diff --git a/patches/0001-Vendor-external-dependencies.patch b/patches/0001-Vendor-external-dependencies.patch index 8822c3c119..c6c8feac83 100644 --- a/patches/0001-Vendor-external-dependencies.patch +++ b/patches/0001-Vendor-external-dependencies.patch @@ -58,7 +58,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../github.com/golang-fips/openssl/v2/hash.go | 502 ++++ .../golang-fips/openssl/v2/hashclone.go | 14 + .../golang-fips/openssl/v2/hashclone_go125.go | 9 + - .../github.com/golang-fips/openssl/v2/hkdf.go | 455 ++++ + .../github.com/golang-fips/openssl/v2/hkdf.go | 445 +++ .../github.com/golang-fips/openssl/v2/hmac.go | 282 ++ .../openssl/v2/internal/fakecgo/abi_amd64.h | 99 + .../openssl/v2/internal/fakecgo/abi_arm64.h | 39 + @@ -138,7 +138,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../v2/internal/ossl/zossl_cgo_go124.go | 45 + .../openssl/v2/internal/ossl/zossl_nocgo.go | 2390 +++++++++++++++++ .../golang-fips/openssl/v2/mlkem.go | 371 +++ - .../golang-fips/openssl/v2/openssl.go | 253 ++ + .../golang-fips/openssl/v2/openssl.go | 259 ++ .../golang-fips/openssl/v2/openssl_cgo.go | 16 + .../golang-fips/openssl/v2/openssl_nocgo.go | 32 + .../golang-fips/openssl/v2/osslsetup/fips.go | 165 ++ @@ -149,7 +149,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../openssl/v2/osslsetup/osslsetup.go | 74 + .../openssl/v2/osslsetup/osslsetup_cgo.go | 11 + .../openssl/v2/osslsetup/osslsetup_nocgo.go | 21 + - .../golang-fips/openssl/v2/params.go | 184 ++ + .../golang-fips/openssl/v2/params.go | 194 ++ .../golang-fips/openssl/v2/pbkdf2.go | 54 + .../golang-fips/openssl/v2/provideropenssl.go | 239 ++ .../openssl/v2/providersymcrypt.go | 330 +++ @@ -277,7 +277,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result .../internal/subtle/aliasing.go | 32 + .../internal/sysdll/sys_windows.go | 55 + src/vendor/modules.txt | 23 + - 269 files changed, 34097 insertions(+), 7 deletions(-) + 269 files changed, 34103 insertions(+), 7 deletions(-) create mode 100644 src/cmd/internal/telemetry/counter/deps_ignore.go create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/LICENSE create mode 100644 src/cmd/vendor/github.com/microsoft/go-infra/telemetry/README.md @@ -541,7 +541,7 @@ Use a 'go' that was recently built by the current branch to ensure stable result create mode 100644 src/vendor/github.com/microsoft/go-crypto-winnative/internal/sysdll/sys_windows.go diff --git a/src/cmd/go.mod b/src/cmd/go.mod -index 85e8c4cb5fb305..4a356ea777dc10 100644 +index 14107c2d8ed9f3..1b51923f77e32e 100644 --- a/src/cmd/go.mod +++ b/src/cmd/go.mod @@ -4,6 +4,8 @@ go 1.26 @@ -554,7 +554,7 @@ index 85e8c4cb5fb305..4a356ea777dc10 100644 golang.org/x/build v0.0.0-20251128064159-b9bfd88b30e8 golang.org/x/mod v0.30.1-0.20251115032019-269c237cf350 diff --git a/src/cmd/go.sum b/src/cmd/go.sum -index 61c88e52530940..e67353c20c352f 100644 +index c4920417b21b3d..4591d4c5da550d 100644 --- a/src/cmd/go.sum +++ b/src/cmd/go.sum @@ -4,6 +4,10 @@ github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLx @@ -2163,7 +2163,7 @@ index 00000000000000..d592037b570130 + return ok +} diff --git a/src/cmd/vendor/modules.txt b/src/cmd/vendor/modules.txt -index 9c179c4bcd4c30..cb57323fb05a24 100644 +index 4e2260af522911..e4a084bebaba13 100644 --- a/src/cmd/vendor/modules.txt +++ b/src/cmd/vendor/modules.txt @@ -16,6 +16,17 @@ github.com/google/pprof/third_party/svgpan @@ -2213,7 +2213,7 @@ index 00000000000000..ae4055d2d71303 +// that are used by the backend package. This allows to track +// their versions in a single patch file. diff --git a/src/go.mod b/src/go.mod -index efc07451b53448..92c3c1585973d2 100644 +index efc07451b53448..5b76c18a2dd6c1 100644 --- a/src/go.mod +++ b/src/go.mod @@ -11,3 +11,9 @@ require ( @@ -2222,17 +2222,17 @@ index efc07451b53448..92c3c1585973d2 100644 ) + +require ( -+ github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4 ++ github.com/golang-fips/openssl/v2 v2.0.4-0.20260417093650-92feff2e2bc8 + github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357 + github.com/microsoft/go-crypto-winnative v0.0.0-20260127024749-832b168a84e9 +) diff --git a/src/go.sum b/src/go.sum -index b6b841b44d8e38..351d0574653a2a 100644 +index b6b841b44d8e38..e226409b5cbd71 100644 --- a/src/go.sum +++ b/src/go.sum @@ -1,3 +1,9 @@ -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4 h1:2kbDvyeg2zT1dsjfp6I445SCP4ryK88vnIODU+x0W3o= -+github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4/go.mod h1:EtVnMfLGkB4pihGOH+tXEV0WlXxewWdT1n3GLJEHvpw= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20260417093650-92feff2e2bc8 h1:fcNImjBFdN1W3Da0+qgX8R6I6j44wHKqFF/SflF+B6A= ++github.com/golang-fips/openssl/v2 v2.0.4-0.20260417093650-92feff2e2bc8/go.mod h1:EtVnMfLGkB4pihGOH+tXEV0WlXxewWdT1n3GLJEHvpw= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357 