go-snap

Merge ~xnox/go-snap:go1.18-fips into go-snap:go1.18-fips

  1. Git
  2. lp:~xnox/go-snap
  3. go1.18-fips
  4. Merge into go1.18-fips
Proposed by Dimitri John Ledkov
Status: Needs review
Proposed branch: ~xnox/go-snap:go1.18-fips
Merge into: go-snap:go1.18-fips
Diff against target: 2657 lines (+2352/-287)
3 files modified
dev/null (+0/-287)
patches/0202-Upgrade-go-crypto-openssl-to-sha3-capable.patch (+2211/-0)
patches/0203-Add-crypto-sha3-package.patch (+141/-0)
Reviewer Review Type Date Requested Status
Maintainers of the Go Snap Pending
Review via email: mp+445900@code.launchpad.net

Commit message

This upgrade go-crypto-openssl to latest upstream + my patches that add sha3

the patches that add sha3 will not be merged to go-crypto-openssl or microsoft/go as the target branches are closed for development.

my sha3 feature has been merged into golang-fips/openssl however, thus will appear in microsoft/go in the future.

If you merge this, please do a snap build with the following changes:
1) on https://launchpad.net/~go-snap-maintainers/+snap/go118-fips set snapcraft channel to 6.x/stable
2) on https://launchpad.net/~go-snap-maintainers/+snap/go118-fips set target publication channel to track "1.18-fips" risk "edge" no branch, aka 1.18-fips/edge

I have a matching change to snapd to support this.

To post a comment you must log in.
Revision history for this message
Shengjing Zhu (zhsj) wrote (last edit ):

Hi, the code looks good.

But I don't understand the intention. There's no crypto/sha3 package in standard library in non-fips Go. It seems users need to import golang.org/x/crypto/sha3 in their code. So shouldn't they just replace that path with github.com/golang-fips/openssl/xcrypto/sha3? It doesn't need to be a standard library in fips Go.

Reply
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

> Hi, the code looks good.
>
> But I don't understand the intention. There's no crypto/sha3 package in
> standard library in non-fips Go. It seems users need to import
> golang.org/x/crypto/sha3 in their code. So shouldn't they just replace that
> path with github.com/golang-fips/openssl/xcrypto/sha3? It doesn't need to be a
> standard library in fips Go.

However it does! it is the same problem as `crypto/tls/fipsonly` as application must not import duplicate github.com/golang-fips/openssl (one from toolchain, and one from local go.mod) as the build then fails, and one really must initialise and reuse the same libcrypto context as the standard library is using, because otherwise one cannot use "net/tls" "crypto/sha1" together with any other sha3 implementation powered by openssl, unless it is a built-in "crypto/sha3".

See working example on how to use it at https://github.com/snapcore/snapd/pull/12934/files#diff-7f06ad5451a2e1f2410e6c8b41eb402e15f14c52e1293a1f3bb7ec94b84f319d

I will separately, file merge request to purge golang-fips/openssl/xcrypto/sha3 from existence, as it is a failed attempt which will never work in practice for any reasonable user of fips toolchain that needs sha3 and also any of other "crypto/tls" or "crypto/sha1" etc.

Reply
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Request to drop xcrypto/sha3 at https://github.com/golang-fips/openssl/pull/89

Reply
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Ping, any update on this?

because snapd builds are blocked on this now, and we have everything else in place.

Reply
Revision history for this message
Shengjing Zhu (zhsj) wrote :

Hi, sorry for delay. Busy with the Go1.21 transition before feature freeze. I'll test this week and get it merged.

Besides, if I merge this on 1.18 branch, I think I need further work to port it to 1.19+. As from the toolchain pov, it doesn't make sense to only land new feature in old versions. But this could do in future.

Reply
Revision history for this message
Shengjing Zhu (zhsj) wrote :

So for now, I pushed the changes to https://code.launchpad.net/~go-snap-maintainers/go-snap/+git/gosnap/+ref/go1.18-fips-sha3 and the snap is available at 1.18-fips/edge/sha3 track.

