diff --git a/MICROSOFT_REVISION b/MICROSOFT_REVISION new file mode 100644 index 0000000000..d8263ee986 --- /dev/null +++ b/MICROSOFT_REVISION @@ -0,0 +1 @@ +2 \ No newline at end of file diff --git a/patches/0004-Add-OpenSSL-crypto-backend.patch b/patches/0004-Add-OpenSSL-crypto-backend.patch index 8720948c90..eb435c365e 100644 --- a/patches/0004-Add-OpenSSL-crypto-backend.patch +++ b/patches/0004-Add-OpenSSL-crypto-backend.patch @@ -57,10 +57,10 @@ index f0e3575637c62a..0e9aceeb832d3b 100644 package main diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go -index fa6a0dd84d41e9..8ebfa08b6ed5be 100644 +index 5e62bbf4c22c66..7fd1dfcb8e9592 100644 --- a/src/cmd/dist/test.go +++ b/src/cmd/dist/test.go -@@ -1225,12 +1225,11 @@ func (t *tester) registerCgoTests(heading string) { +@@ -1222,12 +1222,11 @@ func (t *tester) registerCgoTests(heading string) { // a C linker warning on Linux. // in function `bio_ip_and_port_to_socket_and_addr': // warning: Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking @@ -107,10 +107,10 @@ index 4aaf46b5d0f0dc..6fe798cf4a94e9 100644 go list -f '{{.Dir}}' vendor/golang.org/x/net/http2/hpack diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go -index df83896100872f..5d9c1ecbd5eb54 100644 +index eab74dc32864ed..d9a41aa26d8908 100644 --- a/src/cmd/link/internal/ld/lib.go +++ b/src/cmd/link/internal/ld/lib.go -@@ -1158,6 +1158,7 @@ var hostobj []Hostobj +@@ -1162,6 +1162,7 @@ var hostobj []Hostobj // These packages can use internal linking mode. // Others trigger external mode. var internalpkg = []string{ @@ -713,29 +713,29 @@ index c83a7272c9f01f..a0548a7f9179c5 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 6b0e3c58ee013f..4ac30a14a69b37 100644 +index c18ae7760f61c5..19e925d1295280 100644 --- a/src/go.mod +++ b/src/go.mod @@ -3,6 +3,7 @@ module std go 1.22 require ( -+ github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334 ++ github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb golang.org/x/net v0.19.0 ) diff --git a/src/go.sum b/src/go.sum -index c59bf5956bf6c5..771683f602d365 100644 +index 7c3519882a5b78..e254c4dc4408d4 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,5 @@ -+github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334 h1:FxMYHVog5A12UKxDmOD4FigKiunWkkd5LmyQXKcb3lQ= -+github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= ++github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac h1:YOH3Ko9Zh1TzJ4qqJ84EbkI06tN4HQlHx1dsAakLbms= ++github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb h1:1ceSY7sk6sJuiDREHpfyrqDnDljsLfEP2GuTClhBBfI= golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 05b15b6dc022ef..6d9bccdaddede6 100644 +index 2362c4fa0cdfcb..8ed410da4a9bd5 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -439,6 +439,8 @@ var depsRules = ` @@ -755,7 +755,7 @@ index 05b15b6dc022ef..6d9bccdaddede6 100644 < crypto/internal/boring/bbig < crypto/internal/backend/bbig < crypto/rand -@@ -763,7 +766,7 @@ var buildIgnore = []byte("\n//go:build ignore") +@@ -758,7 +761,7 @@ var buildIgnore = []byte("\n//go:build ignore") func findImports(pkg string) ([]string, error) { vpkg := pkg @@ -764,7 +764,7 @@ index 05b15b6dc022ef..6d9bccdaddede6 100644 vpkg = "vendor/" + pkg } dir := filepath.Join(Default.GOROOT, "src", vpkg) -@@ -773,7 +776,7 @@ func findImports(pkg string) ([]string, error) { +@@ -768,7 +771,7 @@ func findImports(pkg string) ([]string, error) { } var imports []string var haveImport = map[string]bool{} diff --git a/patches/0005-Add-CNG-crypto-backend.patch b/patches/0005-Add-CNG-crypto-backend.patch index 79865011d1..c3fddfdd48 100644 --- a/patches/0005-Add-CNG-crypto-backend.patch +++ b/patches/0005-Add-CNG-crypto-backend.patch @@ -978,7 +978,7 @@ index 70baa62d63754a..ecd0f5a7b3e9ed 100644 package tls diff --git a/src/crypto/tls/boring_test.go b/src/crypto/tls/boring_test.go -index 7b7de66cb7e8c4..86595e588cf604 100644 +index 41983b9074fab3..f452aa95b2eb08 100644 --- a/src/crypto/tls/boring_test.go +++ b/src/crypto/tls/boring_test.go @@ -2,7 +2,7 @@ @@ -1097,31 +1097,31 @@ index a0548a7f9179c5..ae6117a1554b7f 100644 package x509 diff --git a/src/go.mod b/src/go.mod -index 4ac30a14a69b37..d70da97418df23 100644 +index 19e925d1295280..8c42af048a10d5 100644 --- a/src/go.mod +++ b/src/go.mod -@@ -4,6 +4,7 @@ go 1.23 +@@ -4,6 +4,7 @@ go 1.22 require ( - github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334 + github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac + github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb golang.org/x/net v0.19.0 ) diff --git a/src/go.sum b/src/go.sum -index 771683f602d365..7c3816ad12846f 100644 +index e254c4dc4408d4..883251165e7443 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,5 +1,7 @@ - github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334 h1:FxMYHVog5A12UKxDmOD4FigKiunWkkd5LmyQXKcb3lQ= - github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= + github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac h1:YOH3Ko9Zh1TzJ4qqJ84EbkI06tN4HQlHx1dsAakLbms= + github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac/go.mod h1:7tuBqX2Zov8Yq5mJ2yzlKhpnxOnWyEzi38AzeWRuQdg= +github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103 h1:KQsPPal3pKvKzAPTaR7sEriaqrHmRWw0dWG/7E5FNNk= +github.com/microsoft/go-crypto-winnative v0.0.0-20240109184443-a968e40d3103/go.mod h1:fveERXKbeK+XLmOyU24caKnIT/S5nniAX9XCRHfnrM4= golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb h1:1ceSY7sk6sJuiDREHpfyrqDnDljsLfEP2GuTClhBBfI= golang.org/x/crypto v0.16.1-0.20231129163542-152cdb1503eb/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go -index 6d9bccdaddede6..40cadb74389d2c 100644 +index 8ed410da4a9bd5..16de830c1bd35c 100644 --- a/src/go/build/deps_test.go +++ b/src/go/build/deps_test.go @@ -439,6 +439,10 @@ var depsRules = ` diff --git a/patches/0006-Vendor-crypto-backends.patch b/patches/0006-Vendor-crypto-backends.patch index 104b29ec2f..1f5360138b 100644 --- a/patches/0006-Vendor-crypto-backends.patch +++ b/patches/0006-Vendor-crypto-backends.patch @@ -396,7 +396,7 @@ index 00000000000000..6461f241f863fc +type BigInt []uint diff --git a/src/vendor/github.com/golang-fips/openssl/v2/cipher.go b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go new file mode 100644 -index 00000000000000..ddaadfa8897c25 +index 00000000000000..2b983c5411fc72 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/cipher.go @@ -0,0 +1,582 @@ @@ -935,12 +935,12 @@ index 00000000000000..ddaadfa8897c25 + return +} + -+func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (ctx C.GO_EVP_CIPHER_CTX_PTR, err error) { ++func newCipherCtx(kind cipherKind, mode cipherMode, encrypt cipherOp, key, iv []byte) (_ C.GO_EVP_CIPHER_CTX_PTR, err error) { + cipher := loadCipher(kind, mode) + if cipher == nil { + panic("crypto/cipher: unsupported cipher: " + kind.String()) + } -+ ctx = C.go_openssl_EVP_CIPHER_CTX_new() ++ ctx := C.go_openssl_EVP_CIPHER_CTX_new() + if ctx == nil { + return nil, fail("unable to create EVP cipher ctx") + } @@ -1944,7 +1944,7 @@ index 00000000000000..f66a2a1deb3ce6 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/evp.go b/src/vendor/github.com/golang-fips/openssl/v2/evp.go new file mode 100644 -index 00000000000000..b2886e6906b660 +index 00000000000000..a9237a6a0ce9aa --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/evp.go @@ -0,0 +1,471 @@ @@ -2099,7 +2099,15 @@ index 00000000000000..b2886e6906b660 + +func setupEVP(withKey withKeyFunc, padding C.int, + h, mgfHash hash.Hash, label []byte, saltLen C.int, ch crypto.Hash, -+ init initFunc) (ctx C.GO_EVP_PKEY_CTX_PTR, err error) { ++ init initFunc) (_ C.GO_EVP_PKEY_CTX_PTR, err error) { ++ var ctx C.GO_EVP_PKEY_CTX_PTR ++ withKey(func(pkey C.GO_EVP_PKEY_PTR) C.int { ++ ctx = C.go_openssl_EVP_PKEY_CTX_new(pkey, nil) ++ return 1 ++ }) ++ if ctx == nil { ++ return nil, newOpenSSLError("EVP_PKEY_CTX_new failed") ++ } + defer func() { + if err != nil { + if ctx != nil { @@ -2108,14 +2116,6 @@ index 00000000000000..b2886e6906b660 + } + } + }() -+ -+ withKey(func(pkey C.GO_EVP_PKEY_PTR) C.int { -+ ctx = C.go_openssl_EVP_PKEY_CTX_new(pkey, nil) -+ return 1 -+ }) -+ if ctx == nil { -+ return nil, newOpenSSLError("EVP_PKEY_CTX_new failed") -+ } + if err := init(ctx); err != nil { + return nil, err + } @@ -9336,11 +9336,11 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index 338c496bf95ad7..69b3ecdd2947c9 100644 +index 338c496bf95ad7..4eea9772658fad 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,14 @@ -+# github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240109234540-66bdd798d334 ++# github.com/golang-fips/openssl/v2 v2.0.0-rc.3.0.20240320212310-fde4397fc4ac +## explicit; go 1.20 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig