remove gofips package

microsoft · Jan 17, 2025 · 654eb65 · 654eb65
1 parent 542e15d
commit 654eb65
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 82 deletions.
diff --git a/patches/0003-Implement-crypto-internal-backend.patch b/patches/0003-Implement-crypto-internal-backend.patch
@@ -15,7 +15,7 @@ Subject: [PATCH] Implement crypto/internal/backend
  .../internal/backend/bbig/big_openssl.go      |  12 +
  src/crypto/internal/backend/boring_linux.go   | 279 ++++++++++++++
  src/crypto/internal/backend/cng_windows.go    | 336 ++++++++++++++++
- src/crypto/internal/backend/common.go         |  58 +++
+ src/crypto/internal/backend/common.go         |  59 +++
  src/crypto/internal/backend/darwin_darwin.go  | 359 +++++++++++++++++
  src/crypto/internal/backend/fips140/boring.go |  11 +
  src/crypto/internal/backend/fips140/cng.go    |  33 ++
@@ -45,7 +45,7 @@ Subject: [PATCH] Implement crypto/internal/backend
  ...ckenderr_gen_requirefips_nosystemcrypto.go |  17 +
  .../backenderr_gen_systemcrypto_nobackend.go  |  16 +
  src/runtime/runtime_boring.go                 |   5 +
- 41 files changed, 2491 insertions(+), 1 deletion(-)
+ 41 files changed, 2492 insertions(+), 1 deletion(-)
  create mode 100644 src/crypto/internal/backend/backend_test.go
  create mode 100644 src/crypto/internal/backend/backendgen.go
  create mode 100644 src/crypto/internal/backend/backendgen_test.go
@@ -1173,10 +1173,10 @@ index 00000000000000..31dfc9b19ee63e
 +}
 diff --git a/src/crypto/internal/backend/common.go b/src/crypto/internal/backend/common.go
 new file mode 100644
-index 00000000000000..84447174284ffd
+index 00000000000000..9436b00381aaf8
 --- /dev/null
 +++ b/src/crypto/internal/backend/common.go
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,59 @@
 +// Copyright 2022 The Go Authors. All rights reserved.
 +// Use of this source code is governed by a BSD-style
 +// license that can be found in the LICENSE file.
@@ -1186,11 +1186,12 @@ index 00000000000000..84447174284ffd
 +import (
 +	"crypto/internal/backend/fips140"
 +	"crypto/internal/boring/sig"
++	"internal/goexperiment"
 +	"runtime"
 +)
 +
 +func init() {
-+	if fips140.Enabled() {
++	if !goexperiment.AllowCryptoFallback && fips140.Enabled() {
 +		if !Enabled {
 +			if runtime.GOOS != "linux" && runtime.GOOS != "windows" && runtime.GOOS != "darwin" {
 +				panic("FIPS mode requested (" + fips140.Message + ") but no crypto backend is supported on " + runtime.GOOS)

diff --git a/patches/0004-Use-crypto-backends.patch b/patches/0004-Use-crypto-backends.patch
@@ -5,6 +5,7 @@ Subject: [PATCH] Use crypto backends
 
 ---
  src/cmd/api/boring_test.go                    |   2 +-
+ src/cmd/dist/build.go                         |  13 ++
  src/cmd/dist/test.go                          |   8 +-
  src/cmd/go/go_boring_test.go                  |  11 +-
  src/cmd/go/testdata/script/darwin_no_cgo.txt  |   2 +
@@ -81,7 +82,7 @@ Subject: [PATCH] Use crypto backends
  src/net/smtp/smtp_test.go                     |  72 ++++---
  src/os/exec/exec_test.go                      |   9 +
  src/runtime/pprof/vminfo_darwin_test.go       |   6 +
- 77 files changed, 1097 insertions(+), 109 deletions(-)
+ 78 files changed, 1110 insertions(+), 109 deletions(-)
  create mode 100644 src/crypto/dsa/boring.go
  create mode 100644 src/crypto/dsa/notboring.go
  create mode 100644 src/crypto/ecdsa/badlinkname.go
@@ -106,6 +107,30 @@ index f0e3575637c62a..9eab3b4e66e60b 100644
 
  package main
 
+diff --git a/src/cmd/dist/build.go b/src/cmd/dist/build.go
+index 1f467647f56143..4d770d7fc239e2 100644
+--- a/src/cmd/dist/build.go
++++ b/src/cmd/dist/build.go
+@@ -1543,6 +1543,19 @@ func cmdbootstrap() {
+ 	xprintf("Building Go toolchain2 using go_bootstrap and Go toolchain1.\n")
+ 	os.Setenv("CC", compilerEnvLookup("CC", defaultcc, goos, goarch))
+ 	// Now that cmd/go is in charge of the build process, enable GOEXPERIMENT.
++	//
++	// Build the Go toolchain with "GOEXPERIMENT=allowcryptofallback". This
++	// allows toolchains not built with "GOEXPERIMENT=systemcrypto" to be used
++	// when GOFIPS=1 is set. For example, when running "GOFIPS=1 go test ./..."
++	// or "GOFIPS=1 go run .".
++	// Shadow goexperiment so that the global variable is not modified.
++	goexperiment := goexperiment
++	if !strings.Contains(goexperiment, "allowcryptofallback") {
++		if goexperiment != "" {
++			goexperiment += ","
++		}
++		goexperiment += "allowcryptofallback"
++	}
+ 	os.Setenv("GOEXPERIMENT", goexperiment)
+ 	// No need to enable PGO for toolchain2.
+ 	goInstall(toolenv(), goBootstrap, append([]string{"-pgo=off"}, toolchain...)...)
 diff --git a/src/cmd/dist/test.go b/src/cmd/dist/test.go
 index 0c992118f4287b..3316bb52a61ff1 100644
 --- a/src/cmd/dist/test.go

diff --git a/...pport-for-logging-used-Windows-APIs.patch → ...pport-for-logging-used-Windows-APIs.patch b/...pport-for-logging-used-Windows-APIs.patch → ...pport-for-logging-used-Windows-APIs.patch
diff --git a/patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch b/patches/0007-unset-GOFIPS-when-running-the-Go-toolchain.patch
diff --git a/.../0009-remove-long-path-support-hack.patch → .../0008-remove-long-path-support-hack.patch b/.../0009-remove-long-path-support-hack.patch → .../0008-remove-long-path-support-hack.patch
diff --git a/...ernal-go.mod-files-used-for-codegen.patch → ...ernal-go.mod-files-used-for-codegen.patch b/...ernal-go.mod-files-used-for-codegen.patch → ...ernal-go.mod-files-used-for-codegen.patch
diff --git a/...21-when-TLS-fipsonly-mode-is-enable.patch → ...21-when-TLS-fipsonly-mode-is-enable.patch b/...21-when-TLS-fipsonly-mode-is-enable.patch → ...21-when-TLS-fipsonly-mode-is-enable.patch