Reply

Unmerged commits

a4ed6a8... by Dimitri John Ledkov

Upgrade to sha3

Signed-off-by: Dimitri John Ledkov <email address hidden>

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/patches/0001-HMAC-using-EVP_MAC_CTX.patch b/patches/0001-HMAC-using-EVP_MAC_CTX.patch
2deleted file mode 100644
3index 501e7a0..0000000
4--- a/patches/0001-HMAC-using-EVP_MAC_CTX.patch
5+++ /dev/null
6@@ -1,287 +0,0 @@
7-From 3c1ad961284bce01962a50ce496ec4233d2ff1ec Mon Sep 17 00:00:00 2001
8-From: Quim Muntal <qmuntaldiaz@microsoft.com>
9-Date: Mon, 3 Oct 2022 10:07:36 +0000
10-Subject: [PATCH 1/4] implement HMAC using EVP_MAC_CTX on OpenSSL 3
11-
12----
13- openssl/hmac.go | 143 +++++++++++++++++++++++++++++++++-------
14- openssl/openssl_funcs.h | 25 ++++++-
15- 2 files changed, 144 insertions(+), 24 deletions(-)
16-
17---- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go
18-+++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go
19-@@ -14,6 +14,11 @@
20- "unsafe"
21- )
22-
23-+var (
24-+ paramAlgHMAC = C.CString("HMAC")
25-+ paramDigest = C.CString("digest")
26-+)
27-+
28- // NewHMAC returns a new HMAC using OpenSSL.
29- // The function h must return a hash implemented by
30- // OpenSSL (for example, h could be openssl.NewSHA256).
31-@@ -38,19 +43,19 @@
32- // we pass an "empty" key.
33- hkey = make([]byte, C.GO_EVP_MAX_MD_SIZE)
34- }
35-- hmac := &opensslHMAC{
36-- md: md,
37-- size: ch.Size(),
38-- blockSize: ch.BlockSize(),
39-- key: hkey,
40-- ctx: hmacCtxNew(),
41-+ switch vMajor {
42-+ case 1:
43-+ return newHMAC1(hkey, ch, md)
44-+ case 3:
45-+ return newHMAC3(hkey, ch, md)
46-+ default:
47-+ panic(errUnsuportedVersion())
48- }
49-- runtime.SetFinalizer(hmac, (*opensslHMAC).finalize)
50-- hmac.Reset()
51-- return hmac
52- }
53-
54--type opensslHMAC struct {
55-+// hmac1 implements hash.Hash
56-+// using functions available in OpenSSL 1.
57-+type hmac1 struct {
58- md C.GO_EVP_MD_PTR
59- ctx C.GO_HMAC_CTX_PTR
60- size int
61-@@ -59,8 +64,21 @@
62- sum []byte
63- }
64-
65--func (h *opensslHMAC) Reset() {
66-- hmacCtxReset(h.ctx)
67-+func newHMAC1(key []byte, h hash.Hash, md C.GO_EVP_MD_PTR) *hmac1 {
68-+ hmac := &hmac1{
69-+ md: md,
70-+ size: h.Size(),
71-+ blockSize: h.BlockSize(),
72-+ key: key,
73-+ ctx: hmac1CtxNew(),
74-+ }
75-+ runtime.SetFinalizer(hmac, (*hmac1).finalize)
76-+ hmac.Reset()
77-+ return hmac
78-+}
79-+
80-+func (h *hmac1) Reset() {
81-+ hmac1CtxReset(h.ctx)
82-
83- if C.go_openssl_HMAC_Init_ex(h.ctx, unsafe.Pointer(&h.key[0]), C.int(len(h.key)), h.md, nil) == 0 {
84- panic("openssl: HMAC_Init failed")
85-@@ -73,11 +91,11 @@
86- h.sum = nil
87- }
88-
89--func (h *opensslHMAC) finalize() {
90-- hmacCtxFree(h.ctx)
91-+func (h *hmac1) finalize() {
92-+ hmac1CtxFree(h.ctx)
93- }
94-
95--func (h *opensslHMAC) Write(p []byte) (int, error) {
96-+func (h *hmac1) Write(p []byte) (int, error) {
97- if len(p) > 0 {
98- C.go_openssl_HMAC_Update(h.ctx, base(p), C.size_t(len(p)))
99- }
100-@@ -85,15 +103,15 @@
101- return len(p), nil
102- }
103-
104--func (h *opensslHMAC) Size() int {
105-+func (h *hmac1) Size() int {
106- return h.size
107- }
108-
109--func (h *opensslHMAC) BlockSize() int {
110-+func (h *hmac1) BlockSize() int {
111- return h.blockSize
112- }
113-
114--func (h *opensslHMAC) Sum(in []byte) []byte {
115-+func (h *hmac1) Sum(in []byte) []byte {
116- if h.sum == nil {
117- size := h.Size()
118- h.sum = make([]byte, size)
119-@@ -102,8 +120,8 @@
120- // that Sum has no effect on the underlying stream.
121- // In particular it is OK to Sum, then Write more, then Sum again,
122- // and the second Sum acts as if the first didn't happen.
123-- ctx2 := hmacCtxNew()
124-- defer hmacCtxFree(ctx2)
125-+ ctx2 := hmac1CtxNew()
126-+ defer hmac1CtxFree(ctx2)
127- if C.go_openssl_HMAC_CTX_copy(ctx2, h.ctx) == 0 {
128- panic("openssl: HMAC_CTX_copy failed")
129- }
130-@@ -111,7 +129,7 @@
131- return append(in, h.sum...)
132- }
133-
134--func hmacCtxNew() C.GO_HMAC_CTX_PTR {
135-+func hmac1CtxNew() C.GO_HMAC_CTX_PTR {
136- if vMajor == 1 && vMinor == 0 {
137- // 0x120 is the sizeof value when building against OpenSSL 1.0.2 on Ubuntu 16.04.
138- ctx := (C.GO_HMAC_CTX_PTR)(C.malloc(0x120))
139-@@ -123,7 +141,7 @@
140- return C.go_openssl_HMAC_CTX_new()
141- }
142-
143--func hmacCtxReset(ctx C.GO_HMAC_CTX_PTR) {
144-+func hmac1CtxReset(ctx C.GO_HMAC_CTX_PTR) {
145- if ctx == nil {
146- return
147- }
148-@@ -135,7 +153,7 @@
149- C.go_openssl_HMAC_CTX_reset(ctx)
150- }
151-
152--func hmacCtxFree(ctx C.GO_HMAC_CTX_PTR) {
153-+func hmac1CtxFree(ctx C.GO_HMAC_CTX_PTR) {
154- if ctx == nil {
155- return
156- }
157-@@ -146,3 +164,88 @@
158- }
159- C.go_openssl_HMAC_CTX_free(ctx)
160- }
161-+
162-+// hmac3 implements hash.Hash
163-+// using functions available in OpenSSL 3.
164-+type hmac3 struct {
165-+ md C.GO_EVP_MAC_PTR
166-+ ctx C.GO_EVP_MAC_CTX_PTR
167-+ params [2]C.OSSL_PARAM
168-+ size int
169-+ blockSize int
170-+ key []byte
171-+ sum []byte
172-+}
173-+
174-+func newHMAC3(key []byte, h hash.Hash, md C.GO_EVP_MD_PTR) *hmac3 {
175-+ mac := C.go_openssl_EVP_MAC_fetch(nil, paramAlgHMAC, nil)
176-+ ctx := C.go_openssl_EVP_MAC_CTX_new(mac)
177-+ if ctx == nil {
178-+ panic("openssl: EVP_MAC_CTX_new failed")
179-+ }
180-+ digest := C.go_openssl_EVP_MD_get0_name(md)
181-+ params := [2]C.OSSL_PARAM{
182-+ C.go_openssl_OSSL_PARAM_construct_utf8_string(paramDigest, digest, 0),
183-+ C.go_openssl_OSSL_PARAM_construct_end(),
184-+ }
185-+ hmac := &hmac3{
186-+ md: mac,
187-+ ctx: ctx,
188-+ params: params,
189-+ size: h.Size(),
190-+ blockSize: h.BlockSize(),
191-+ key: key,
192-+ }
193-+ runtime.SetFinalizer(hmac, (*hmac3).finalize)
194-+ hmac.Reset()
195-+ return hmac
196-+}
197-+
198-+func (h *hmac3) Reset() {
199-+ if C.go_openssl_EVP_MAC_init(h.ctx, base(h.key), C.size_t(len(h.key)), &h.params[0]) == 0 {
200-+ panic(newOpenSSLError("EVP_MAC_init failed"))
201-+ }
202-+ runtime.KeepAlive(h) // Next line will keep h alive too; just making doubly sure.
203-+ h.sum = nil
204-+}
205-+
206-+func (h *hmac3) finalize() {
207-+ if h.ctx == nil {
208-+ return
209-+ }
210-+ C.go_openssl_EVP_MAC_CTX_free(h.ctx)
211-+}
212-+
213-+func (h *hmac3) Write(p []byte) (int, error) {
214-+ if len(p) > 0 {
215-+ C.go_openssl_EVP_MAC_update(h.ctx, base(p), C.size_t(len(p)))
216-+ }
217-+ runtime.KeepAlive(h)
218-+ return len(p), nil
219-+}
220-+
221-+func (h *hmac3) Size() int {
222-+ return h.size
223-+}
224-+
225-+func (h *hmac3) BlockSize() int {
226-+ return h.blockSize
227-+}
228-+
229-+func (h *hmac3) Sum(in []byte) []byte {
230-+ if h.sum == nil {
231-+ size := h.Size()
232-+ h.sum = make([]byte, size)
233-+ }
234-+ // Make copy of context because Go hash.Hash mandates
235-+ // that Sum has no effect on the underlying stream.
236-+ // In particular it is OK to Sum, then Write more, then Sum again,
237-+ // and the second Sum acts as if the first didn't happen.
238-+ ctx2 := C.go_openssl_EVP_MAC_CTX_dup(h.ctx)
239-+ if ctx2 == nil {
240-+ panic("openssl: EVP_MAC_CTX_dup failed")
241-+ }
242-+ defer C.go_openssl_EVP_MAC_CTX_free(ctx2)
243-+ C.go_openssl_EVP_MAC_final(ctx2, base(h.sum), nil, C.size_t(len(h.sum)))
244-+ return append(in, h.sum...)
245-+}
246---- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_funcs.h
247-+++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_funcs.h
248-@@ -79,6 +79,21 @@
249- typedef void* GO_EC_POINT_PTR;
250- typedef void* GO_EC_GROUP_PTR;
251- typedef void* GO_RSA_PTR;
252-+typedef void* GO_EVP_MAC_PTR;
253-+typedef void* GO_EVP_MAC_CTX_PTR;
254-+
255-+// OSSL_PARAM does not follow the GO_FOO_PTR pattern
256-+// because it is not passed around as a pointer but on the stack.
257-+// We can't abstract it away by using a void*.
258-+// Copied from
259-+// https://github.com/openssl/openssl/blob/fcae2ae4f675def607d338b7945b9af1dd9bb746/include/openssl/core.h#L82-L88.
260-+typedef struct {
261-+ const char *key;
262-+ unsigned int data_type;
263-+ void *data;
264-+ size_t data_size;
265-+ size_t return_size;
266-+} OSSL_PARAM;
267-
268- // List of all functions from the libcrypto that are used in this package.
269- // Forgetting to add a function here results in build failure with message reporting the function
270-@@ -151,6 +166,7 @@
271- DEFINEFUNC_RENAMED_1_1(void, EVP_MD_CTX_free, EVP_MD_CTX_destroy, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \
272- DEFINEFUNC(int, EVP_MD_CTX_copy_ex, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \
273- DEFINEFUNC_RENAMED_1_1(int, EVP_MD_CTX_reset, EVP_MD_CTX_cleanup, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \
274-+DEFINEFUNC_3_0(const char *, EVP_MD_get0_name, (const GO_EVP_MD_PTR md), (md)) \
275- DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md5, (void), ()) \
276- DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha1, (void), ()) \
277- DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha224, (void), ()) \
278-@@ -239,4 +255,14 @@
279- DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
280- DEFINEFUNC(int, EVP_PKEY_sign_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
281- DEFINEFUNC(int, EVP_PKEY_verify_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
282--DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4))
283-+DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \
284-+DEFINEFUNC_3_0(GO_EVP_MAC_PTR, EVP_MAC_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \
285-+DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_new, (GO_EVP_MAC_PTR arg0), (arg0)) \
286-+DEFINEFUNC_3_0(void, EVP_MAC_CTX_free, (GO_EVP_MAC_CTX_PTR arg0), (arg0)) \
287-+DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_dup, (const GO_EVP_MAC_CTX_PTR arg0), (arg0)) \
288-+DEFINEFUNC_3_0(int, EVP_MAC_init, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const OSSL_PARAM params[]), (ctx, key, keylen, params)) \
289-+DEFINEFUNC_3_0(int, EVP_MAC_update, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen), (ctx, data, datalen)) \
290-+DEFINEFUNC_3_0(int, EVP_MAC_final, (GO_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize), (ctx, out, outl, outsize)) \
291-+DEFINEFUNC_3_0(OSSL_PARAM, OSSL_PARAM_construct_utf8_string, (const char *key, char *buf, size_t bsize), (key, buf, bsize)) \
292-+DEFINEFUNC_3_0(OSSL_PARAM, OSSL_PARAM_construct_end, (void), ()) \
293-+
294diff --git a/patches/0202-Upgrade-go-crypto-openssl-to-sha3-capable.patch b/patches/0202-Upgrade-go-crypto-openssl-to-sha3-capable.patch
295new file mode 100644
296index 0000000..5fb370b
297--- /dev/null
298+++ b/patches/0202-Upgrade-go-crypto-openssl-to-sha3-capable.patch
299@@ -0,0 +1,2211 @@
300+From 4c50bd765f76109882d8cc42dc2540da1f9e61d9 Mon Sep 17 00:00:00 2001
301+From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
302+Date: Sun, 2 Jul 2023 00:44:15 +0100
303+Subject: [PATCH 202/203] Upgrade go-crypto-openssl to sha3 capable
304+
305+Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
306+---
307+ src/crypto/internal/backend/openssl_linux.go | 17 +-
308+ src/go.mod | 4 +-
309+ src/go.sum | 4 +-
310+ .../go-crypto-openssl/openssl/aes.go | 12 +-
311+ .../go-crypto-openssl/openssl/bbig/big.go | 38 +++
312+ .../openssl/bbig/bridge/bridge.go | 83 +++++++
313+ .../go-crypto-openssl/openssl/big.go | 13 +
314+ .../go-crypto-openssl/openssl/ecdh.go | 223 ++++++++++++++++++
315+ .../go-crypto-openssl/openssl/ecdsa.go | 92 ++------
316+ .../go-crypto-openssl/openssl/evpkey.go | 157 ++++++++----
317+ .../go-crypto-openssl/openssl/goopenssl.c | 53 ++++-
318+ .../go-crypto-openssl/openssl/goopenssl.h | 23 +-
319+ .../go-crypto-openssl/openssl/hmac.go | 150 ++++++++++--
320+ .../go-crypto-openssl/openssl/openssl.go | 149 ++++++++----
321+ .../go-crypto-openssl/openssl/openssl_funcs.h | 70 +++++-
322+ .../go-crypto-openssl/openssl/rsa.go | 82 +++++--
323+ .../go-crypto-openssl/openssl/sha.go | 191 ++++++++++++++-
324+ src/vendor/modules.txt | 6 +-
325+ 18 files changed, 1125 insertions(+), 242 deletions(-)
326+ create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/big.go
327+ create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge/bridge.go
328+ create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go
329+ create mode 100644 src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go
330+
331+diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go
332+index 659104006e..6678020bf1 100644
333+--- a/src/crypto/internal/backend/openssl_linux.go
334++++ b/src/crypto/internal/backend/openssl_linux.go
335+@@ -15,6 +15,7 @@ import (
336+ "syscall"
337+
338+ "github.com/microsoft/go-crypto-openssl/openssl"
339++ "github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge"
340+ )
341+
342+ // Enabled controls whether FIPS crypto is enabled.
343+@@ -116,12 +117,12 @@ var NewAESCipher = openssl.NewAESCipher
344+ type PublicKeyECDSA = openssl.PublicKeyECDSA
345+ type PrivateKeyECDSA = openssl.PrivateKeyECDSA
346+
347+-var GenerateKeyECDSA = openssl.GenerateKeyECDSA
348+-var NewPrivateKeyECDSA = openssl.NewPrivateKeyECDSA
349+-var NewPublicKeyECDSA = openssl.NewPublicKeyECDSA
350+-var SignECDSA = openssl.SignECDSA
351++var GenerateKeyECDSA = bridge.GenerateKeyECDSA
352++var NewPrivateKeyECDSA = bridge.NewPrivateKeyECDSA
353++var NewPublicKeyECDSA = bridge.NewPublicKeyECDSA
354++var SignECDSA = bridge.SignECDSA
355+ var SignMarshalECDSA = openssl.SignMarshalECDSA
356+-var VerifyECDSA = openssl.VerifyECDSA
357++var VerifyECDSA = bridge.VerifyECDSA
358+
359+ type PublicKeyRSA = openssl.PublicKeyRSA
360+ type PrivateKeyRSA = openssl.PrivateKeyRSA
361+@@ -132,9 +133,9 @@ var DecryptRSANoPadding = openssl.DecryptRSANoPadding
362+ var EncryptRSAOAEP = openssl.EncryptRSAOAEP
363+ var EncryptRSAPKCS1 = openssl.EncryptRSAPKCS1
364+ var EncryptRSANoPadding = openssl.EncryptRSANoPadding
365+-var GenerateKeyRSA = openssl.GenerateKeyRSA
366+-var NewPrivateKeyRSA = openssl.NewPrivateKeyRSA
367+-var NewPublicKeyRSA = openssl.NewPublicKeyRSA
368++var GenerateKeyRSA = bridge.GenerateKeyRSA
369++var NewPrivateKeyRSA = bridge.NewPrivateKeyRSA
370++var NewPublicKeyRSA = bridge.NewPublicKeyRSA
371+ var SignRSAPKCS1v15 = openssl.SignRSAPKCS1v15
372+ var SignRSAPSS = openssl.SignRSAPSS
373+ var VerifyRSAPKCS1v15 = openssl.VerifyRSAPKCS1v15
374+diff --git a/src/go.mod b/src/go.mod
375+index 5a46c4c944..1d46c8fa5d 100644
376+--- a/src/go.mod
377++++ b/src/go.mod
378+@@ -3,7 +3,7 @@ module std
379+ go 1.18
380+
381+ require (
382+- github.com/microsoft/go-crypto-openssl v0.1.2
383++ github.com/microsoft/go-crypto-openssl v0.2.8
384+ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
385+ golang.org/x/net v0.0.0-20221214163811-6143a133e5c9
386+ )
387+@@ -12,3 +12,5 @@ require (
388+ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5 // indirect
389+ golang.org/x/text v0.3.8-0.20211105212822-18b340fc7af2 // indirect
390+ )
391++
392++replace github.com/microsoft/go-crypto-openssl v0.2.8 => github.com/xnox/go-crypto-openssl v0.2.9-0.20230701230530-84b71a4b45db
393+diff --git a/src/go.sum b/src/go.sum
394+index 46ee4c4442..1ebb25d4ef 100644
395+--- a/src/go.sum
396++++ b/src/go.sum
397+@@ -1,5 +1,5 @@
398+-github.com/microsoft/go-crypto-openssl v0.1.2 h1:1JO/O62aLFCGpKWKrxdxzIITNJJ00hkBL0v/LLpEZUM=
399+-github.com/microsoft/go-crypto-openssl v0.1.2/go.mod h1:rC+rtBU3m60UCQifBmpWII0VETfu78w6YGZQvVc0rd4=
400++github.com/xnox/go-crypto-openssl v0.2.9-0.20230701230530-84b71a4b45db h1:wDf6GGeSKkHOjTTNV5jky1+zXm9U4qoDW7kGtKk726A=
401++github.com/xnox/go-crypto-openssl v0.2.9-0.20230701230530-84b71a4b45db/go.mod h1:xOSmQnWz4xvNB2+KQN2g2UUwMG9vqDHBk9nk/NdmyRw=
402+ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3 h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=