h1:ILqgGD8SGjjtSweSBanrXyX8Aco33yFSJEqsnJgmXHU= +github.com/microsoft/go-crypto-darwin v0.0.3-0.20260130143703-78cb726ef357/go.mod h1:MTii5PQwRlfUjYpGoF8CPLGwXSHTbLHGRN9FVNML5N0= +github.com/microsoft/go-crypto-winnative v0.0.0-20260127024749-832b168a84e9 h1:joliMChkkfHV3vAPKzu9kefdw0K+d89A8r9gTm3MFS4= @@ -6401,10 +6401,10 @@ index 00000000000000..f1f2364c7246d4 +type HashCloner = hash.Cloner diff --git a/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go new file mode 100644 -index 00000000000000..7e059d023ef00b +index 00000000000000..09f2412e45a97d --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/hkdf.go -@@ -0,0 +1,455 @@ +@@ -0,0 +1,445 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -6759,9 +6759,7 @@ index 00000000000000..7e059d023ef00b + bld.addOctetString(_OSSL_KDF_PARAM_PREFIX, []byte("tls13 ")) + bld.addOctetString(_OSSL_KDF_PARAM_LABEL, label) + bld.addOctetString(_OSSL_KDF_PARAM_DATA, context) -+ if len(pseudorandomKey) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ } ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) + + params, err := bld.build() + if err != nil { @@ -6812,18 +6810,10 @@ index 00000000000000..7e059d023ef00b + } + bld.addUTF8String(_OSSL_KDF_PARAM_DIGEST, ossl.EVP_MD_get0_name(md), 0) + bld.addInt32(_OSSL_KDF_PARAM_MODE, int32(mode)) -+ if len(secret) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) -+ } -+ if len(salt) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) -+ } -+ if len(pseudorandomKey) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) -+ } -+ if len(info) > 0 { -+ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) -+ } ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, secret) ++ bld.addOctetString(_OSSL_KDF_PARAM_SALT, salt) ++ bld.addOctetString(_OSSL_KDF_PARAM_KEY, pseudorandomKey) ++ bld.addOctetString(_OSSL_KDF_PARAM_INFO, info) + params, err := bld.build() + if err != nil { + return ctx, err @@ -19688,10 +19678,10 @@ index 00000000000000..38ed8f5d69d946 +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/openssl.go b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go new file mode 100644 -index 00000000000000..30ed1f38392629 +index 00000000000000..2aa620a69ce530 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/openssl.go -@@ -0,0 +1,253 @@ +@@ -0,0 +1,259 @@ +//go:build !cmd_go_bootstrap + +// Package openssl provides access to OpenSSL cryptographic functions. @@ -19822,6 +19812,12 @@ index 00000000000000..30ed1f38392629 + return unsafe.SliceData(b) +} + ++// pbaseNeverEmpty returns the address of the underlying array in b. ++// If b has zero length, it returns a pointer to a zero byte. ++func pbaseNeverEmpty(b []byte) unsafe.Pointer { ++ return unsafe.Pointer(baseNeverEmpty(b)) ++} ++ +// pbase returns the address of the underlying array in b, +// being careful not to panic when b has zero length. +func pbase(b []byte) unsafe.Pointer { @@ -20585,10 +20581,10 @@ index 00000000000000..fd1cad5692a0bc +} diff --git a/src/vendor/github.com/golang-fips/openssl/v2/params.go b/src/vendor/github.com/golang-fips/openssl/v2/params.go new file mode 100644 -index 00000000000000..3bdc8037c0c9af +index 00000000000000..6cf91de44bc2f9 --- /dev/null +++ b/src/vendor/github.com/golang-fips/openssl/v2/params.go -@@ -0,0 +1,184 @@ +@@ -0,0 +1,194 @@ +//go:build !cmd_go_bootstrap + +package openssl @@ -20704,10 +20700,20 @@ index 00000000000000..3bdc8037c0c9af + if !b.check() { + return + } ++ if value == nil { ++ // Short-circuit a nil slice: don't pass anything at all to OpenSSL. ++ // OpenSSL 3.5.6 raises an error when passed null, and expects users ++ // to not call this function at all in this case. ++ // See https://github.com/openssl/openssl/issues/30728 ++ // ++ // Don't short-circuit empty slices, as they might have a meaning. ++ // For example, in KDFs an empty salt is different from a nil salt. ++ return ++ } + if len(value) != 0 { + b.pinner.Pin(&value[0]) + } -+ if _, err := ossl.OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), pbase(value), len(value)); err != nil { ++ if _, err := ossl.OSSL_PARAM_BLD_push_octet_string(b.bld, name.ptr(), pbaseNeverEmpty(value), len(value)); err != nil { + b.err = addParamError{name.str(), err} + } +} @@ -38317,11 +38323,11 @@ index 00000000000000..1722410e5af193 + return getSystemDirectory() + "\\" + dll +} diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt -index b6f6376eac041a..d1a867d0452fed 100644 +index b6f6376eac041a..ee1e3a5d5d34f5 100644 --- a/src/vendor/modules.txt +++ b/src/vendor/modules.txt @@ -1,3 +1,26 @@ -+# github.com/golang-fips/openssl/v2 v2.0.4-0.20260217140351-4e237614ceb4 ++# github.com/golang-fips/openssl/v2 v2.0.4-0.20260417093650-92feff2e2bc8 +## explicit; go 1.24 +github.com/golang-fips/openssl/v2 +github.com/golang-fips/openssl/v2/bbig