internal/boring/fipstls/tls.go     |   2 +-
  src/crypto/rsa/boring.go                      |   2 +-
@@ -37,7 +37,7 @@ Subject: [PATCH] Add OpenSSL crypto backend
  .../goexperiment/exp_opensslcrypto_on.go      |   9 +
  src/internal/goexperiment/flags.go            |   1 +
  src/os/exec/exec_test.go                      |   9 +
- 33 files changed, 404 insertions(+), 23 deletions(-)
+ 33 files changed, 405 insertions(+), 23 deletions(-)
  create mode 100644 src/crypto/internal/backend/bbig/big_openssl.go
  create mode 100644 src/crypto/internal/backend/openssl_linux.go
  create mode 100644 src/internal/goexperiment/exp_opensslcrypto_off.go
@@ -190,10 +190,10 @@ index 00000000000000..e6695dd66b1d02
 +var Dec = bbig.Dec
 diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go
 new file mode 100644
-index 00000000000000..b353623c52f49b
+index 00000000000000..69af0ffe2fcf80
 --- /dev/null
 +++ b/src/crypto/internal/backend/openssl_linux.go
-@@ -0,0 +1,322 @@
+@@ -0,0 +1,323 @@
 +// Copyright 2017 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -283,8 +283,9 @@ index 00000000000000..b353623c52f49b
 +		}
 +	}
 +	if openssl.FIPS() {
++		// FIPS mode is enabled,
++		// so force FIPS mode for crypto/tls and crypto/x509.
 +		fipstls.Force()
-+		sig.FIPSOnly()
 +	}
 +	sig.BoringCrypto()
 +}

diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch
@@ -12,8 +12,8 @@ Subject: [PATCH] Add CNG crypto backend
  src/crypto/internal/backend/backend_test.go   |   4 +-
  src/crypto/internal/backend/bbig/big.go       |   2 +-
  src/crypto/internal/backend/bbig/big_cng.go   |  12 +
- src/crypto/internal/backend/cng_windows.go    | 281 ++++++++++++++++++
- src/crypto/internal/backend/common.go         |  33 +-
+ src/crypto/internal/backend/cng_windows.go    | 280 ++++++++++++++++++
+ src/crypto/internal/backend/common.go         |  33 ++-
  src/crypto/internal/boring/fipstls/stub.s     |   2 +-
  src/crypto/internal/boring/fipstls/tls.go     |   2 +-
  src/crypto/md5/md5_test.go                    |   7 +
@@ -47,7 +47,7 @@ Subject: [PATCH] Add CNG crypto backend
  .../goexperiment/exp_cngcrypto_off.go         |   9 +
  src/internal/goexperiment/exp_cngcrypto_on.go |   9 +
  src/internal/goexperiment/flags.go            |   1 +
- 43 files changed, 478 insertions(+), 40 deletions(-)
+ 43 files changed, 477 insertions(+), 40 deletions(-)
  create mode 100644 src/crypto/internal/backend/bbig/big_cng.go
  create mode 100644 src/crypto/internal/backend/cng_windows.go
  create mode 100644 src/internal/goexperiment/exp_cngcrypto_off.go
@@ -166,10 +166,10 @@ index 00000000000000..92623031fd87d0
 +var Dec = bbig.Dec
 diff --git a/src/crypto/internal/backend/cng_windows.go b/src/crypto/internal/backend/cng_windows.go
 new file mode 100644
-index 00000000000000..fab16d5d6f3563
+index 00000000000000..3d3d13709de5ac
 --- /dev/null
 +++ b/src/crypto/internal/backend/cng_windows.go
-@@ -0,0 +1,281 @@
+@@ -0,0 +1,280 @@
 +// Copyright 2017 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -212,7 +212,6 @@ index 00000000000000..fab16d5d6f3563
 +		// FIPS mode is enabled,
 +		// so force FIPS mode for crypto/tls and crypto/x509.
 +		fipstls.Force()
-+		sig.FIPSOnly()
 +	}
 +	sig.BoringCrypto()
 +}