403+ golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
404+ golang.org/x/net v0.0.0-20221214163811-6143a133e5c9 h1:gcbGP3ZkgsHGpX/48qvg7Q/YmTtzZRWc/zpvN8XGSBg=
405+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go
406+index 3177c0d37c..46d70bf264 100644
407+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go
408++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/aes.go
409+@@ -116,8 +116,12 @@ func (c *aesCipher) Decrypt(dst, src []byte) {
410+ if err != nil {
411+ panic(err)
412+ }
413++ // Disable standard block padding detection,
414++ // src is always multiple of the block size.
415++ if C.go_openssl_EVP_CIPHER_CTX_set_padding(c.dec_ctx, 0) != 1 {
416++ panic("crypto/cipher: unable to set padding")
417++ }
418+ }
419+-
420+ C.go_openssl_EVP_DecryptUpdate_wrapper(c.dec_ctx, base(dst), base(src), aesBlockSize)
421+ runtime.KeepAlive(c)
422+ }
423+@@ -296,6 +300,12 @@ func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) {
424+ return c.newGCM(false)
425+ }
426+
427++// NewGCMTLS returns a GCM cipher specific to TLS
428++// and should not be used for non-TLS purposes.
429++func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) {
430++ return c.(*aesCipher).NewGCMTLS()
431++}
432++
433+ func (c *aesCipher) NewGCMTLS() (cipher.AEAD, error) {
434+ return c.newGCM(true)
435+ }
436+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/big.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/big.go
437+new file mode 100644
438+index 0000000000..1214e1097e
439+--- /dev/null
440++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/big.go
441+@@ -0,0 +1,38 @@
442++// Copyright 2022 The Go Authors. All rights reserved.
443++// Use of this source code is governed by a BSD-style
444++// license that can be found in the LICENSE file.
445++
446++// This is a mirror of crypto/internal/boring/bbig/big.go.
447++
448++package bbig
449++
450++import (
451++ "math/big"
452++ "unsafe"
453++
454++ "github.com/microsoft/go-crypto-openssl/openssl"
455++)
456++
457++func Enc(b *big.Int) openssl.BigInt {
458++ if b == nil {
459++ return nil
460++ }
461++ x := b.Bits()
462++ if len(x) == 0 {
463++ return openssl.BigInt{}
464++ }
465++ // TODO: Use unsafe.Slice((*uint)(&x[0]), len(x)) once go1.16 is no longer supported.
466++ return (*(*[]uint)(unsafe.Pointer(&x)))[:len(x)]
467++}
468++
469++func Dec(b openssl.BigInt) *big.Int {
470++ if b == nil {
471++ return nil
472++ }
473++ if len(b) == 0 {
474++ return new(big.Int)
475++ }
476++ // TODO: Use unsafe.Slice((*uint)(&b[0]), len(b)) once go1.16 is no longer supported.
477++ x := (*(*[]big.Word)(unsafe.Pointer(&b)))[:len(b)]
478++ return new(big.Int).SetBits(x)
479++}
480+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge/bridge.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge/bridge.go
481+new file mode 100644
482+index 0000000000..43f5e60049
483+--- /dev/null
484++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge/bridge.go
485+@@ -0,0 +1,83 @@
486++// Copyright (c) Microsoft Corporation.
487++// Licensed under the MIT License.
488++
489++// These wrappers only exist for code reuse in places where we need the old pre-go1.19 signature.
490++
491++package bridge
492++
493++import (
494++ "encoding/asn1"
495++ "math/big"
496++
497++ "github.com/microsoft/go-crypto-openssl/openssl"
498++ "github.com/microsoft/go-crypto-openssl/openssl/bbig"
499++)
500++
501++func GenerateKeyECDSA(curve string) (X, Y, D *big.Int, err error) {
502++ x, y, d, err := openssl.GenerateKeyECDSA(curve)
503++ if err != nil {
504++ return nil, nil, nil, err
505++ }
506++ return bbig.Dec(x), bbig.Dec(y), bbig.Dec(d), nil
507++}
508++
509++type ecdsaSignature struct {
510++ R, S *big.Int
511++}
512++
513++func SignECDSA(priv *openssl.PrivateKeyECDSA, hash []byte) (r, s *big.Int, err error) {
514++ sig, err := openssl.SignMarshalECDSA(priv, hash)
515++ if err != nil {
516++ return nil, nil, err
517++ }
518++ var esig ecdsaSignature
519++ if _, err := asn1.Unmarshal(sig, &esig); err != nil {
520++ return nil, nil, err
521++ }
522++ return esig.R, esig.S, nil
523++}
524++
525++func NewPrivateKeyECDSA(curve string, X, Y, D *big.Int) (*openssl.PrivateKeyECDSA, error) {
526++ return openssl.NewPrivateKeyECDSA(curve, bbig.Enc(X), bbig.Enc(Y), bbig.Enc(D))
527++}
528++
529++func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*openssl.PublicKeyECDSA, error) {
530++ return openssl.NewPublicKeyECDSA(curve, bbig.Enc(X), bbig.Enc(Y))
531++}
532++
533++func VerifyECDSA(pub *openssl.PublicKeyECDSA, hash []byte, r, s *big.Int) bool {
534++ sig, err := asn1.Marshal(ecdsaSignature{r, s})
535++ if err != nil {
536++ return false
537++ }
538++ return openssl.VerifyECDSA(pub, hash, sig)
539++}
540++
541++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
542++ bN, bE, bD, bP, bQ, bDp, bDq, bQinv, err1 := openssl.GenerateKeyRSA(bits)
543++ if err1 != nil {
544++ err = err1
545++ return
546++ }
547++ N = bbig.Dec(bN)
548++ E = bbig.Dec(bE)
549++ D = bbig.Dec(bD)
550++ P = bbig.Dec(bP)
551++ Q = bbig.Dec(bQ)
552++ Dp = bbig.Dec(bDp)
553++ Dq = bbig.Dec(bDq)
554++ Qinv = bbig.Dec(bQinv)
555++ return
556++}
557++
558++func NewPublicKeyRSA(N, E *big.Int) (*openssl.PublicKeyRSA, error) {
559++ return openssl.NewPublicKeyRSA(bbig.Enc(N), bbig.Enc(E))
560++}
561++
562++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv *big.Int) (*openssl.PrivateKeyRSA, error) {
563++ return openssl.NewPrivateKeyRSA(
564++ bbig.Enc(N), bbig.Enc(E), bbig.Enc(D),
565++ bbig.Enc(P), bbig.Enc(Q),
566++ bbig.Enc(Dp), bbig.Enc(Dq), bbig.Enc(Qinv),
567++ )
568++}
569+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go
570+new file mode 100644
571+index 0000000000..c6856c7bc2
572+--- /dev/null
573++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/big.go
574+@@ -0,0 +1,13 @@
575++// Copyright (c) Microsoft Corporation.
576++// Licensed under the MIT License.
577++package openssl
578++
579++// This file does not have build constraints to
580++// facilitate using BigInt in Go crypto.
581++// Go crypto references BigInt unconditionally,
582++// even if it is not finally used.
583++
584++// A BigInt is the raw words from a BigInt.
585++// This definition allows us to avoid importing math/big.
586++// Conversion between BigInt and *big.Int is in openssl/bbig.
587++type BigInt []uint
588+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go
589+new file mode 100644
590+index 0000000000..fba3704531
591+--- /dev/null
592++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdh.go
593+@@ -0,0 +1,223 @@
594++// Copyright (c) Microsoft Corporation.
595++// Licensed under the MIT License.
596++
597++//go:build linux && !android
598++// +build linux,!android
599++
600++package openssl
601++
602++// #include "goopenssl.h"
603++import "C"
604++import (
605++ "errors"
606++ "runtime"
607++)
608++
609++type PublicKeyECDH struct {
610++ _pkey C.GO_EVP_PKEY_PTR
611++ bytes []byte
612++
613++ // priv is only set when PublicKeyECDH is derived from a private key,
614++ // in which case priv's finalizer is responsible for freeing _pkey.
615++ // This ensures priv is not finalized while the public key is alive,
616++ // which could cause use-after-free and double-free behavior.
617++ //
618++ // We could avoid this altogether if using EVP_PKEY_up_ref
619++ // when instantiating a derived public key, unfortunately
620++ // it is not available on OpenSSL 1.0.2.
621++ priv *PrivateKeyECDH
622++}
623++
624++func (k *PublicKeyECDH) finalize() {
625++ if k.priv == nil {
626++ C.go_openssl_EVP_PKEY_free(k._pkey)
627++ }
628++}
629++
630++type PrivateKeyECDH struct {
631++ _pkey C.GO_EVP_PKEY_PTR
632++}
633++
634++func (k *PrivateKeyECDH) finalize() {
635++ C.go_openssl_EVP_PKEY_free(k._pkey)
636++}
637++
638++func NewPublicKeyECDH(curve string, bytes []byte) (*PublicKeyECDH, error) {
639++ if len(bytes) < 1 {
640++ return nil, errors.New("NewPublicKeyECDH: missing key")
641++ }
642++ nid, err := curveNID(curve)
643++ if err != nil {
644++ return nil, err
645++ }
646++ key := C.go_openssl_EC_KEY_new_by_curve_name(nid)
647++ if key == nil {
648++ return nil, newOpenSSLError("EC_KEY_new_by_curve_name")
649++ }
650++ var k *PublicKeyECDH
651++ defer func() {
652++ if k == nil {
653++ C.go_openssl_EC_KEY_free(key)
654++ }
655++ }()
656++ if vMajor == 1 && vMinor == 0 {
657++ // EC_KEY_oct2key does not exist on OpenSSL 1.0.2,
658++ // we have to simulate it.
659++ group := C.go_openssl_EC_KEY_get0_group(key)
660++ pt := C.go_openssl_EC_POINT_new(group)
661++ if pt == nil {
662++ return nil, newOpenSSLError("EC_POINT_new")
663++ }
664++ defer C.go_openssl_EC_POINT_free(pt)
665++ if C.go_openssl_EC_POINT_oct2point(group, pt, base(bytes), C.size_t(len(bytes)), nil) != 1 {
666++ return nil, errors.New("point not on curve")
667++ }
668++ if C.go_openssl_EC_KEY_set_public_key(key, pt) != 1 {
669++ return nil, newOpenSSLError("EC_KEY_set_public_key")
670++ }
671++ } else {
672++ if C.go_openssl_EC_KEY_oct2key(key, base(bytes), C.size_t(len(bytes)), nil) != 1 {
673++ return nil, newOpenSSLError("EC_KEY_oct2key")
674++ }
675++ }
676++ pkey, err := newEVPPKEY(key)
677++ if err != nil {
678++ return nil, err
679++ }
680++ k = &PublicKeyECDH{pkey, append([]byte(nil), bytes...), nil}
681++ runtime.SetFinalizer(k, (*PublicKeyECDH).finalize)
682++ return k, nil
683++}
684++
685++func (k *PublicKeyECDH) Bytes() []byte { return k.bytes }
686++
687++func NewPrivateKeyECDH(curve string, bytes []byte) (*PrivateKeyECDH, error) {
688++ nid, err := curveNID(curve)
689++ if err != nil {
690++ return nil, err
691++ }
692++ b := bytesToBN(bytes)
693++ if b == nil {
694++ return nil, newOpenSSLError("BN_bin2bn")
695++ }
696++ defer C.go_openssl_BN_free(b)
697++ key := C.go_openssl_EC_KEY_new_by_curve_name(nid)
698++ if key == nil {
699++ return nil, newOpenSSLError("EC_KEY_new_by_curve_name")
700++ }
701++ var pkey C.GO_EVP_PKEY_PTR
702++ defer func() {
703++ if pkey == nil {
704++ C.go_openssl_EC_KEY_free(key)
705++ }
706++ }()
707++ if C.go_openssl_EC_KEY_set_private_key(key, b) != 1 {
708++ return nil, newOpenSSLError("EC_KEY_set_private_key")
709++ }
710++ pkey, err = newEVPPKEY(key)
711++ if err != nil {
712++ return nil, err
713++ }
714++ k := &PrivateKeyECDH{pkey}
715++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize)
716++ return k, nil
717++}
718++
719++func (k *PrivateKeyECDH) PublicKey() (*PublicKeyECDH, error) {
720++ defer runtime.KeepAlive(k)
721++ key := C.go_openssl_EVP_PKEY_get1_EC_KEY(k._pkey)
722++ if key == nil {
723++ return nil, newOpenSSLError("EVP_PKEY_get1_EC_KEY")
724++ }
725++ defer C.go_openssl_EC_KEY_free(key)
726++ group := C.go_openssl_EC_KEY_get0_group(key)
727++ if group == nil {
728++ return nil, newOpenSSLError("EC_KEY_get0_group")
729++ }
730++ pt := C.go_openssl_EC_KEY_get0_public_key(key)
731++ if pt == nil {
732++ // The public key will be nil if k has been generated using
733++ // NewPrivateKeyECDH instead of GenerateKeyECDH.
734++ //
735++ // OpenSSL does not expose any method to generate the public
736++ // key from the private key [1], so we have to calculate it here
737++ // https://github.com/openssl/openssl/issues/18437#issuecomment-1144717206
738++ pt = C.go_openssl_EC_POINT_new(group)
739++ if pt == nil {
740++ return nil, newOpenSSLError("EC_POINT_new")
741++ }
742++ defer C.go_openssl_EC_POINT_free(pt)
743++ kbig := C.go_openssl_EC_KEY_get0_private_key(key)
744++ if C.go_openssl_EC_POINT_mul(group, pt, kbig, nil, nil, nil) == 0 {
745++ return nil, newOpenSSLError("EC_POINT_mul")
746++ }
747++ }
748++ n := C.go_openssl_EC_POINT_point2oct(group, pt, C.GO_POINT_CONVERSION_UNCOMPRESSED, nil, 0, nil)
749++ if n == 0 {
750++ return nil, newOpenSSLError("EC_POINT_point2oct")
751++ }
752++ bytes := make([]byte, n)
753++ n = C.go_openssl_EC_POINT_point2oct(group, pt, C.GO_POINT_CONVERSION_UNCOMPRESSED, base(bytes), C.size_t(len(bytes)), nil)
754++ if int(n) != len(bytes) {
755++ return nil, newOpenSSLError("EC_POINT_point2oct")
756++ }
757++ pub := &PublicKeyECDH{k._pkey, bytes, k}
758++ // Note: Same as in NewPublicKeyECDH regarding finalizer and KeepAlive.
759++ runtime.SetFinalizer(pub, (*PublicKeyECDH).finalize)
760++ return pub, nil
761++}
762++
763++func ECDH(priv *PrivateKeyECDH, pub *PublicKeyECDH) ([]byte, error) {
764++ defer runtime.KeepAlive(priv)
765++ defer runtime.KeepAlive(pub)
766++ ctx := C.go_openssl_EVP_PKEY_CTX_new(priv._pkey, nil)
767++ if ctx == nil {
768++ return nil, newOpenSSLError("EVP_PKEY_CTX_new")
769++ }
770++ defer C.go_openssl_EVP_PKEY_CTX_free(ctx)
771++ if C.go_openssl_EVP_PKEY_derive_init(ctx) != 1 {
772++ return nil, newOpenSSLError("EVP_PKEY_derive_init")
773++ }
774++ if C.go_openssl_EVP_PKEY_derive_set_peer(ctx, pub._pkey) != 1 {
775++ return nil, newOpenSSLError("EVP_PKEY_derive_set_peer")
776++ }
777++ var outLen C.size_t
778++ if C.go_openssl_EVP_PKEY_derive(ctx, nil, &outLen) != 1 {
779++ return nil, newOpenSSLError("EVP_PKEY_derive_init")
780++ }
781++ out := make([]byte, outLen)
782++ if C.go_openssl_EVP_PKEY_derive(ctx, base(out), &outLen) != 1 {
783++ return nil, newOpenSSLError("EVP_PKEY_derive_init")
784++ }
785++ return out, nil
786++}
787++
788++func GenerateKeyECDH(curve string) (*PrivateKeyECDH, []byte, error) {
789++ pkey, err := generateEVPPKey(C.GO_EVP_PKEY_EC, 0, curve)
790++ if err != nil {
791++ return nil, nil, err
792++ }
793++ var k *PrivateKeyECDH
794++ defer func() {
795++ if k == nil {
796++ C.go_openssl_EVP_PKEY_free(pkey)
797++ }
798++ }()
799++ key := C.go_openssl_EVP_PKEY_get1_EC_KEY(pkey)
800++ if key == nil {
801++ return nil, nil, newOpenSSLError("EVP_PKEY_get1_EC_KEY")
802++ }
803++ defer C.go_openssl_EC_KEY_free(key)
804++ b := C.go_openssl_EC_KEY_get0_private_key(key)
805++ if b == nil {
806++ return nil, nil, newOpenSSLError("EC_KEY_get0_private_key")
807++ }
808++ bits := C.go_openssl_EVP_PKEY_get_bits(pkey)
809++ out := make([]byte, (bits+7)/8)
810++ if C.go_openssl_BN_bn2binpad(b, base(out), C.int(len(out))) == 0 {
811++ return nil, nil, newOpenSSLError("BN_bn2binpad")
812++ }
813++ k = &PrivateKeyECDH{pkey}
814++ runtime.SetFinalizer(k, (*PrivateKeyECDH).finalize)
815++ return k, out, nil
816++}
817+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go
818+index 84f82e903c..de4aa0ecfc 100644
819+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go
820++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/ecdsa.go
821+@@ -9,17 +9,10 @@ package openssl
822+ // #include "goopenssl.h"
823+ import "C"
824+ import (
825+- "encoding/asn1"
826+ "errors"
827+- "math/big"
828+ "runtime"
829+- "unsafe"
830+ )
831+
832+-type ecdsaSignature struct {
833+- R, S *big.Int
834+-}
835+-
836+ type PrivateKeyECDSA struct {
837+ // _pkey MUST NOT be accessed directly. Instead, use the withKey method.
838+ _pkey C.GO_EVP_PKEY_PTR
839+@@ -65,7 +58,7 @@ func curveNID(curve string) (C.int, error) {
840+ return 0, errUnknownCurve
841+ }
842+
843+-func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*PublicKeyECDSA, error) {
844++func NewPublicKeyECDSA(curve string, X, Y BigInt) (*PublicKeyECDSA, error) {
845+ pkey, err := newECKey(curve, X, Y, nil)
846+ if err != nil {
847+ return nil, err
848+@@ -79,13 +72,12 @@ func NewPublicKeyECDSA(curve string, X, Y *big.Int) (*PublicKeyECDSA, error) {
849+ return k, nil
850+ }
851+
852+-func newECKey(curve string, X, Y, D *big.Int) (pkey C.GO_EVP_PKEY_PTR, err error) {
853+- var nid C.int
854+- if nid, err = curveNID(curve); err != nil {
855++func newECKey(curve string, X, Y, D BigInt) (C.GO_EVP_PKEY_PTR, error) {
856++ nid, err := curveNID(curve)
857++ if err != nil {
858+ return nil, err
859+ }
