deps: update /x/crypto, fix Go 1.13 test breakage. (#1081)

* deps: update /x/crypto to 8b5121be2f68

* helpers/derhelpers: split Go 1.12/1.13 impls.

When using modern `golang.org/x/crypto/ed25519` on Go 1.13 the `x`
library is a small wrapper around the stdlib version. The helper
function needs to match on the stdlib type in this case.

To maintain backwards compat with Go 1.12 the helper code is split by
a build tag. The legacy code can use the `golang.org/x/crypto/ed25519`
import while the new code can use the `crypto/ed25519` import.

Co-authored-by: Daniel <cpu@letsencrypt.org>

Author: cpu

go.mod

@@ -25,7 +25,7 @@ require (
 	github.com/ziutek/mymysql v1.5.4 // indirect
 	github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e
 	github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb
-	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
+	golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
 	golang.org/x/lint v0.0.0-20190930215403-16217165b5de
 	golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
 	golang.org/x/text v0.3.2 // indirect

go.sum

@@ -82,6 +82,8 @@ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc=
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68 h1:WPLCzSEbawp58wezcvLvLnvhiDJAai54ESbc41NdXS0=
+golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=

helpers/derhelpers/derhelpers-legacy.go

@@ -0,0 +1,50 @@
+// +build !go1.13
+
+// Package derhelpers implements common functionality
+// on DER encoded data
+package derhelpers
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rsa"
+	"crypto/x509"
+
+	cferr "github.com/cloudflare/cfssl/errors"
+	"golang.org/x/crypto/ed25519"
+)
+
+// ParsePrivateKeyDER parses a PKCS #1, PKCS #8, ECDSA, or Ed25519 DER-encoded
+// private key. The key must not be in PEM format.
+func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
+	generalKey, err := x509.ParsePKCS8PrivateKey(keyDER)
+	if err != nil {
+		generalKey, err = x509.ParsePKCS1PrivateKey(keyDER)
+		if err != nil {
+			generalKey, err = x509.ParseECPrivateKey(keyDER)
+			if err != nil {
+				generalKey, err = ParseEd25519PrivateKey(keyDER)
+				if err != nil {
+					// We don't include the actual error into
+					// the final error. The reason might be
+					// we don't want to leak any info about
+					// the private key.
+					return nil, cferr.New(cferr.PrivateKeyError,
+						cferr.ParseFailed)
+				}
+			}
+		}
+	}
+
+	switch generalKey.(type) {
+	case *rsa.PrivateKey:
+		return generalKey.(*rsa.PrivateKey), nil
+	case *ecdsa.PrivateKey:
+		return generalKey.(*ecdsa.PrivateKey), nil
+	case ed25519.PrivateKey:
+		return generalKey.(ed25519.PrivateKey), nil
+	}
+
+	// should never reach here
+	return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed)
+}

helpers/derhelpers/derhelpers.go

@@ -1,15 +1,17 @@
+// +build go1.13
+
 // Package derhelpers implements common functionality
 // on DER encoded data
 package derhelpers
 
 import (
 	"crypto"
 	"crypto/ecdsa"
+	"crypto/ed25519"
 	"crypto/rsa"
 	"crypto/x509"
 
 	cferr "github.com/cloudflare/cfssl/errors"
-	"golang.org/x/crypto/ed25519"
 )
 
 // ParsePrivateKeyDER parses a PKCS #1, PKCS #8, ECDSA, or Ed25519 DER-encoded

vendor/golang.org/x/crypto/cryptobyte/asn1.go

@@ -94,7 +94,7 @@ github.com/zmap/zcrypto/x509/pkix
 github.com/zmap/zlint
 github.com/zmap/zlint/lints
 github.com/zmap/zlint/util
-# golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4
+# golang.org/x/crypto v0.0.0-20200124225646-8b5121be2f68
 golang.org/x/crypto/cryptobyte
 golang.org/x/crypto/cryptobyte/asn1
 golang.org/x/crypto/ed25519