860+- var bx, by C.GO_BIGNUM_PTR
861+- var key C.GO_EC_KEY_PTR
862++ var bx, by, bd C.GO_BIGNUM_PTR
863+ defer func() {
864+ if bx != nil {
865+ C.go_openssl_BN_free(bx)
866+@@ -93,49 +85,40 @@ func newECKey(curve string, X, Y, D *big.Int) (pkey C.GO_EVP_PKEY_PTR, err error
867+ if by != nil {
868+ C.go_openssl_BN_free(by)
869+ }
870+- if err != nil {
871+- if key != nil {
872+- C.go_openssl_EC_KEY_free(key)
873+- }
874+- if pkey != nil {
875+- C.go_openssl_EVP_PKEY_free(pkey)
876+- // pkey is a named return, so in case of error
877+- // it have to be cleared before returing.
878+- pkey = nil
879+- }
880++ if bd != nil {
881++ C.go_openssl_BN_free(bd)
882+ }
883+ }()
884+ bx = bigToBN(X)
885+ by = bigToBN(Y)
886+- if bx == nil || by == nil {
887+- return nil, newOpenSSLError("BN_bin2bn failed")
888++ bd = bigToBN(D)
889++ if bx == nil || by == nil || (D != nil && bd == nil) {
890++ return nil, newOpenSSLError("BN_lebin2bn failed")
891+ }
892+- if key = C.go_openssl_EC_KEY_new_by_curve_name(nid); key == nil {
893++ key := C.go_openssl_EC_KEY_new_by_curve_name(nid)
894++ if key == nil {
895+ return nil, newOpenSSLError("EC_KEY_new_by_curve_name failed")
896+ }
897++ var pkey C.GO_EVP_PKEY_PTR
898++ defer func() {
899++ if pkey == nil {
900++ defer C.go_openssl_EC_KEY_free(key)
901++ }
902++ }()
903+ if C.go_openssl_EC_KEY_set_public_key_affine_coordinates(key, bx, by) != 1 {
904+ return nil, newOpenSSLError("EC_KEY_set_public_key_affine_coordinates failed")
905+ }
906+- if D != nil {
907+- bd := bigToBN(D)
908+- if bd == nil {
909+- return nil, newOpenSSLError("BN_bin2bn failed")
910+- }
911+- defer C.go_openssl_BN_free(bd)
912+- if C.go_openssl_EC_KEY_set_private_key(key, bd) != 1 {
913+- return nil, newOpenSSLError("EC_KEY_set_private_key failed")
914+- }
915+- }
916+- if pkey = C.go_openssl_EVP_PKEY_new(); pkey == nil {
917+- return nil, newOpenSSLError("EVP_PKEY_new failed")
918++ if D != nil && C.go_openssl_EC_KEY_set_private_key(key, bd) != 1 {
919++ return nil, newOpenSSLError("EC_KEY_set_private_key failed")
920+ }
921+- if C.go_openssl_EVP_PKEY_assign(pkey, C.GO_EVP_PKEY_EC, (unsafe.Pointer)(key)) != 1 {
922+- return nil, newOpenSSLError("EVP_PKEY_assign failed")
923++ pkey, err = newEVPPKEY(key)
924++ if err != nil {
925++ return nil, err
926+ }
927+ return pkey, nil
928+ }
929+
930+-func NewPrivateKeyECDSA(curve string, X, Y *big.Int, D *big.Int) (*PrivateKeyECDSA, error) {
931++func NewPrivateKeyECDSA(curve string, X, Y, D BigInt) (*PrivateKeyECDSA, error) {
932+ pkey, err := newECKey(curve, X, Y, D)
933+ if err != nil {
934+ return nil, err
935+@@ -149,38 +132,15 @@ func NewPrivateKeyECDSA(curve string, X, Y *big.Int, D *big.Int) (*PrivateKeyECD
936+ return k, nil
937+ }
938+
939+-func SignECDSA(priv *PrivateKeyECDSA, hash []byte) (r, s *big.Int, err error) {
940+- // We could use ECDSA_do_sign instead but would need to convert
941+- // the resulting BIGNUMs to *big.Int form. If we're going to do a
942+- // conversion, converting the ASN.1 form is more convenient and
943+- // likely not much more expensive.
944+- sig, err := SignMarshalECDSA(priv, hash)
945+- if err != nil {
946+- return nil, nil, err
947+- }
948+- var esig ecdsaSignature
949+- if _, err := asn1.Unmarshal(sig, &esig); err != nil {
950+- return nil, nil, err
951+- }
952+- return esig.R, esig.S, nil
953+-}
954+-
955+ func SignMarshalECDSA(priv *PrivateKeyECDSA, hash []byte) ([]byte, error) {
956+ return evpSign(priv.withKey, 0, 0, 0, hash)
957+ }
958+
959+-func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, r, s *big.Int) bool {
960+- // We could use ECDSA_do_verify instead but would need to convert
961+- // r and s to BIGNUM form. If we're going to do a conversion, marshaling
962+- // to ASN.1 is more convenient and likely not much more expensive.
963+- sig, err := asn1.Marshal(ecdsaSignature{r, s})
964+- if err != nil {
965+- return false
966+- }
967++func VerifyECDSA(pub *PublicKeyECDSA, hash []byte, sig []byte) bool {
968+ return evpVerify(pub.withKey, 0, 0, 0, sig, hash) == nil
969+ }
970+
971+-func GenerateKeyECDSA(curve string) (X, Y, D *big.Int, err error) {
972++func GenerateKeyECDSA(curve string) (X, Y, D BigInt, err error) {
973+ pkey, err := generateEVPPKey(C.GO_EVP_PKEY_EC, 0, curve)
974+ if err != nil {
975+ return nil, nil, nil, err
976+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evpkey.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evpkey.go
977+index 03a652aef1..638f0e134d 100644
978+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evpkey.go
979++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/evpkey.go
980+@@ -57,6 +57,26 @@ func cryptoHashToMD(ch crypto.Hash) C.GO_EVP_MD_PTR {
981+ return C.go_openssl_EVP_sha384()
982+ case crypto.SHA512:
983+ return C.go_openssl_EVP_sha512()
984++ case crypto.SHA3_224:
985++ if !SupportsSHA3() {
986++ return nil
987++ }
988++ return C.go_openssl_EVP_sha3_224()
989++ case crypto.SHA3_256:
990++ if !SupportsSHA3() {
991++ return nil
992++ }
993++ return C.go_openssl_EVP_sha3_256()
994++ case crypto.SHA3_384:
995++ if !SupportsSHA3() {
996++ return nil
997++ }
998++ return C.go_openssl_EVP_sha3_384()
999++ case crypto.SHA3_512:
1000++ if !SupportsSHA3() {
1001++ return nil
1002++ }
1003++ return C.go_openssl_EVP_sha3_512()
1004+ }
1005+ return nil
1006+ }
1007+@@ -95,12 +115,12 @@ func generateEVPPKey(id C.int, bits int, curve string) (C.GO_EVP_PKEY_PTR, error
1008+ }
1009+
1010+ type withKeyFunc func(func(C.GO_EVP_PKEY_PTR) C.int) C.int
1011+-type initFunc func(C.GO_EVP_PKEY_CTX_PTR) C.int
1012+-type cryptFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, *C.size_t, *C.uchar, C.size_t) C.int
1013+-type verifyFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, C.size_t, *C.uchar, C.size_t) C.int
1014++type initFunc func(C.GO_EVP_PKEY_CTX_PTR) error
1015++type cryptFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, *C.size_t, *C.uchar, C.size_t) error
1016++type verifyFunc func(C.GO_EVP_PKEY_CTX_PTR, *C.uchar, C.size_t, *C.uchar, C.size_t) error
1017+
1018+ func setupEVP(withKey withKeyFunc, padding C.int,
1019+- h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
1020++ h, mgfHash hash.Hash, label []byte, saltLen C.int, ch crypto.Hash,
1021+ init initFunc) (ctx C.GO_EVP_PKEY_CTX_PTR, err error) {
1022+ defer func() {
1023+ if err != nil {
1024+@@ -118,8 +138,8 @@ func setupEVP(withKey withKeyFunc, padding C.int,
1025+ if ctx == nil {
1026+ return nil, newOpenSSLError("EVP_PKEY_CTX_new failed")
1027+ }
1028+- if init(ctx) != 1 {
1029+- return nil, newOpenSSLError("EVP_PKEY_operation_init failed")
1030++ if err := init(ctx); err != nil {
1031++ return nil, err
1032+ }
1033+ if padding == 0 {
1034+ return ctx, nil
1035+@@ -138,6 +158,14 @@ func setupEVP(withKey withKeyFunc, padding C.int,
1036+ if md == nil {
1037+ return nil, errors.New("crypto/rsa: unsupported hash function")
1038+ }
1039++ var mgfMD C.GO_EVP_MD_PTR
1040++ if mgfHash != nil {
1041++ // mgfHash is optional, but if it is set it must match a supported hash function.
1042++ mgfMD = hashToMD(mgfHash)
1043++ if mgfMD == nil {
1044++ return nil, errors.New("crypto/rsa: unsupported hash function")
1045++ }
1046++ }
1047+ // setPadding must happen before setting EVP_PKEY_CTRL_RSA_OAEP_MD.
1048+ if err := setPadding(); err != nil {
1049+ return nil, err
1050+@@ -145,6 +173,11 @@ func setupEVP(withKey withKeyFunc, padding C.int,
1051+ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_OAEP_MD, 0, unsafe.Pointer(md)) != 1 {
1052+ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed")
1053+ }
1054++ if mgfHash != nil {
1055++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_MGF1_MD, 0, unsafe.Pointer(mgfMD)) != 1 {
1056++ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed")
1057++ }
1058++ }
1059+ // ctx takes ownership of label, so malloc a copy for OpenSSL to free.
1060+ // OpenSSL 1.1.1 and higher does not take ownership of the label if the length is zero,
1061+ // so better avoid the allocation.
1062+@@ -154,7 +187,16 @@ func setupEVP(withKey withKeyFunc, padding C.int,
1063+ clabel = (*C.uchar)(C.malloc(C.size_t(len(label))))
1064+ copy((*[1 << 30]byte)(unsafe.Pointer(clabel))[:len(label)], label)
1065+ }
1066+- if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_OAEP_LABEL, C.int(len(label)), unsafe.Pointer(clabel)) != 1 {
1067++ var ret C.int
1068++ if vMajor == 1 {
1069++ ret = C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_OAEP_LABEL, C.int(len(label)), unsafe.Pointer(clabel))
1070++ } else {
1071++ // OpenSSL 3 implements EVP_PKEY_CTX_set0_rsa_oaep_label as a function,
1072++ // instead of a macro around EVP_PKEY_CTX_ctrl, and it takes a different
1073++ // code path when the implementation is provided by FIPS provider.
1074++ ret = C.go_openssl_EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, unsafe.Pointer(clabel), C.int(len(label)))
1075++ }
1076++ if ret != 1 {
1077+ if clabel != nil {
1078+ C.free(unsafe.Pointer(clabel))
1079+ }
1080+@@ -173,7 +215,7 @@ func setupEVP(withKey withKeyFunc, padding C.int,
1081+ return nil, err
1082+ }
1083+ if saltLen != 0 {
1084+- if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_PSS_SALTLEN, C.int(saltLen), nil) != 1 {
1085++ if C.go_openssl_EVP_PKEY_CTX_ctrl(ctx, C.GO_EVP_PKEY_RSA, -1, C.GO_EVP_PKEY_CTRL_RSA_PSS_SALTLEN, saltLen, nil) != 1 {
1086+ return nil, newOpenSSLError("EVP_PKEY_CTX_ctrl failed")
1087+ }
1088+ }
1089+@@ -201,10 +243,10 @@ func setupEVP(withKey withKeyFunc, padding C.int,
1090+ }
1091+
1092+ func cryptEVP(withKey withKeyFunc, padding C.int,
1093+- h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
1094++ h, mgfHash hash.Hash, label []byte, saltLen C.int, ch crypto.Hash,
1095+ init initFunc, crypt cryptFunc, in []byte) ([]byte, error) {
1096+
1097+- ctx, err := setupEVP(withKey, padding, h, label, saltLen, ch, init)
1098++ ctx, err := setupEVP(withKey, padding, h, mgfHash, label, saltLen, ch, init)
1099+ if err != nil {
1100+ return nil, err
1101+ }
1102+@@ -214,8 +256,8 @@ func cryptEVP(withKey withKeyFunc, padding C.int,
1103+ })
1104+ outLen := C.size_t(pkeySize)
1105+ out := make([]byte, pkeySize)
1106+- if crypt(ctx, base(out), &outLen, base(in), C.size_t(len(in))) != 1 {
1107+- return nil, newOpenSSLError("EVP_PKEY_decrypt/encrypt failed")
1108++ if err := crypt(ctx, base(out), &outLen, base(in), C.size_t(len(in))); err != nil {
1109++ return nil, err
1110+ }
1111+ // The size returned by EVP_PKEY_get_size() is only preliminary and not exact,
1112+ // so the final contents of the out buffer may be smaller.
1113+@@ -223,57 +265,90 @@ func cryptEVP(withKey withKeyFunc, padding C.int,
1114+ }
1115+
1116+ func verifyEVP(withKey withKeyFunc, padding C.int,
1117+- h hash.Hash, label []byte, saltLen int, ch crypto.Hash,
1118++ h hash.Hash, label []byte, saltLen C.int, ch crypto.Hash,
1119+ init initFunc, verify verifyFunc,
1120+ sig, in []byte) error {
1121+
1122+- ctx, err := setupEVP(withKey, padding, h, label, saltLen, ch, init)
1123++ ctx, err := setupEVP(withKey, padding, h, nil, label, saltLen, ch, init)
1124+ if err != nil {
1125+ return err
1126+ }
1127+ defer C.go_openssl_EVP_PKEY_CTX_free(ctx)
1128+- if verify(ctx, base(sig), C.size_t(len(sig)), base(in), C.size_t(len(in))) != 1 {
1129+- return newOpenSSLError("EVP_PKEY_decrypt/encrypt failed")
1130+- }
1131+- return nil
1132++ return verify(ctx, base(sig), C.size_t(len(sig)), base(in), C.size_t(len(in)))
1133+ }
1134+
1135+-func evpEncrypt(withKey withKeyFunc, padding C.int, h hash.Hash, label, msg []byte) ([]byte, error) {
1136+- encryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
1137+- return C.go_openssl_EVP_PKEY_encrypt_init(ctx)
1138++func evpEncrypt(withKey withKeyFunc, padding C.int, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) {
1139++ encryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error {
1140++ if ret := C.go_openssl_EVP_PKEY_encrypt_init(ctx); ret != 1 {
1141++ return newOpenSSLError("EVP_PKEY_encrypt_init failed")
1142++ }
1143++ return nil
1144+ }
1145+- encrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) C.int {
1146+- return C.go_openssl_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen)
1147++ encrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) error {
1148++ if ret := C.go_openssl_EVP_PKEY_encrypt(ctx, out, outLen, in, inLen); ret != 1 {
1149++ return newOpenSSLError("EVP_PKEY_encrypt failed")
1150++ }
1151++ return nil
1152+ }
1153+- return cryptEVP(withKey, padding, h, label, 0, 0, encryptInit, encrypt, msg)
1154++ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, encryptInit, encrypt, msg)
1155+ }
1156+
1157+-func evpDecrypt(withKey withKeyFunc, padding C.int, h hash.Hash, label, msg []byte) ([]byte, error) {
1158+- decryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
1159+- return C.go_openssl_EVP_PKEY_decrypt_init(ctx)
1160++func evpDecrypt(withKey withKeyFunc, padding C.int, h, mgfHash hash.Hash, label, msg []byte) ([]byte, error) {
1161++ decryptInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error {
1162++ if ret := C.go_openssl_EVP_PKEY_decrypt_init(ctx); ret != 1 {
1163++ return newOpenSSLError("EVP_PKEY_decrypt_init failed")
1164++ }
1165++ return nil
1166+ }
1167+- decrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) C.int {
1168+- return C.go_openssl_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen)
1169++ decrypt := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) error {
1170++ if ret := C.go_openssl_EVP_PKEY_decrypt(ctx, out, outLen, in, inLen); ret != 1 {
1171++ return newOpenSSLError("EVP_PKEY_decrypt failed")
1172++ }
1173++ return nil
1174+ }
1175+- return cryptEVP(withKey, padding, h, label, 0, 0, decryptInit, decrypt, msg)
1176++ return cryptEVP(withKey, padding, h, mgfHash, label, 0, 0, decryptInit, decrypt, msg)
1177+ }
1178+
1179+-func evpSign(withKey withKeyFunc, padding C.int, saltLen int, h crypto.Hash, hashed []byte) ([]byte, error) {
1180+- signtInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
1181+- return C.go_openssl_EVP_PKEY_sign_init(ctx)
1182++func evpSign(withKey withKeyFunc, padding C.int, saltLen C.int, h crypto.Hash, hashed []byte) ([]byte, error) {
1183++ signtInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error {
1184++ if ret := C.go_openssl_EVP_PKEY_sign_init(ctx); ret != 1 {
1185++ return newOpenSSLError("EVP_PKEY_sign_init failed")
1186++ }
1187++ return nil
1188+ }
1189+- sign := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) C.int {
1190+- return C.go_openssl_EVP_PKEY_sign(ctx, out, outLen, in, inLen)
1191++ sign := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen *C.size_t, in *C.uchar, inLen C.size_t) error {
1192++ if ret := C.go_openssl_EVP_PKEY_sign(ctx, out, outLen, in, inLen); ret != 1 {
1193++ return newOpenSSLError("EVP_PKEY_sign failed")
1194++ }
1195++ return nil
1196+ }
1197+- return cryptEVP(withKey, padding, nil, nil, saltLen, h, signtInit, sign, hashed)
1198++ return cryptEVP(withKey, padding, nil, nil, nil, saltLen, h, signtInit, sign, hashed)
1199+ }
1200+
1201+-func evpVerify(withKey withKeyFunc, padding C.int, saltLen int, h crypto.Hash, sig, hashed []byte) error {
1202+- verifyInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) C.int {
1203+- return C.go_openssl_EVP_PKEY_verify_init(ctx)
1204++func evpVerify(withKey withKeyFunc, padding C.int, saltLen C.int, h crypto.Hash, sig, hashed []byte) error {
1205++ verifyInit := func(ctx C.GO_EVP_PKEY_CTX_PTR) error {
1206++ if ret := C.go_openssl_EVP_PKEY_verify_init(ctx); ret != 1 {
1207++ return newOpenSSLError("EVP_PKEY_verify_init failed")
1208++ }
1209++ return nil
1210+ }
1211+- verify := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen C.size_t, in *C.uchar, inLen C.size_t) C.int {
1212+- return C.go_openssl_EVP_PKEY_verify(ctx, out, outLen, in, inLen)
1213++ verify := func(ctx C.GO_EVP_PKEY_CTX_PTR, out *C.uchar, outLen C.size_t, in *C.uchar, inLen C.size_t) error {
1214++ if ret := C.go_openssl_EVP_PKEY_verify(ctx, out, outLen, in, inLen); ret != 1 {
1215++ return newOpenSSLError("EVP_PKEY_verify failed")
1216++ }
1217++ return nil
1218+ }
1219+ return verifyEVP(withKey, padding, nil, nil, saltLen, h, verifyInit, verify, sig, hashed)
1220+ }
1221++
1222++func newEVPPKEY(key C.GO_EC_KEY_PTR) (C.GO_EVP_PKEY_PTR, error) {
1223++ pkey := C.go_openssl_EVP_PKEY_new()
1224++ if pkey == nil {
1225++ return nil, newOpenSSLError("EVP_PKEY_new failed")
1226++ }
1227++ if C.go_openssl_EVP_PKEY_assign(pkey, C.GO_EVP_PKEY_EC, (unsafe.Pointer)(key)) != 1 {
1228++ C.go_openssl_EVP_PKEY_free(pkey)
1229++ return nil, newOpenSSLError("EVP_PKEY_assign failed")
1230++ }
1231++ return pkey, nil
1232++}
1233+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.c b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.c
1234+index 7bbf741851..e5c3eea680 100644
1235+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.c
1236++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.c
1237+@@ -9,6 +9,27 @@
1238+ #include <dlfcn.h>
1239+ #include <stdio.h>
1240+
1241++int
1242++go_openssl_fips_enabled(void* handle)
1243++{
1244++ // For OpenSSL 1.x.
1245++ int (*FIPS_mode)(void);
1246++ FIPS_mode = (int (*)(void))dlsym(handle, "FIPS_mode");
1247++ if (FIPS_mode != NULL)
1248++ return FIPS_mode();
1249++
1250++ // For OpenSSL 3.x.
1251++ int (*EVP_default_properties_is_fips_enabled)(void*);
1252++ int (*OSSL_PROVIDER_available)(void*, const char*);
1253++ EVP_default_properties_is_fips_enabled = (int (*)(void*))dlsym(handle, "EVP_default_properties_is_fips_enabled");
1254++ OSSL_PROVIDER_available = (int (*)(void*, const char*))dlsym(handle, "OSSL_PROVIDER_available");
1255++ if (EVP_default_properties_is_fips_enabled != NULL && OSSL_PROVIDER_available != NULL &&
1256++ EVP_default_properties_is_fips_enabled(NULL) == 1 && OSSL_PROVIDER_available(NULL, "fips") == 1)
1257++ return 1;
1258++
1259++ return 0;
1260++}
1261++
1262+ static unsigned long
1263+ version_num(void* handle)
1264+ {
1265+@@ -47,12 +68,12 @@ int
1266+ go_openssl_version_minor(void* handle)
1267+ {
1268+ unsigned int (*fn)(void);
1269+- // OPENSSL_version_major is supported since OpenSSL 3.
1270++ // OPENSSL_version_minor is supported since OpenSSL 3.
1271+ fn = (unsigned int (*)(void))dlsym(handle, "OPENSSL_version_minor");
1272+ if (fn != NULL)
1273+ return (int)fn();
1274+
1275+- // If OPENSSL_version_major is not defined, try with OpenSSL 1 functions.
1276++ // If OPENSSL_version_minor is not defined, try with OpenSSL 1 functions.
1277+ unsigned long num = version_num(handle);
1278+ // OpenSSL version number follows this schema:
1279+ // MNNFFPPS: major minor fix patch status.
1280+@@ -70,6 +91,24 @@ go_openssl_version_minor(void* handle)
1281+ return 0;
1282+ }
1283+
1284++int
1285++go_openssl_version_feature(void* handle)
1286++{
1287++ unsigned int (*fn)(void);
1288++ // OPENSSL_version_minor is supported since OpenSSL 3.
1289++ // OpenSSL 3 has feature level always set to zero
1290++ fn = (unsigned int (*)(void))dlsym(handle, "OPENSSL_version_minor");
1291++ if (fn != NULL)
1292++ return 0;
1293++
1294++ // If OPENSSL_version_minor is not defined, try with OpenSSL 1 functions.
1295++ unsigned long num = version_num(handle);
1296++ // OpenSSL version number follows this schema:
1297++ // MNNFFPPS: major minor feature patch status.
1298++
1299++ return (num >> 12) & 0xff;
1300++}
1301++
1302+ // Approach taken from .Net System.Security.Cryptography.Native
1303+ // https://github.com/dotnet/runtime/blob/f64246ce08fb7a58221b2b7c8e68f69c02522b0d/src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.c
1304+
1305+@@ -77,6 +116,7 @@ go_openssl_version_minor(void* handle)
1306+ #define DEFINEFUNC_LEGACY_1_0(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1307+ #define DEFINEFUNC_LEGACY_1(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1308+ #define DEFINEFUNC_1_1(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1309++#define DEFINEFUNC_1_1_1(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1310+ #define DEFINEFUNC_3_0(ret, func, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1311+ #define DEFINEFUNC_RENAMED_1_1(ret, func, oldfunc, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1312+ #define DEFINEFUNC_RENAMED_3_0(ret, func, oldfunc, args, argscall) DEFINEFUNC(ret, func, args, argscall)
1313+@@ -87,6 +127,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
1314+ #undef DEFINEFUNC_LEGACY_1_0
1315+ #undef DEFINEFUNC_LEGACY_1
1316+ #undef DEFINEFUNC_1_1
1317++#undef DEFINEFUNC_1_1_1
1318+ #undef DEFINEFUNC_3_0
1319+ #undef DEFINEFUNC_RENAMED_1_1
1320+ #undef DEFINEFUNC_RENAMED_3_0
1321+@@ -95,7 +136,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
1322+ // and assign them to their corresponding function pointer
1323+ // defined in goopenssl.h.
1324+ void
1325+-go_openssl_load_functions(void* handle, int major, int minor)
1326++go_openssl_load_functions(void* handle, int major, int minor, int feature)
1327+ {
1328+ #define DEFINEFUNC_INTERNAL(name, func) \
1329+ _g_##name = dlsym(handle, func); \
1330+@@ -117,6 +158,11 @@ go_openssl_load_functions(void* handle, int major, int minor)
1331+ { \
1332+ DEFINEFUNC_INTERNAL(func, #func) \
1333+ }
1334++#define DEFINEFUNC_1_1_1(ret, func, args, argscall) \
1335++ if (major == 3 || (major == 1 && minor == 1 && feature == 1)) \
1336++ { \
1337++ DEFINEFUNC_INTERNAL(func, #func) \
1338++ }
1339+ #define DEFINEFUNC_3_0(ret, func, args, argscall) \
1340+ if (major == 3) \
1341+ { \
1342+@@ -147,6 +193,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
1343+ #undef DEFINEFUNC_LEGACY_1_0
1344+ #undef DEFINEFUNC_LEGACY_1
1345+ #undef DEFINEFUNC_1_1
1346++#undef DEFINEFUNC_1_1_1
1347+ #undef DEFINEFUNC_3_0
1348+ #undef DEFINEFUNC_RENAMED_1_1
1349+ #undef DEFINEFUNC_RENAMED_3_0
1350+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.h b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.h
1351+index 9191b512e3..2a387ccbfa 100644
1352+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.h
1353++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/goopenssl.h
1354+@@ -7,10 +7,12 @@
1355+
1356+ #include "openssl_funcs.h"
1357+
1358++int go_openssl_fips_enabled(void* handle);
1359+ int go_openssl_version_major(void* handle);
1360+ int go_openssl_version_minor(void* handle);
1361++int go_openssl_version_feature(void* handle);
1362+ int go_openssl_thread_setup(void);
1363+-void go_openssl_load_functions(void* handle, int major, int minor);
1364++void go_openssl_load_functions(void* handle, int major, int minor, int feature);
1365+
1366+ // Define pointers to all the used OpenSSL functions.
1367+ // Calling C function pointers from Go is currently not supported.
1368+@@ -28,6 +30,8 @@ void go_openssl_load_functions(void* handle, int major, int minor);
1369+ DEFINEFUNC(ret, func, args, argscall)
1370+ #define DEFINEFUNC_1_1(ret, func, args, argscall) \
1371+ DEFINEFUNC(ret, func, args, argscall)
1372++#define DEFINEFUNC_1_1_1(ret, func, args, argscall) \
1373++ DEFINEFUNC(ret, func, args, argscall)
1374+ #define DEFINEFUNC_3_0(ret, func, args, argscall) \
1375+ DEFINEFUNC(ret, func, args, argscall)
1376+ #define DEFINEFUNC_RENAMED_1_1(ret, func, oldfunc, args, argscall) \
1377+@@ -41,10 +45,25 @@ FOR_ALL_OPENSSL_FUNCTIONS
1378+ #undef DEFINEFUNC_LEGACY_1_0
1379+ #undef DEFINEFUNC_LEGACY_1
1380+ #undef DEFINEFUNC_1_1
1381++#undef DEFINEFUNC_1_1_1
1382+ #undef DEFINEFUNC_3_0
1383+ #undef DEFINEFUNC_RENAMED_1_1
1384+ #undef DEFINEFUNC_RENAMED_3_0
1385+
1386++// go_shaX is a SHA generic wrapper which hash p into out.
1387++// One shot sha functions are expected to be fast, so
1388++// we maximize performance by batching all cgo calls.
1389++static inline int
1390++go_shaX(GO_EVP_MD_PTR md, void *p, size_t n, void *out)
1391++{
1392++ GO_EVP_MD_CTX_PTR ctx = go_openssl_EVP_MD_CTX_new();
1393++ go_openssl_EVP_DigestInit_ex(ctx, md, NULL);
1394++ int ret = go_openssl_EVP_DigestUpdate(ctx, p, n) &&
1395++ go_openssl_EVP_DigestFinal_ex(ctx, out, NULL);
1396++ go_openssl_EVP_MD_CTX_free(ctx);
1397++ return ret;
1398++}
1399++
1400+ // These wrappers allocate out_len on the C stack to avoid having to pass a pointer from Go, which would escape to the heap.
1401+ // Use them only in situations where the output length can be safely discarded.
1402+ static inline int
1403+@@ -130,4 +149,4 @@ go_openssl_EVP_CIPHER_CTX_open_wrapper(const GO_EVP_CIPHER_CTX_PTR ctx,
1404+ return 0;
1405+
1406+ return 1;
1407+-};
1408+\ No newline at end of file
1409++};
1410+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go
1411+index 80f320b041..bb7c87fa48 100644
1412+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go
1413++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/hmac.go
1414+@@ -14,6 +14,11 @@ import (
1415+ "unsafe"
1416+ )
1417+
1418++var (
1419++ paramAlgHMAC = C.CString("HMAC")
1420++ paramDigest = C.CString("digest")
1421++)
1422++
1423+ // NewHMAC returns a new HMAC using OpenSSL.
1424+ // The function h must return a hash implemented by
1425+ // OpenSSL (for example, h could be openssl.NewSHA256).
1426+@@ -38,19 +43,19 @@ func NewHMAC(h func() hash.Hash, key []byte) hash.Hash {
1427+ // we pass an "empty" key.
1428+ hkey = make([]byte, C.GO_EVP_MAX_MD_SIZE)
1429+ }
1430+- hmac := &opensslHMAC{
1431+- md: md,
1432+- size: ch.Size(),
1433+- blockSize: ch.BlockSize(),
1434+- key: hkey,
1435+- ctx: hmacCtxNew(),
1436++ switch vMajor {
1437++ case 1:
1438++ return newHMAC1(hkey, ch, md)
1439++ case 3:
1440++ return newHMAC3(hkey, ch, md)
1441++ default:
1442++ panic(errUnsuportedVersion())
1443+ }
1444+- runtime.SetFinalizer(hmac, (*opensslHMAC).finalize)
1445+- hmac.Reset()
1446+- return hmac
1447+ }
1448+
1449+-type opensslHMAC struct {
1450++// hmac1 implements hash.Hash
1451++// using functions available in OpenSSL 1.
1452++type hmac1 struct {
1453+ md C.GO_EVP_MD_PTR
1454+ ctx C.GO_HMAC_CTX_PTR
1455+ size int
1456+@@ -59,8 +64,21 @@ type opensslHMAC struct {
1457+ sum []byte
1458+ }
1459+
1460+-func (h *opensslHMAC) Reset() {
1461+- hmacCtxReset(h.ctx)
1462++func newHMAC1(key []byte, h hash.Hash, md C.GO_EVP_MD_PTR) *hmac1 {
1463++ hmac := &hmac1{
1464++ md: md,
1465++ size: h.Size(),
1466++ blockSize: h.BlockSize(),
1467++ key: key,
1468++ ctx: hmac1CtxNew(),
1469++ }
1470++ runtime.SetFinalizer(hmac, (*hmac1).finalize)
1471++ hmac.Reset()
1472++ return hmac
1473++}
1474++
1475++func (h *hmac1) Reset() {
1476++ hmac1CtxReset(h.ctx)
1477+
1478+ if C.go_openssl_HMAC_Init_ex(h.ctx, unsafe.Pointer(&h.key[0]), C.int(len(h.key)), h.md, nil) == 0 {
1479+ panic("openssl: HMAC_Init failed")
1480+@@ -73,11 +91,11 @@ func (h *opensslHMAC) Reset() {
1481+ h.sum = nil
1482+ }
1483+
1484+-func (h *opensslHMAC) finalize() {
1485+- hmacCtxFree(h.ctx)
1486++func (h *hmac1) finalize() {
1487++ hmac1CtxFree(h.ctx)
1488+ }
1489+
1490+-func (h *opensslHMAC) Write(p []byte) (int, error) {
1491++func (h *hmac1) Write(p []byte) (int, error) {
1492+ if len(p) > 0 {
1493+ C.go_openssl_HMAC_Update(h.ctx, base(p), C.size_t(len(p)))
1494+ }
1495+@@ -85,15 +103,15 @@ func (h *opensslHMAC) Write(p []byte) (int, error) {
1496+ return len(p), nil
1497+ }
1498+
1499+-func (h *opensslHMAC) Size() int {
1500++func (h *hmac1) Size() int {
1501+ return h.size
1502+ }
1503+
1504+-func (h *opensslHMAC) BlockSize() int {
1505++func (h *hmac1) BlockSize() int {
1506+ return h.blockSize
1507+ }
1508+
1509+-func (h *opensslHMAC) Sum(in []byte) []byte {
1510++func (h *hmac1) Sum(in []byte) []byte {
1511+ if h.sum == nil {
1512+ size := h.Size()
1513+ h.sum = make([]byte, size)
1514+@@ -102,8 +120,8 @@ func (h *opensslHMAC) Sum(in []byte) []byte {
1515+ // that Sum has no effect on the underlying stream.
1516+ // In particular it is OK to Sum, then Write more, then Sum again,
1517+ // and the second Sum acts as if the first didn't happen.
1518+- ctx2 := hmacCtxNew()
1519+- defer hmacCtxFree(ctx2)
1520++ ctx2 := hmac1CtxNew()
1521++ defer hmac1CtxFree(ctx2)
1522+ if C.go_openssl_HMAC_CTX_copy(ctx2, h.ctx) == 0 {
1523+ panic("openssl: HMAC_CTX_copy failed")
1524+ }
1525+@@ -111,7 +129,7 @@ func (h *opensslHMAC) Sum(in []byte) []byte {
1526+ return append(in, h.sum...)
1527+ }
1528+
1529+-func hmacCtxNew() C.GO_HMAC_CTX_PTR {
1530++func hmac1CtxNew() C.GO_HMAC_CTX_PTR {
1531+ if vMajor == 1 && vMinor == 0 {
1532+ // 0x120 is the sizeof value when building against OpenSSL 1.0.2 on Ubuntu 16.04.
1533+ ctx := (C.GO_HMAC_CTX_PTR)(C.malloc(0x120))
1534+@@ -123,7 +141,7 @@ func hmacCtxNew() C.GO_HMAC_CTX_PTR {
1535+ return C.go_openssl_HMAC_CTX_new()
1536+ }
1537+
1538+-func hmacCtxReset(ctx C.GO_HMAC_CTX_PTR) {
1539++func hmac1CtxReset(ctx C.GO_HMAC_CTX_PTR) {
1540+ if ctx == nil {
1541+ return
1542+ }
1543+@@ -135,7 +153,7 @@ func hmacCtxReset(ctx C.GO_HMAC_CTX_PTR) {
1544+ C.go_openssl_HMAC_CTX_reset(ctx)
1545+ }
1546+
1547+-func hmacCtxFree(ctx C.GO_HMAC_CTX_PTR) {
1548++func hmac1CtxFree(ctx C.GO_HMAC_CTX_PTR) {
1549+ if ctx == nil {
1550+ return
1551+ }
1552+@@ -146,3 +164,89 @@ func hmacCtxFree(ctx C.GO_HMAC_CTX_PTR) {
1553+ }
1554+ C.go_openssl_HMAC_CTX_free(ctx)
1555+ }
1556++
1557++// hmac3 implements hash.Hash
1558++// using functions available in OpenSSL 3.
1559++type hmac3 struct {
1560++ md C.GO_EVP_MAC_PTR
1561++ ctx C.GO_EVP_MAC_CTX_PTR
1562++ params [2]C.OSSL_PARAM
1563++ size int
1564++ blockSize int
1565++ key []byte
1566++ sum []byte
1567++}
1568++
1569++func newHMAC3(key []byte, h hash.Hash, md C.GO_EVP_MD_PTR) *hmac3 {
1570++ mac := C.go_openssl_EVP_MAC_fetch(nil, paramAlgHMAC, nil)
1571++ ctx := C.go_openssl_EVP_MAC_CTX_new(mac)
1572++ if ctx == nil {
1573++ panic("openssl: EVP_MAC_CTX_new failed")
1574++ }
1575++ digest := C.go_openssl_EVP_MD_get0_name(md)
1576++ params := [2]C.OSSL_PARAM{
1577++ C.go_openssl_OSSL_PARAM_construct_utf8_string(paramDigest, digest, 0),
1578++ C.go_openssl_OSSL_PARAM_construct_end(),
1579++ }
1580++ hmac := &hmac3{
1581++ md: mac,
1582++ ctx: ctx,
1583++ params: params,
1584++ size: h.Size(),
1585++ blockSize: h.BlockSize(),
1586++ key: key,
1587++ }
1588++ runtime.SetFinalizer(hmac, (*hmac3).finalize)
1589++ hmac.Reset()
1590++ return hmac
1591++}
1592++
1593++func (h *hmac3) Reset() {
1594++ if C.go_openssl_EVP_MAC_init(h.ctx, base(h.key), C.size_t(len(h.key)), &h.params[0]) == 0 {
1595++ panic(newOpenSSLError("EVP_MAC_init failed"))
1596++ }
1597++ runtime.KeepAlive(h) // Next line will keep h alive too; just making doubly sure.
1598++ h.sum = nil
1599++}
1600++
1601++func (h *hmac3) finalize() {
1602++ C.go_openssl_EVP_MAC_free(h.md)
1603++ if h.ctx == nil {
1604++ return
1605++ }
1606++ C.go_openssl_EVP_MAC_CTX_free(h.ctx)
1607++}
1608++
1609++func (h *hmac3) Write(p []byte) (int, error) {
1610++ if len(p) > 0 {
1611++ C.go_openssl_EVP_MAC_update(h.ctx, base(p), C.size_t(len(p)))
1612++ }
1613++ runtime.KeepAlive(h)
1614++ return len(p), nil
1615++}
1616++
1617++func (h *hmac3) Size() int {
1618++ return h.size
1619++}
1620++
1621++func (h *hmac3) BlockSize() int {
1622++ return h.blockSize
1623++}
1624++
1625++func (h *hmac3) Sum(in []byte) []byte {
1626++ if h.sum == nil {
1627++ size := h.Size()
1628++ h.sum = make([]byte, size)
1629++ }
1630++ // Make copy of context because Go hash.Hash mandates
1631++ // that Sum has no effect on the underlying stream.
1632++ // In particular it is OK to Sum, then Write more, then Sum again,
1633++ // and the second Sum acts as if the first didn't happen.
1634++ ctx2 := C.go_openssl_EVP_MAC_CTX_dup(h.ctx)
1635++ if ctx2 == nil {
1636++ panic("openssl: EVP_MAC_CTX_dup failed")
1637++ }
1638++ defer C.go_openssl_EVP_MAC_CTX_free(ctx2)
1639++ C.go_openssl_EVP_MAC_final(ctx2, base(h.sum), nil, C.size_t(len(h.sum)))
1640++ return append(in, h.sum...)
1641++}
1642+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go
1643+index 2c354e1df0..b360a9f9bc 100644
1644+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go
1645++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl.go
1646+@@ -13,7 +13,7 @@ package openssl
1647+ import "C"
1648+ import (
1649+ "errors"
1650+- "math/big"
1651++ "math/bits"
1652+ "strconv"
1653+ "strings"
1654+ "sync"
1655+@@ -24,18 +24,16 @@ import (
1656+ var (
1657+ providerNameFips = C.CString("fips")
1658+ providerNameDefault = C.CString("default")
1659+- propFipsYes = C.CString("fips=yes")
1660+- propFipsNo = C.CString("fips=no")
1661+- algProve = C.CString("SHA2-256")
1662+ )
1663+
1664+ var (
1665+ initOnce sync.Once
1666+ // errInit is set when first calling Init().
1667+ errInit error
1668+- // vMajor and vMinor hold the major/minor OpenSSL version.
1669+- // It is only populated if Init has been called.
1670+- vMajor, vMinor int
1671++ // vMajor, vMinor and vFeature hold the major/minor/feature
1672++ // OpenSSL version. It is only populated if Init has been
1673++ // called.
1674++ vMajor, vMinor, vFeature int
1675+ )
1676+
1677+ // knownVersions is a list of supported and well-known libcrypto.so suffixes in decreasing version order.
1678+@@ -49,7 +47,7 @@ var (
1679+ var knownVersions = [...]string{"3", "1.1", "11", "111", "1.0.2", "1.0.0", "10"}
1680+
1681+ func errUnsuportedVersion() error {
1682+- return errors.New("openssl: OpenSSL version: " + strconv.Itoa(vMajor) + "." + strconv.Itoa(vMinor))
1683++ return errors.New("openssl: OpenSSL version: " + strconv.Itoa(vMajor) + "." + strconv.Itoa(vMinor) + "." + strconv.Itoa(vFeature))
1684+ }
1685+
1686+ // Init loads and initializes OpenSSL.
1687+@@ -74,7 +72,8 @@ func Init() error {
1688+
1689+ vMajor = int(C.go_openssl_version_major(handle))
1690+ vMinor = int(C.go_openssl_version_minor(handle))
1691+- if vMajor == -1 || vMinor == -1 {
1692++ vFeature = int(C.go_openssl_version_feature(handle))
1693++ if vMajor == -1 || vMinor == -1 || vFeature == -1 {
1694+ errInit = errors.New("openssl: can't retrieve OpenSSL version")
1695+ return
1696+ }
1697+@@ -90,7 +89,7 @@ func Init() error {
1698+ return
1699+ }
1700+
1701+- C.go_openssl_load_functions(handle, C.int(vMajor), C.int(vMinor))
1702++ C.go_openssl_load_functions(handle, C.int(vMajor), C.int(vMinor), C.int(vFeature))
1703+ C.go_openssl_OPENSSL_init()
1704+ if vMajor == 1 && vMinor == 0 {
1705+ if C.go_openssl_thread_setup() != 1 {
1706+@@ -126,26 +125,33 @@ func loadLibrary(version string) (unsafe.Pointer, error) {
1707+ }
1708+ return handle, nil
1709+ }
1710++ var fallbackHandle unsafe.Pointer
1711+ for _, v := range knownVersions {
1712+ handle := dlopen(v)
1713+- if handle != nil {
1714++ if handle == nil {
1715++ continue
1716++ }
1717++ if C.go_openssl_fips_enabled(handle) == 1 {
1718++ // Found a FIPS enabled version, use it.
1719++ if fallbackHandle != nil {
1720++ // If we found a FIPS enabled version but we already have a fallback
1721++ // version, close the fallback version.
1722++ C.dlclose(fallbackHandle)
1723++ }
1724+ return handle, nil
1725+ }
1726++ if fallbackHandle == nil {
1727++ // Remember the first version that exists but is not FIPS enabled
1728++ // in case we don't find any FIPS enabled version.
1729++ fallbackHandle = handle
1730++ } else {
1731++ C.dlclose(handle)
1732++ }
1733+ }
1734+- return nil, errors.New("openssl: can't load libcrypto.so using any known version suffix")
1735+-}
1736+-
1737+-// providerAvailable looks through provider's digests
1738+-// checking if there is any that matches the props query.
1739+-func providerAvailable(props *C.char) bool {
1740+- C.go_openssl_ERR_set_mark()
1741+- md := C.go_openssl_EVP_MD_fetch(nil, algProve, props)
1742+- C.go_openssl_ERR_pop_to_mark()
1743+- if md == nil {
1744+- return false
1745++ if fallbackHandle != nil {
1746++ return fallbackHandle, nil
1747+ }
1748+- C.go_openssl_EVP_MD_free(md)
1749+- return true
1750++ return nil, errors.New("openssl: can't load libcrypto.so using any known version suffix")
1751+ }
1752+
1753+ // FIPS returns true if OpenSSL is running in FIPS mode, else returns false.
1754+@@ -159,7 +165,7 @@ func FIPS() bool {
1755+ }
1756+ // EVP_default_properties_is_fips_enabled can return true even if the FIPS provider isn't loaded,
1757+ // it is only based on the default properties.
1758+- return providerAvailable(propFipsYes)
1759++ return C.go_openssl_OSSL_PROVIDER_available(nil, providerNameFips) == 1
1760+ default:
1761+ panic(errUnsuportedVersion())
1762+ }
1763+@@ -167,45 +173,41 @@ func FIPS() bool {
1764+
1765+ // SetFIPS enables or disables FIPS mode.
1766+ //
1767+-// It implements the following provider fallback logic for OpenSSL 3:
1768+-// - The "fips" provider is loaded if enabled=true and no loaded provider matches "fips=yes".
1769+-// - The "default" provider is loaded if enabled=false and no loaded provider matches "fips=no".
1770+-// This logic allows advanced users to define their own providers that match "fips=yes" and "fips=no" using the OpenSSL config file.
1771++// On OpenSSL 3, the `fips` provider is loaded if enabled is true,
1772++// else the `default` provider is loaded.
1773+ func SetFIPS(enabled bool) error {
1774++ var mode C.int
1775++ if enabled {
1776++ mode = C.int(1)
1777++ } else {
1778++ mode = C.int(0)
1779++ }
1780+ switch vMajor {
1781+ case 1:
1782+- var mode C.int
1783+- if enabled {
1784+- mode = C.int(1)
1785+- } else {
1786+- mode = C.int(0)
1787+- }
1788+ if C.go_openssl_FIPS_mode_set(mode) != 1 {
1789+ return newOpenSSLError("openssl: FIPS_mode_set")
1790+ }
1791+ return nil
1792+ case 3:
1793+- var props, provName *C.char
1794++ var provName *C.char
1795+ if enabled {
1796+- props = propFipsYes
1797+ provName = providerNameFips
1798+ } else {
1799+- props = propFipsNo
1800+ provName = providerNameDefault
1801+ }
1802+- // Check if there is any provider that matches props.
1803+- if !providerAvailable(props) {
1804++ // Check if provName is not loaded.
1805++ if C.go_openssl_OSSL_PROVIDER_available(nil, provName) == 0 {
1806+ // If not, fallback to provName provider.
1807+ if C.go_openssl_OSSL_PROVIDER_load(nil, provName) == nil {
1808+- return newOpenSSLError("openssl: OSSL_PROVIDER_try_load")
1809++ return newOpenSSLError("openssl: OSSL_PROVIDER_load")
1810+ }
1811+ // Make sure we now have a provider available.
1812+- if !providerAvailable(props) {
1813++ if C.go_openssl_OSSL_PROVIDER_available(nil, provName) == 0 {
1814+ return fail("SetFIPS(" + strconv.FormatBool(enabled) + ") not supported")
1815+ }
1816+ }
1817+- if C.go_openssl_EVP_set_default_properties(nil, props) != 1 {
1818+- return newOpenSSLError("openssl: EVP_set_default_properties")
1819++ if C.go_openssl_EVP_default_properties_enable_fips(nil, mode) != 1 {
1820++ return newOpenSSLError("openssl: EVP_default_properties_enable_fips")
1821+ }
1822+ return nil
1823+ default:
1824+@@ -242,19 +244,62 @@ type fail string
1825+
1826+ func (e fail) Error() string { return "openssl: " + string(e) + " failed" }
1827+
1828+-func bigToBN(x *big.Int) C.GO_BIGNUM_PTR {
1829+- if x == nil {
1830++const wordBytes = bits.UintSize / 8
1831++
1832++func wbase(b BigInt) *C.uchar {
1833++ if len(b) == 0 {
1834+ return nil
1835+ }
1836+- raw := x.Bytes()
1837+- return C.go_openssl_BN_bin2bn(base(raw), C.int(len(raw)), nil)
1838++ return (*C.uchar)(unsafe.Pointer(&b[0]))
1839+ }
1840+
1841+-func bnToBig(bn C.GO_BIGNUM_PTR) *big.Int {
1842++func bytesToBN(x []byte) C.GO_BIGNUM_PTR {
1843++ if len(x) == 0 {
1844++ return nil
1845++ }
1846++ return C.go_openssl_BN_bin2bn(base(x), C.int(len(x)), nil)
1847++}
1848++
1849++func bigToBN(x BigInt) C.GO_BIGNUM_PTR {
1850++ if len(x) == 0 {
1851++ return nil
1852++ }
1853++ return C.go_openssl_BN_lebin2bn(wbase(x), C.int(len(x)*wordBytes), nil)
1854++}
1855++
1856++func bnToBig(bn C.GO_BIGNUM_PTR) BigInt {
1857+ if bn == nil {
1858+ return nil
1859+ }
1860+- raw := make([]byte, (C.go_openssl_BN_num_bits(bn)+7)/8)
1861+- n := C.go_openssl_BN_bn2bin(bn, base(raw))
1862+- return new(big.Int).SetBytes(raw[:n])
1863++ x := make(BigInt, C.go_openssl_BN_num_bits(bn))
1864++ if C.go_openssl_BN_bn2lebinpad(bn, wbase(x), C.int(len(x)*wordBytes)) == 0 {
1865++ panic("openssl: bignum conversion failed")
1866++ }
1867++ return x
1868++}
1869++
1870++// noescape hides a pointer from escape analysis. noescape is
1871++// the identity function but escape analysis doesn't think the
1872++// output depends on the input. noescape is inlined and currently
1873++// compiles down to zero instructions.
1874++// USE CAREFULLY!
1875++//
1876++//go:nosplit
1877++func noescape(p unsafe.Pointer) unsafe.Pointer {
1878++ x := uintptr(p)
1879++ return unsafe.Pointer(x ^ 0)
1880++}
1881++
1882++var zero byte
1883++
1884++// addr converts p to its base addr, including a noescape along the way.
1885++// If p is nil, addr returns a non-nil pointer, so that the result can always
1886++// be dereferenced.
1887++//
1888++//go:nosplit
1889++func addr(p []byte) *byte {
1890++ if len(p) == 0 {
1891++ return &zero
1892++ }
1893++ return (*byte)(noescape(unsafe.Pointer(&p[0])))
1894+ }
1895+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_funcs.h b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_funcs.h
1896+index 95024cf8ec..cbc2d880c2 100644
1897+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_funcs.h
1898++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/openssl_funcs.h
1899+@@ -38,9 +38,13 @@ enum {
1900+
1901+ // #include <openssl/ec.h>
1902+ enum {
1903+- GO_EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001
1904++ GO_EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID = 0x1001,
1905+ };
1906+
1907++typedef enum {
1908++ GO_POINT_CONVERSION_UNCOMPRESSED = 4,
1909++} point_conversion_form_t;
1910++
1911+ // #include <openssl/obj_mac.h>
1912+ enum {
1913+ GO_NID_X9_62_prime256v1 = 415,
1914+@@ -55,9 +59,14 @@ enum {
1915+ GO_RSA_NO_PADDING = 3,
1916+ GO_RSA_PKCS1_OAEP_PADDING = 4,
1917+ GO_RSA_PKCS1_PSS_PADDING = 6,
1918++ GO_RSA_PSS_SALTLEN_DIGEST = -1,
1919++ GO_RSA_PSS_SALTLEN_AUTO = -2,
1920++ GO_RSA_PSS_SALTLEN_MAX_SIGN = -2,
1921++ GO_RSA_PSS_SALTLEN_MAX = -3,
1922+ GO_EVP_PKEY_CTRL_RSA_PADDING = 0x1001,
1923+ GO_EVP_PKEY_CTRL_RSA_PSS_SALTLEN = 0x1002,
1924+ GO_EVP_PKEY_CTRL_RSA_KEYGEN_BITS = 0x1003,
1925++ GO_EVP_PKEY_CTRL_RSA_MGF1_MD = 0x1005,
1926+ GO_EVP_PKEY_CTRL_RSA_OAEP_MD = 0x1009,
1927+ GO_EVP_PKEY_CTRL_RSA_OAEP_LABEL = 0x100A
1928+ };
1929+@@ -79,6 +88,21 @@ typedef void* GO_EC_KEY_PTR;
1930+ typedef void* GO_EC_POINT_PTR;
1931+ typedef void* GO_EC_GROUP_PTR;
1932+ typedef void* GO_RSA_PTR;
1933++typedef void* GO_EVP_MAC_PTR;
1934++typedef void* GO_EVP_MAC_CTX_PTR;
1935++
1936++// OSSL_PARAM does not follow the GO_FOO_PTR pattern
1937++// because it is not passed around as a pointer but on the stack.
1938++// We can't abstract it away by using a void*.
1939++// Copied from
1940++// https://github.com/openssl/openssl/blob/fcae2ae4f675def607d338b7945b9af1dd9bb746/include/openssl/core.h#L82-L88.
1941++typedef struct {
1942++ const char *key;
1943++ unsigned int data_type;
1944++ void *data;
1945++ size_t data_size;
1946++ size_t return_size;
1947++} OSSL_PARAM;
1948+
1949+ // List of all functions from the libcrypto that are used in this package.
1950+ // Forgetting to add a function here results in build failure with message reporting the function
1951+@@ -126,8 +150,6 @@ typedef void* GO_RSA_PTR;
1952+ // #include <openssl/provider.h>
1953+ // #endif
1954+ #define FOR_ALL_OPENSSL_FUNCTIONS \
1955+-DEFINEFUNC(int, ERR_set_mark, (void), ()) \
1956+-DEFINEFUNC(int, ERR_pop_to_mark, (void), ()) \
1957+ DEFINEFUNC(unsigned long, ERR_get_error, (void), ()) \
1958+ DEFINEFUNC(void, ERR_error_string_n, (unsigned long e, char *buf, size_t len), (e, buf, len)) \
1959+ DEFINEFUNC_RENAMED_1_1(const char *, OpenSSL_version, SSLeay_version, (int type), (type)) \
1960+@@ -141,25 +163,32 @@ DEFINEFUNC_1_1(int, OPENSSL_init_crypto, (uint64_t ops, const GO_OPENSSL_INIT_SE
1961+ DEFINEFUNC_LEGACY_1(int, FIPS_mode, (void), ()) \
1962+ DEFINEFUNC_LEGACY_1(int, FIPS_mode_set, (int r), (r)) \
1963+ DEFINEFUNC_3_0(int, EVP_default_properties_is_fips_enabled, (GO_OSSL_LIB_CTX_PTR libctx), (libctx)) \
1964+-DEFINEFUNC_3_0(int, EVP_set_default_properties, (GO_OSSL_LIB_CTX_PTR libctx, const char *propq), (libctx, propq)) \
1965++DEFINEFUNC_3_0(int, EVP_default_properties_enable_fips, (GO_OSSL_LIB_CTX_PTR libctx, int enable), (libctx, enable)) \
1966+ DEFINEFUNC_3_0(GO_OSSL_PROVIDER_PTR, OSSL_PROVIDER_load, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \
1967++DEFINEFUNC_3_0(int, OSSL_PROVIDER_available, (GO_OSSL_LIB_CTX_PTR libctx, const char *name), (libctx, name)) \
1968+ DEFINEFUNC(int, RAND_bytes, (unsigned char* arg0, int arg1), (arg0, arg1)) \
1969++DEFINEFUNC(int, EVP_DigestInit, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type), (ctx, type)) \
1970+ DEFINEFUNC(int, EVP_DigestInit_ex, (GO_EVP_MD_CTX_PTR ctx, const GO_EVP_MD_PTR type, GO_ENGINE_PTR impl), (ctx, type, impl)) \
1971+ DEFINEFUNC(int, EVP_DigestUpdate, (GO_EVP_MD_CTX_PTR ctx, const void *d, size_t cnt), (ctx, d, cnt)) \
1972+ DEFINEFUNC(int, EVP_DigestFinal_ex, (GO_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s), (ctx, md, s)) \
1973++DEFINEFUNC(int, EVP_DigestFinal, (GO_EVP_MD_CTX_PTR ctx, unsigned char *md, unsigned int *s), (ctx, md, s)) \
1974+ DEFINEFUNC_RENAMED_1_1(GO_EVP_MD_CTX_PTR, EVP_MD_CTX_new, EVP_MD_CTX_create, (), ()) \
1975+ DEFINEFUNC_RENAMED_1_1(void, EVP_MD_CTX_free, EVP_MD_CTX_destroy, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \
1976+ DEFINEFUNC(int, EVP_MD_CTX_copy_ex, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \
1977++DEFINEFUNC(int, EVP_MD_CTX_copy, (GO_EVP_MD_CTX_PTR out, const GO_EVP_MD_CTX_PTR in), (out, in)) \
1978+ DEFINEFUNC_RENAMED_1_1(int, EVP_MD_CTX_reset, EVP_MD_CTX_cleanup, (GO_EVP_MD_CTX_PTR ctx), (ctx)) \
1979++DEFINEFUNC_3_0(const char *, EVP_MD_get0_name, (const GO_EVP_MD_PTR md), (md)) \
1980+ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_md5, (void), ()) \
1981+ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha1, (void), ()) \
1982+ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha224, (void), ()) \
1983+ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha256, (void), ()) \
1984+ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha384, (void), ()) \
1985+ DEFINEFUNC(const GO_EVP_MD_PTR, EVP_sha512, (void), ()) \
1986++DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_224, (void), ()) \
1987++DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_256, (void), ()) \
1988++DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_384, (void), ()) \
1989++DEFINEFUNC_1_1_1(const GO_EVP_MD_PTR, EVP_sha3_512, (void), ()) \
1990+ DEFINEFUNC_1_1(const GO_EVP_MD_PTR, EVP_md5_sha1, (void), ()) \
1991+-DEFINEFUNC_3_0(GO_EVP_MD_PTR, EVP_MD_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \
1992+-DEFINEFUNC_3_0(void, EVP_MD_free, (GO_EVP_MD_PTR md), (md)) \
1993+ DEFINEFUNC_RENAMED_3_0(int, EVP_MD_get_size, EVP_MD_size, (const GO_EVP_MD_PTR arg0), (arg0)) \
1994+ DEFINEFUNC_LEGACY_1_0(void, HMAC_CTX_init, (GO_HMAC_CTX_PTR arg0), (arg0)) \
1995+ DEFINEFUNC_LEGACY_1_0(void, HMAC_CTX_cleanup, (GO_HMAC_CTX_PTR arg0), (arg0)) \
1996+@@ -180,15 +209,24 @@ DEFINEFUNC(void, BN_clear_free, (GO_BIGNUM_PTR arg0), (arg0)) \
1997+ DEFINEFUNC(int, BN_num_bits, (const GO_BIGNUM_PTR arg0), (arg0)) \
1998+ DEFINEFUNC(GO_BIGNUM_PTR, BN_bin2bn, (const unsigned char *arg0, int arg1, GO_BIGNUM_PTR arg2), (arg0, arg1, arg2)) \
1999+ DEFINEFUNC(int, BN_bn2bin, (const GO_BIGNUM_PTR arg0, unsigned char *arg1), (arg0, arg1)) \
2000++/* bn_lebin2bn, bn_bn2lebinpad and BN_bn2binpad are not exported in any OpenSSL 1.0.2, but they exist. */ \
2001++/*check:from=1.1.0*/ DEFINEFUNC_RENAMED_1_1(GO_BIGNUM_PTR, BN_lebin2bn, bn_lebin2bn, (const unsigned char *s, int len, GO_BIGNUM_PTR ret), (s, len, ret)) \
2002++/*check:from=1.1.0*/ DEFINEFUNC_RENAMED_1_1(int, BN_bn2lebinpad, bn_bn2lebinpad, (const GO_BIGNUM_PTR a, unsigned char *to, int tolen), (a, to, tolen)) \
2003++/*check:from=1.1.0*/ DEFINEFUNC_RENAMED_1_1(int, BN_bn2binpad, bn_bn2binpad, (const GO_BIGNUM_PTR a, unsigned char *to, int tolen), (a, to, tolen)) \
2004+ DEFINEFUNC(void, EC_GROUP_free, (GO_EC_GROUP_PTR arg0), (arg0)) \
2005+ DEFINEFUNC(GO_EC_POINT_PTR, EC_POINT_new, (const GO_EC_GROUP_PTR arg0), (arg0)) \
2006+ DEFINEFUNC(void, EC_POINT_free, (GO_EC_POINT_PTR arg0), (arg0)) \
2007+ DEFINEFUNC(int, EC_POINT_get_affine_coordinates_GFp, (const GO_EC_GROUP_PTR arg0, const GO_EC_POINT_PTR arg1, GO_BIGNUM_PTR arg2, GO_BIGNUM_PTR arg3, GO_BN_CTX_PTR arg4), (arg0, arg1, arg2, arg3, arg4)) \
2008++DEFINEFUNC(size_t, EC_POINT_point2oct, (const GO_EC_GROUP_PTR group, const GO_EC_POINT_PTR p, point_conversion_form_t form, unsigned char *buf, size_t len, GO_BN_CTX_PTR ctx), (group, p, form, buf, len, ctx)) \
2009++DEFINEFUNC_LEGACY_1_0(int, EC_POINT_oct2point, (const GO_EC_GROUP_PTR group, GO_EC_POINT_PTR p, const unsigned char *buf, size_t len, GO_BN_CTX_PTR ctx), (group, p, buf, len, ctx)) \
2010++DEFINEFUNC(int, EC_POINT_mul, (const GO_EC_GROUP_PTR group, GO_EC_POINT_PTR r, const GO_BIGNUM_PTR n, const GO_EC_POINT_PTR q, const GO_BIGNUM_PTR m, GO_BN_CTX_PTR ctx), (group, r, n, q, m, ctx)) \
2011+ DEFINEFUNC(GO_EC_KEY_PTR, EC_KEY_new_by_curve_name, (int arg0), (arg0)) \
2012+ DEFINEFUNC(int, EC_KEY_set_public_key_affine_coordinates, (GO_EC_KEY_PTR key, GO_BIGNUM_PTR x, GO_BIGNUM_PTR y), (key, x, y)) \
2013++DEFINEFUNC_LEGACY_1_0(int, EC_KEY_set_public_key, (GO_EC_KEY_PTR key, const GO_EC_POINT_PTR pub), (key, pub)) \
2014+ DEFINEFUNC(void, EC_KEY_free, (GO_EC_KEY_PTR arg0), (arg0)) \
2015+ DEFINEFUNC(const GO_EC_GROUP_PTR, EC_KEY_get0_group, (const GO_EC_KEY_PTR arg0), (arg0)) \
2016+ DEFINEFUNC(int, EC_KEY_set_private_key, (GO_EC_KEY_PTR arg0, const GO_BIGNUM_PTR arg1), (arg0, arg1)) \
2017++DEFINEFUNC_1_1(int, EC_KEY_oct2key, (GO_EC_KEY_PTR eckey, const unsigned char *buf, size_t len, GO_BN_CTX_PTR ctx), (eckey, buf, len, ctx)) \
2018+ DEFINEFUNC(const GO_BIGNUM_PTR, EC_KEY_get0_private_key, (const GO_EC_KEY_PTR arg0), (arg0)) \
2019+ DEFINEFUNC(const GO_EC_POINT_PTR, EC_KEY_get0_public_key, (const GO_EC_KEY_PTR arg0), (arg0)) \
2020+ DEFINEFUNC(GO_RSA_PTR, RSA_new, (void), ()) \
2021+@@ -219,9 +257,10 @@ DEFINEFUNC(const GO_EVP_CIPHER_PTR, EVP_aes_256_gcm, (void), ()) \
2022+ DEFINEFUNC(void, EVP_CIPHER_CTX_free, (GO_EVP_CIPHER_CTX_PTR arg0), (arg0)) \
2023+ DEFINEFUNC(int, EVP_CIPHER_CTX_ctrl, (GO_EVP_CIPHER_CTX_PTR ctx, int type, int arg, void *ptr), (ctx, type, arg, ptr)) \
2024+ DEFINEFUNC(GO_EVP_PKEY_PTR, EVP_PKEY_new, (void), ()) \
2025+-/* EVP_PKEY_size pkey parameter is const since OpenSSL 1.1.1. */ \
2026++/* EVP_PKEY_size and EVP_PKEY_get_bits pkey parameter is const since OpenSSL 1.1.1. */ \
2027+ /* Exclude it from headercheck tool when using previous OpenSSL versions. */ \
2028+ /*check:from=1.1.1*/ DEFINEFUNC_RENAMED_3_0(int, EVP_PKEY_get_size, EVP_PKEY_size, (const GO_EVP_PKEY_PTR pkey), (pkey)) \
2029++/*check:from=1.1.1*/ DEFINEFUNC_RENAMED_3_0(int, EVP_PKEY_get_bits, EVP_PKEY_bits, (const GO_EVP_PKEY_PTR pkey), (pkey)) \
2030+ DEFINEFUNC(void, EVP_PKEY_free, (GO_EVP_PKEY_PTR arg0), (arg0)) \
2031+ DEFINEFUNC(GO_EC_KEY_PTR, EVP_PKEY_get1_EC_KEY, (GO_EVP_PKEY_PTR pkey), (pkey)) \
2032+ DEFINEFUNC(GO_RSA_PTR, EVP_PKEY_get1_RSA, (GO_EVP_PKEY_PTR pkey), (pkey)) \
2033+@@ -239,4 +278,19 @@ DEFINEFUNC(int, EVP_PKEY_decrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
2034+ DEFINEFUNC(int, EVP_PKEY_encrypt_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
2035+ DEFINEFUNC(int, EVP_PKEY_sign_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
2036+ DEFINEFUNC(int, EVP_PKEY_verify_init, (GO_EVP_PKEY_CTX_PTR arg0), (arg0)) \
2037+-DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4))
2038++DEFINEFUNC(int, EVP_PKEY_sign, (GO_EVP_PKEY_CTX_PTR arg0, unsigned char *arg1, size_t *arg2, const unsigned char *arg3, size_t arg4), (arg0, arg1, arg2, arg3, arg4)) \
2039++DEFINEFUNC(int, EVP_PKEY_derive_init, (GO_EVP_PKEY_CTX_PTR ctx), (ctx)) \
2040++DEFINEFUNC(int, EVP_PKEY_derive_set_peer, (GO_EVP_PKEY_CTX_PTR ctx, GO_EVP_PKEY_PTR peer), (ctx, peer)) \
2041++DEFINEFUNC(int, EVP_PKEY_derive, (GO_EVP_PKEY_CTX_PTR ctx, unsigned char *key, size_t *keylen), (ctx, key, keylen)) \
2042++DEFINEFUNC_3_0(GO_EVP_MAC_PTR, EVP_MAC_fetch, (GO_OSSL_LIB_CTX_PTR ctx, const char *algorithm, const char *properties), (ctx, algorithm, properties)) \
2043++DEFINEFUNC_3_0(void, EVP_MAC_free, (GO_EVP_MAC_PTR mac), (mac)) \
2044++DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_new, (GO_EVP_MAC_PTR arg0), (arg0)) \
2045++DEFINEFUNC_3_0(void, EVP_MAC_CTX_free, (GO_EVP_MAC_CTX_PTR arg0), (arg0)) \
2046++DEFINEFUNC_3_0(GO_EVP_MAC_CTX_PTR, EVP_MAC_CTX_dup, (const GO_EVP_MAC_CTX_PTR arg0), (arg0)) \
2047++DEFINEFUNC_3_0(int, EVP_MAC_init, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *key, size_t keylen, const OSSL_PARAM params[]), (ctx, key, keylen, params)) \
2048++DEFINEFUNC_3_0(int, EVP_MAC_update, (GO_EVP_MAC_CTX_PTR ctx, const unsigned char *data, size_t datalen), (ctx, data, datalen)) \
2049++DEFINEFUNC_3_0(int, EVP_MAC_final, (GO_EVP_MAC_CTX_PTR ctx, unsigned char *out, size_t *outl, size_t outsize), (ctx, out, outl, outsize)) \
2050++DEFINEFUNC_3_0(OSSL_PARAM, OSSL_PARAM_construct_utf8_string, (const char *key, char *buf, size_t bsize), (key, buf, bsize)) \
2051++DEFINEFUNC_3_0(OSSL_PARAM, OSSL_PARAM_construct_end, (void), ()) \
2052++DEFINEFUNC_3_0(int, EVP_PKEY_CTX_set0_rsa_oaep_label, (GO_EVP_PKEY_CTX_PTR ctx, void *label, int len), (ctx, label, len)) \
2053++
2054+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go
2055+index 05ff62cd73..b717ea932c 100644
2056+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go
2057++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/rsa.go
2058+@@ -13,13 +13,12 @@ import (
2059+ "crypto/subtle"
2060+ "errors"
2061+ "hash"
2062+- "math/big"
2063+ "runtime"
2064+ "unsafe"
2065+ )
2066+
2067+-func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
2068+- bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error) {
2069++func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) {
2070++ bad := func(e error) (N, E, D, P, Q, Dp, Dq, Qinv BigInt, err error) {
2071+ return nil, nil, nil, nil, nil, nil, nil, nil, e
2072+ }
2073+ pkey, err := generateEVPPKey(C.GO_EVP_PKEY_RSA, bits, "")
2074+@@ -31,6 +30,7 @@ func GenerateKeyRSA(bits int) (N, E, D, P, Q, Dp, Dq, Qinv *big.Int, err error)
2075+ if key == nil {
2076+ return bad(newOpenSSLError("EVP_PKEY_get1_RSA failed"))
2077+ }
2078++ defer C.go_openssl_RSA_free(key)
2079+ N, E, D = rsaGetKey(key)
2080+ P, Q = rsaGetFactors(key)
2081+ Dp, Dq, Qinv = rsaGetCRTParams(key)
2082+@@ -42,7 +42,7 @@ type PublicKeyRSA struct {
2083+ _pkey C.GO_EVP_PKEY_PTR
2084+ }
2085+
2086+-func NewPublicKeyRSA(N, E *big.Int) (*PublicKeyRSA, error) {
2087++func NewPublicKeyRSA(N, E BigInt) (*PublicKeyRSA, error) {
2088+ key := C.go_openssl_RSA_new()
2089+ if key == nil {
2090+ return nil, newOpenSSLError("RSA_new failed")
2091+@@ -82,7 +82,7 @@ type PrivateKeyRSA struct {
2092+ _pkey C.GO_EVP_PKEY_PTR
2093+ }
2094+
2095+-func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv *big.Int) (*PrivateKeyRSA, error) {
2096++func NewPrivateKeyRSA(N, E, D, P, Q, Dp, Dq, Qinv BigInt) (*PrivateKeyRSA, error) {
2097+ key := C.go_openssl_RSA_new()
2098+ if key == nil {
2099+ return nil, newOpenSSLError("RSA_new failed")
2100+@@ -128,23 +128,31 @@ func (k *PrivateKeyRSA) withKey(f func(C.GO_EVP_PKEY_PTR) C.int) C.int {
2101+ }
2102+
2103+ func DecryptRSAOAEP(h hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) {
2104+- return evpDecrypt(priv.withKey, C.GO_RSA_PKCS1_OAEP_PADDING, h, label, ciphertext)
2105++ return evpDecrypt(priv.withKey, C.GO_RSA_PKCS1_OAEP_PADDING, h, nil, label, ciphertext)
2106+ }
2107+
2108+ func EncryptRSAOAEP(h hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) {
2109+- return evpEncrypt(pub.withKey, C.GO_RSA_PKCS1_OAEP_PADDING, h, label, msg)
2110++ return evpEncrypt(pub.withKey, C.GO_RSA_PKCS1_OAEP_PADDING, h, nil, label, msg)
2111++}
2112++
2113++func DecryptRSAOAEPWithMGF1Hash(h, mgfHash hash.Hash, priv *PrivateKeyRSA, ciphertext, label []byte) ([]byte, error) {
2114++ return evpDecrypt(priv.withKey, C.GO_RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, ciphertext)
2115++}
2116++
2117++func EncryptRSAOAEPWithMGF1Hash(h, mgfHash hash.Hash, pub *PublicKeyRSA, msg, label []byte) ([]byte, error) {
2118++ return evpEncrypt(pub.withKey, C.GO_RSA_PKCS1_OAEP_PADDING, h, mgfHash, label, msg)
2119+ }
2120+
2121+ func DecryptRSAPKCS1(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
2122+- return evpDecrypt(priv.withKey, C.GO_RSA_PKCS1_PADDING, nil, nil, ciphertext)
2123++ return evpDecrypt(priv.withKey, C.GO_RSA_PKCS1_PADDING, nil, nil, nil, ciphertext)
2124+ }
2125+
2126+ func EncryptRSAPKCS1(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
2127+- return evpEncrypt(pub.withKey, C.GO_RSA_PKCS1_PADDING, nil, nil, msg)
2128++ return evpEncrypt(pub.withKey, C.GO_RSA_PKCS1_PADDING, nil, nil, nil, msg)
2129+ }
2130+
2131+ func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error) {
2132+- ret, err := evpDecrypt(priv.withKey, C.GO_RSA_NO_PADDING, nil, nil, ciphertext)
2133++ ret, err := evpDecrypt(priv.withKey, C.GO_RSA_NO_PADDING, nil, nil, nil, ciphertext)
2134+ if err != nil {
2135+ return nil, err
2136+ }
2137+@@ -168,21 +176,47 @@ func DecryptRSANoPadding(priv *PrivateKeyRSA, ciphertext []byte) ([]byte, error)
2138+ }
2139+
2140+ func EncryptRSANoPadding(pub *PublicKeyRSA, msg []byte) ([]byte, error) {
2141+- return evpEncrypt(pub.withKey, C.GO_RSA_NO_PADDING, nil, nil, msg)
2142++ return evpEncrypt(pub.withKey, C.GO_RSA_NO_PADDING, nil, nil, nil, msg)
2143+ }
2144+
2145+-func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) {
2146++func saltLength(saltLen int, sign bool) (C.int, error) {
2147++ // A salt length of -2 is valid in OpenSSL, but not in crypto/rsa, so reject
2148++ // it, and lengths < -2, before we convert to the OpenSSL sentinel values.
2149++ if saltLen <= -2 {
2150++ return 0, errors.New("crypto/rsa: PSSOptions.SaltLength cannot be negative")
2151++ }
2152++ // OpenSSL uses sentinel salt length values like Go crypto does,
2153++ // but the values don't fully match for rsa.PSSSaltLengthAuto (0).
2154+ if saltLen == 0 {
2155+- saltLen = -1 // RSA_PSS_SALTLEN_DIGEST
2156++ if sign {
2157++ if vMajor == 1 {
2158++ // OpenSSL 1.x uses -2 to mean maximal size when signing where Go crypto uses 0.
2159++ return C.GO_RSA_PSS_SALTLEN_MAX_SIGN, nil
2160++ }
2161++ // OpenSSL 3.x deprecated RSA_PSS_SALTLEN_MAX_SIGN
2162++ // and uses -3 to mean maximal size when signing where Go crypto uses 0.
2163++ return C.GO_RSA_PSS_SALTLEN_MAX, nil
2164++ }
2165++ // OpenSSL uses -2 to mean auto-detect size when verifying where Go crypto uses 0.
2166++ return C.GO_RSA_PSS_SALTLEN_AUTO, nil
2167+ }
2168+- return evpSign(priv.withKey, C.GO_RSA_PKCS1_PSS_PADDING, saltLen, h, hashed)
2169++ return C.int(saltLen), nil
2170++}
2171++
2172++func SignRSAPSS(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte, saltLen int) ([]byte, error) {
2173++ cSaltLen, err := saltLength(saltLen, true)
2174++ if err != nil {
2175++ return nil, err
2176++ }
2177++ return evpSign(priv.withKey, C.GO_RSA_PKCS1_PSS_PADDING, cSaltLen, h, hashed)
2178+ }
2179+
2180+ func VerifyRSAPSS(pub *PublicKeyRSA, h crypto.Hash, hashed, sig []byte, saltLen int) error {
2181+- if saltLen == 0 {
2182+- saltLen = -2 // RSA_PSS_SALTLEN_AUTO
2183++ cSaltLen, err := saltLength(saltLen, false)
2184++ if err != nil {
2185++ return err
2186+ }
2187+- return evpVerify(pub.withKey, C.GO_RSA_PKCS1_PSS_PADDING, saltLen, h, sig, hashed)
2188++ return evpVerify(pub.withKey, C.GO_RSA_PKCS1_PSS_PADDING, cSaltLen, h, sig, hashed)
2189+ }
2190+
2191+ func SignRSAPKCS1v15(priv *PrivateKeyRSA, h crypto.Hash, hashed []byte) ([]byte, error) {
2192+@@ -213,7 +247,7 @@ type rsa_st_1_0_2 struct {
2193+ // It contains more fields, but we are not interesed on them.
2194+ }
2195+
2196+-func bnSet(b1 *C.GO_BIGNUM_PTR, b2 *big.Int) {
2197++func bnSet(b1 *C.GO_BIGNUM_PTR, b2 BigInt) {
2198+ if b2 == nil {
2199+ return
2200+ }
2201+@@ -223,7 +257,7 @@ func bnSet(b1 *C.GO_BIGNUM_PTR, b2 *big.Int) {
2202+ *b1 = bigToBN(b2)
2203+ }
2204+
2205+-func rsaSetKey(key C.GO_RSA_PTR, n, e, d *big.Int) bool {
2206++func rsaSetKey(key C.GO_RSA_PTR, n, e, d BigInt) bool {
2207+ if vMajor == 1 && vMinor == 0 {
2208+ r := (*rsa_st_1_0_2)(unsafe.Pointer(key))
2209+ //r.d and d will be nil for public keys.
2210+@@ -239,7 +273,7 @@ func rsaSetKey(key C.GO_RSA_PTR, n, e, d *big.Int) bool {
2211+ return C.go_openssl_RSA_set0_key(key, bigToBN(n), bigToBN(e), bigToBN(d)) == 1
2212+ }
2213+
2214+-func rsaSetFactors(key C.GO_RSA_PTR, p, q *big.Int) bool {
2215++func rsaSetFactors(key C.GO_RSA_PTR, p, q BigInt) bool {
2216+ if vMajor == 1 && vMinor == 0 {
2217+ r := (*rsa_st_1_0_2)(unsafe.Pointer(key))
2218+ if (r.p == nil && p == nil) ||
2219+@@ -253,7 +287,7 @@ func rsaSetFactors(key C.GO_RSA_PTR, p, q *big.Int) bool {
2220+ return C.go_openssl_RSA_set0_factors(key, bigToBN(p), bigToBN(q)) == 1
2221+ }
2222+
2223+-func rsaSetCRTParams(key C.GO_RSA_PTR, dmp1, dmq1, iqmp *big.Int) bool {
2224++func rsaSetCRTParams(key C.GO_RSA_PTR, dmp1, dmq1, iqmp BigInt) bool {
2225+ if vMajor == 1 && vMinor == 0 {
2226+ r := (*rsa_st_1_0_2)(unsafe.Pointer(key))
2227+ if (r.dmp1 == nil && dmp1 == nil) ||
2228+@@ -269,7 +303,7 @@ func rsaSetCRTParams(key C.GO_RSA_PTR, dmp1, dmq1, iqmp *big.Int) bool {
2229+ return C.go_openssl_RSA_set0_crt_params(key, bigToBN(dmp1), bigToBN(dmq1), bigToBN(iqmp)) == 1
2230+ }
2231+
2232+-func rsaGetKey(key C.GO_RSA_PTR) (*big.Int, *big.Int, *big.Int) {
2233++func rsaGetKey(key C.GO_RSA_PTR) (BigInt, BigInt, BigInt) {
2234+ var n, e, d C.GO_BIGNUM_PTR
2235+ if vMajor == 1 && vMinor == 0 {
2236+ r := (*rsa_st_1_0_2)(unsafe.Pointer(key))
2237+@@ -280,7 +314,7 @@ func rsaGetKey(key C.GO_RSA_PTR) (*big.Int, *big.Int, *big.Int) {
2238+ return bnToBig(n), bnToBig(e), bnToBig(d)
2239+ }
2240+
2241+-func rsaGetFactors(key C.GO_RSA_PTR) (*big.Int, *big.Int) {
2242++func rsaGetFactors(key C.GO_RSA_PTR) (BigInt, BigInt) {
2243+ var p, q C.GO_BIGNUM_PTR
2244+ if vMajor == 1 && vMinor == 0 {
2245+ r := (*rsa_st_1_0_2)(unsafe.Pointer(key))
2246+@@ -291,7 +325,7 @@ func rsaGetFactors(key C.GO_RSA_PTR) (*big.Int, *big.Int) {
2247+ return bnToBig(p), bnToBig(q)
2248+ }
2249+
2250+-func rsaGetCRTParams(key C.GO_RSA_PTR) (*big.Int, *big.Int, *big.Int) {
2251++func rsaGetCRTParams(key C.GO_RSA_PTR) (BigInt, BigInt, BigInt) {
2252+ var dmp1, dmq1, iqmp C.GO_BIGNUM_PTR
2253+ if vMajor == 1 && vMinor == 0 {
2254+ r := (*rsa_st_1_0_2)(unsafe.Pointer(key))
2255+diff --git a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/sha.go b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/sha.go
2256+index c5b0189efc..cdd216423b 100644
2257+--- a/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/sha.go
2258++++ b/src/vendor/github.com/microsoft/go-crypto-openssl/openssl/sha.go
2259+@@ -17,6 +17,91 @@ import (
2260+ "unsafe"
2261+ )
2262+
2263++// NOTE: Implementation ported from https://go-review.googlesource.com/c/go/+/404295.
2264++// The cgo calls in this file are arranged to avoid marking the parameters as escaping.
2265++// To do that, we call noescape (including via addr).
2266++// We must also make sure that the data pointer arguments have the form unsafe.Pointer(&...)
2267++// so that cgo does not annotate them with cgoCheckPointer calls. If it did that, it might look
2268++// beyond the byte slice and find Go pointers in unprocessed parts of a larger allocation.
2269++// To do both of these simultaneously, the idiom is unsafe.Pointer(&*addr(p)),
2270++// where addr returns the base pointer of p, substituting a non-nil pointer for nil,
2271++// and applying a noescape along the way.
2272++// This is all to preserve compatibility with the allocation behavior of the non-openssl implementations.
2273++
2274++func shaX(md C.GO_EVP_MD_PTR, p []byte, sum []byte) bool {
2275++ return C.go_shaX(md, unsafe.Pointer(&*addr(p)), C.size_t(len(p)), noescape(unsafe.Pointer(&sum[0]))) != 0
2276++}
2277++
2278++func SHA1(p []byte) (sum [20]byte) {
2279++ if !shaX(C.go_openssl_EVP_sha1(), p, sum[:]) {
2280++ panic("openssl: SHA1 failed")
2281++ }
2282++ return
2283++}
2284++
2285++func SHA224(p []byte) (sum [28]byte) {
2286++ if !shaX(C.go_openssl_EVP_sha224(), p, sum[:]) {
2287++ panic("openssl: SHA224 failed")
2288++ }
2289++ return
2290++}
2291++
2292++func SHA256(p []byte) (sum [32]byte) {
2293++ if !shaX(C.go_openssl_EVP_sha256(), p, sum[:]) {
2294++ panic("openssl: SHA256 failed")
2295++ }
2296++ return
2297++}
2298++
2299++func SHA384(p []byte) (sum [48]byte) {
2300++ if !shaX(C.go_openssl_EVP_sha384(), p, sum[:]) {
2301++ panic("openssl: SHA384 failed")
2302++ }
2303++ return
2304++}
2305++
2306++func SHA512(p []byte) (sum [64]byte) {
2307++ if !shaX(C.go_openssl_EVP_sha512(), p, sum[:]) {
2308++ panic("openssl: SHA512 failed")
2309++ }
2310++ return
2311++}
2312++
2313++// Same as SupportsHKDF, as in v1.1.1+
2314++func SupportsSHA3() bool {
2315++ return vMajor > 1 ||
2316++ (vMajor >= 1 && vMinor > 1) ||
2317++ (vMajor >= 1 && vMinor >= 1 && vFeature >= 1)
2318++}
2319++
2320++func SHA3_224(p []byte) (sum [28]byte) {
2321++ if !shaX(C.go_openssl_EVP_sha3_224(), p, sum[:]) {
2322++ panic("openssl: SHA3_224 failed")
2323++ }
2324++ return
2325++}
2326++
2327++func SHA3_256(p []byte) (sum [32]byte) {
2328++ if !shaX(C.go_openssl_EVP_sha3_256(), p, sum[:]) {
2329++ panic("openssl: SHA3_256 failed")
2330++ }
2331++ return
2332++}
2333++
2334++func SHA3_384(p []byte) (sum [48]byte) {
2335++ if !shaX(C.go_openssl_EVP_sha3_384(), p, sum[:]) {
2336++ panic("openssl: SHA3_384 failed")
2337++ }
2338++ return
2339++}
2340++
2341++func SHA3_512(p []byte) (sum [64]byte) {
2342++ if !shaX(C.go_openssl_EVP_sha3_512(), p, sum[:]) {
2343++ panic("openssl: SHA3_512 failed")
2344++ }
2345++ return
2346++}
2347++
2348+ type evpHash struct {
2349+ md C.GO_EVP_MD_PTR
2350+ ctx C.GO_EVP_MD_CTX_PTR
2351+@@ -55,8 +140,8 @@ func (h *evpHash) finalize() {
2352+ func (h *evpHash) Reset() {
2353+ // There is no need to reset h.ctx2 because it is always reset after
2354+ // use in evpHash.sum.
2355+- C.go_openssl_EVP_MD_CTX_reset(h.ctx)
2356+-
2357++ // Calling EVP_DigestInit on an already initialized EVP_MD_CTX results in
2358++ // memory leak on OpenSSL 1.0.2, use EVP_DigestInit_ex instead.
2359+ if C.go_openssl_EVP_DigestInit_ex(h.ctx, h.md, nil) != 1 {
2360+ panic("openssl: EVP_DigestInit_ex failed")
2361+ }
2362+@@ -64,13 +149,35 @@ func (h *evpHash) Reset() {
2363+ }
2364+
2365+ func (h *evpHash) Write(p []byte) (int, error) {
2366+- if len(p) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&p[0]), C.size_t(len(p))) != 1 {
2367++ if len(p) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&*addr(p)), C.size_t(len(p))) != 1 {
2368+ panic("openssl: EVP_DigestUpdate failed")
2369+ }
2370+ runtime.KeepAlive(h)
2371+ return len(p), nil
2372+ }
2373+
2374++func (h *evpHash) WriteString(s string) (int, error) {
2375++ // TODO: use unsafe.StringData once we drop support
2376++ // for go1.19 and earlier.
2377++ hdr := (*struct {
2378++ Data *byte
2379++ Len int
2380++ })(unsafe.Pointer(&s))
2381++ if len(s) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(hdr.Data), C.size_t(len(s))) == 0 {
2382++ panic("openssl: EVP_DigestUpdate failed")
2383++ }
2384++ runtime.KeepAlive(h)
2385++ return len(s), nil
2386++}
2387++
2388++func (h *evpHash) WriteByte(c byte) error {
2389++ if C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&c), 1) == 0 {
2390++ panic("openssl: EVP_DigestUpdate failed")
2391++ }
2392++ runtime.KeepAlive(h)
2393++ return nil
2394++}
2395++
2396+ func (h *evpHash) Size() int {
2397+ return h.size
2398+ }
2399+@@ -84,14 +191,12 @@ func (h *evpHash) sum(out []byte) {
2400+ // that Sum has no effect on the underlying stream.
2401+ // In particular it is OK to Sum, then Write more, then Sum again,
2402+ // and the second Sum acts as if the first didn't happen.
2403+- C.go_openssl_EVP_DigestInit_ex(h.ctx2, h.md, nil)
2404+- if C.go_openssl_EVP_MD_CTX_copy_ex(h.ctx2, h.ctx) != 1 {
2405+- panic("openssl: EVP_MD_CTX_copy_ex failed")
2406++ if C.go_openssl_EVP_MD_CTX_copy(h.ctx2, h.ctx) != 1 {
2407++ panic("openssl: EVP_MD_CTX_copy failed")
2408+ }
2409+- if C.go_openssl_EVP_DigestFinal_ex(h.ctx2, base(out), nil) != 1 {
2410+- panic("openssl: EVP_DigestFinal_ex failed")
2411++ if C.go_openssl_EVP_DigestFinal(h.ctx2, (*C.uchar)(noescape(unsafe.Pointer(base(out)))), nil) != 1 {
2412++ panic("openssl: EVP_DigestFinal failed")
2413+ }
2414+- C.go_openssl_EVP_MD_CTX_reset(h.ctx2)
2415+ runtime.KeepAlive(h)
2416+ }
2417+
2418+@@ -499,6 +604,74 @@ func (h *sha512Hash) UnmarshalBinary(b []byte) error {
2419+ return nil
2420+ }
2421+
2422++// NewSHA3_224 returns a new SHA3-224 hash.
2423++func NewSHA3_224() hash.Hash {
2424++ return &sha3_224Hash{
2425++ evpHash: newEvpHash(crypto.SHA3_224, 224/8, 64),
2426++ }
2427++}
2428++
2429++type sha3_224Hash struct {
2430++ *evpHash
2431++ out [224 / 8]byte
2432++}
2433++
2434++func (h *sha3_224Hash) Sum(in []byte) []byte {
2435++ h.sum(h.out[:])
2436++ return append(in, h.out[:]...)
2437++}
2438++
2439++// NewSHA3_256 returns a new SHA3-256 hash.
2440++func NewSHA3_256() hash.Hash {
2441++ return &sha3_256Hash{
2442++ evpHash: newEvpHash(crypto.SHA3_256, 256/8, 64),
2443++ }
2444++}
2445++
2446++type sha3_256Hash struct {
2447++ *evpHash
2448++ out [256 / 8]byte
2449++}
2450++
2451++func (h *sha3_256Hash) Sum(in []byte) []byte {
2452++ h.sum(h.out[:])
2453++ return append(in, h.out[:]...)
2454++}
2455++
2456++// NewSHA3_384 returns a new SHA3-384 hash.
2457++func NewSHA3_384() hash.Hash {
2458++ return &sha3_384Hash{
2459++ evpHash: newEvpHash(crypto.SHA3_384, 384/8, 128),
2460++ }
2461++}
2462++
2463++type sha3_384Hash struct {
2464++ *evpHash
2465++ out [384 / 8]byte
2466++}
2467++
2468++func (h *sha3_384Hash) Sum(in []byte) []byte {
2469++ h.sum(h.out[:])
2470++ return append(in, h.out[:]...)
2471++}
2472++
2473++// NewSHA3_512 returns a new SHA3-512 hash.
2474++func NewSHA3_512() hash.Hash {
2475++ return &sha3_512Hash{
2476++ evpHash: newEvpHash(crypto.SHA3_512, 512/8, 128),
2477++ }
2478++}
2479++
2480++type sha3_512Hash struct {
2481++ *evpHash
2482++ out [512 / 8]byte
2483++}
2484++
2485++func (h *sha3_512Hash) Sum(in []byte) []byte {
2486++ h.sum(h.out[:])
2487++ return append(in, h.out[:]...)
2488++}
2489++
2490+ // appendUint64 appends x into b as a big endian byte sequence.
2491+ func appendUint64(b []byte, x uint64) []byte {
2492+ return append(b,
2493+diff --git a/src/vendor/modules.txt b/src/vendor/modules.txt
2494+index c31f65cd61..75b78bfb94 100644
2495+--- a/src/vendor/modules.txt
2496++++ b/src/vendor/modules.txt
2497+@@ -1,6 +1,8 @@
2498+-# github.com/microsoft/go-crypto-openssl v0.1.2
2499+-## explicit; go 1.16
2500++# github.com/microsoft/go-crypto-openssl v0.2.8 => github.com/xnox/go-crypto-openssl v0.2.9-0.20230701230530-84b71a4b45db
2501++## explicit; go 1.17
2502+ github.com/microsoft/go-crypto-openssl/openssl
2503++github.com/microsoft/go-crypto-openssl/openssl/bbig
2504++github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge
2505+ github.com/microsoft/go-crypto-openssl/openssl/internal/subtle
2506+ # golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
2507+ ## explicit; go 1.17
2508+--
2509+2.34.1
2510+
2511diff --git a/patches/0203-Add-crypto-sha3-package.patch b/patches/0203-Add-crypto-sha3-package.patch
2512new file mode 100644
2513index 0000000..94f7c3d
2514--- /dev/null
2515+++ b/patches/0203-Add-crypto-sha3-package.patch
2516@@ -0,0 +1,141 @@
2517+From d5b5b9bc5145c76cb1e069da5de88388a1d7e803 Mon Sep 17 00:00:00 2001
2518+From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
2519+Date: Sun, 2 Jul 2023 00:59:30 +0100
2520+Subject: [PATCH 203/203] Add crypto/sha3 package
2521+
2522+Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
2523+---
2524+ api/go1.18.txt | 27 +++++++++++++++++
2525+ src/crypto/internal/backend/openssl_linux.go | 10 ++++++
2526+ src/crypto/sha3/sha3.go | 32 ++++++++++++++++++++
2527+ src/go/build/deps_test.go | 10 +++---
2528+ 4 files changed, 75 insertions(+), 4 deletions(-)
2529+ create mode 100644 src/crypto/sha3/sha3.go
2530+
2531+diff --git a/api/go1.18.txt b/api/go1.18.txt
2532+index 0f3e26df9d..8a5feb6f5e 100644
2533+--- a/api/go1.18.txt
2534++++ b/api/go1.18.txt
2535+@@ -2,6 +2,33 @@ pkg bufio, method (*Writer) AvailableBuffer() []uint8
2536+ pkg bufio, method (ReadWriter) AvailableBuffer() []uint8
2537+ pkg bytes, func Cut([]uint8, []uint8) ([]uint8, []uint8, bool)
2538+ pkg crypto/tls, method (*Conn) NetConn() net.Conn
2539++pkg crypto/sha3 (linux-386-cgo), var New224 func() hash.Hash
2540++pkg crypto/sha3 (linux-386-cgo), var New256 func() hash.Hash
2541++pkg crypto/sha3 (linux-386-cgo), var New384 func() hash.Hash
2542++pkg crypto/sha3 (linux-386-cgo), var New512 func() hash.Hash
2543++pkg crypto/sha3 (linux-386-cgo), var Sum224 func([]uint8) [28]uint8
2544++pkg crypto/sha3 (linux-386-cgo), var Sum256 func([]uint8) [32]uint8
2545++pkg crypto/sha3 (linux-386-cgo), var Sum384 func([]uint8) [48]uint8
2546++pkg crypto/sha3 (linux-386-cgo), var Sum512 func([]uint8) [64]uint8
2547++pkg crypto/sha3 (linux-386-cgo), var SupportsSHA3 func() bool
2548++pkg crypto/sha3 (linux-amd64-cgo), var New224 func() hash.Hash
2549++pkg crypto/sha3 (linux-amd64-cgo), var New256 func() hash.Hash
2550++pkg crypto/sha3 (linux-amd64-cgo), var New384 func() hash.Hash
2551++pkg crypto/sha3 (linux-amd64-cgo), var New512 func() hash.Hash
2552++pkg crypto/sha3 (linux-amd64-cgo), var Sum224 func([]uint8) [28]uint8
2553++pkg crypto/sha3 (linux-amd64-cgo), var Sum256 func([]uint8) [32]uint8
2554++pkg crypto/sha3 (linux-amd64-cgo), var Sum384 func([]uint8) [48]uint8
2555++pkg crypto/sha3 (linux-amd64-cgo), var Sum512 func([]uint8) [64]uint8
2556++pkg crypto/sha3 (linux-amd64-cgo), var SupportsSHA3 func() bool
2557++pkg crypto/sha3 (linux-arm-cgo), var New224 func() hash.Hash
2558++pkg crypto/sha3 (linux-arm-cgo), var New256 func() hash.Hash
2559++pkg crypto/sha3 (linux-arm-cgo), var New384 func() hash.Hash
2560++pkg crypto/sha3 (linux-arm-cgo), var New512 func() hash.Hash
2561++pkg crypto/sha3 (linux-arm-cgo), var Sum224 func([]uint8) [28]uint8
2562++pkg crypto/sha3 (linux-arm-cgo), var Sum256 func([]uint8) [32]uint8
2563++pkg crypto/sha3 (linux-arm-cgo), var Sum384 func([]uint8) [48]uint8
2564++pkg crypto/sha3 (linux-arm-cgo), var Sum512 func([]uint8) [64]uint8
2565++pkg crypto/sha3 (linux-arm-cgo), var SupportsSHA3 func() bool
2566+ pkg debug/buildinfo, func Read(io.ReaderAt) (*debug.BuildInfo, error)
2567+ pkg debug/buildinfo, func ReadFile(string) (*debug.BuildInfo, error)
2568+ pkg debug/buildinfo, type BuildInfo = debug.BuildInfo
2569+diff --git a/src/crypto/internal/backend/openssl_linux.go b/src/crypto/internal/backend/openssl_linux.go
2570+index 6678020bf1..94a98e1d8c 100644
2571+--- a/src/crypto/internal/backend/openssl_linux.go
2572++++ b/src/crypto/internal/backend/openssl_linux.go
2573+@@ -110,6 +110,16 @@ var NewSHA256 = openssl.NewSHA256
2574+ var NewSHA384 = openssl.NewSHA384
2575+ var NewSHA512 = openssl.NewSHA512
2576+
2577++var SupportsSHA3 = openssl.SupportsSHA3
2578++var NewSHA3_224 = openssl.NewSHA3_224
2579++var NewSHA3_256 = openssl.NewSHA3_256
2580++var NewSHA3_384 = openssl.NewSHA3_384
2581++var NewSHA3_512 = openssl.NewSHA3_512
2582++var SHA3_224 = openssl.SHA3_224
2583++var SHA3_256 = openssl.SHA3_256
2584++var SHA3_384 = openssl.SHA3_384
2585++var SHA3_512 = openssl.SHA3_512
2586++
2587+ var NewHMAC = openssl.NewHMAC
2588+
2589+ var NewAESCipher = openssl.NewAESCipher
2590+diff --git a/src/crypto/sha3/sha3.go b/src/crypto/sha3/sha3.go
2591+new file mode 100644
2592+index 0000000000..ac44533005
2593+--- /dev/null
2594++++ b/src/crypto/sha3/sha3.go
2595+@@ -0,0 +1,32 @@
2596++// Copyright 2023 Canonical Ltd. All rights reserved.
2597++// Use of this source code is governed by a BSD-style
2598++// license that can be found in the LICENSE file.
2599++
2600++//go:build linux && cgo && !android && !gocrypt && !cmd_go_bootstrap && !msan
2601++// +build linux,cgo,!android,!gocrypt,!cmd_go_bootstrap,!msan
2602++
2603++package sha3
2604++
2605++import (
2606++ "crypto"
2607++ boring "crypto/internal/backend"
2608++)
2609++
2610++var SupportsSHA3 = boring.SupportsSHA3
2611++var New224 = boring.NewSHA3_224
2612++var New256 = boring.NewSHA3_256
2613++var New384 = boring.NewSHA3_384
2614++var New512 = boring.NewSHA3_512
2615++var Sum224 = boring.SHA3_224
2616++var Sum256 = boring.SHA3_256
2617++var Sum384 = boring.SHA3_384
2618++var Sum512 = boring.SHA3_512
2619++
2620++func init() {
2621++ if boring.SupportsSHA3() {
2622++ crypto.RegisterHash(crypto.SHA3_224, New224)
2623++ crypto.RegisterHash(crypto.SHA3_256, New256)
2624++ crypto.RegisterHash(crypto.SHA3_384, New384)
2625++ crypto.RegisterHash(crypto.SHA3_512, New512)
2626++ }
2627++}
2628+diff --git a/src/go/build/deps_test.go b/src/go/build/deps_test.go
2629+index 809fc6658d..4ffcfe57fb 100644
2630+--- a/src/go/build/deps_test.go
2631++++ b/src/go/build/deps_test.go
2632+@@ -417,16 +417,18 @@ var depsRules = `
2633+ < crypto/ed25519/internal/edwards25519
2634+ < crypto/cipher
2635+ < encoding/asn1
2636++ < github.com/microsoft/go-crypto-openssl/openssl/internal/subtle
2637++ < github.com/microsoft/go-crypto-openssl/openssl
2638++ < github.com/microsoft/go-crypto-openssl/openssl/bbig
2639++ < github.com/microsoft/go-crypto-openssl/openssl/bbig/bridge
2640+ < CRYPTO;
2641+
2642+ CRYPTO < crypto/internal/boring;
2643+-
2644++
2645+ CRYPTO
2646+- < github.com/microsoft/go-crypto-openssl/openssl/internal/subtle
2647+- < github.com/microsoft/go-crypto-openssl/openssl
2648+ < crypto/internal/backend
2649+ < crypto/aes, crypto/des, crypto/hmac, crypto/md5, crypto/rc4,
2650+- crypto/sha1, crypto/sha256, crypto/sha512
2651++ crypto/sha1, crypto/sha256, crypto/sha512, crypto/sha3
2652+ < crypto/rand
2653+ < crypto/internal/randutil
2654+ < crypto/ed25519
2655+--
2656+2.34.1
2657+

Subscribers

People subscribed via source and target branches